diff --git a/android/app/src/main/AndroidManifest.xml b/android/app/src/main/AndroidManifest.xml
index 7149fbd..b2cc24b 100644
--- a/android/app/src/main/AndroidManifest.xml
+++ b/android/app/src/main/AndroidManifest.xml
@@ -19,7 +19,9 @@
-
diff --git a/android/app/src/main/java/com/masterdns/vpn/ui/home/HomeStatusCards.kt b/android/app/src/main/java/com/masterdns/vpn/ui/home/HomeStatusCards.kt
index 1548d7b..b66a7ab 100644
--- a/android/app/src/main/java/com/masterdns/vpn/ui/home/HomeStatusCards.kt
+++ b/android/app/src/main/java/com/masterdns/vpn/ui/home/HomeStatusCards.kt
@@ -157,7 +157,7 @@ fun MdvConnectionTelemetryCard(
}
if (socksPass.isNotBlank()) {
Text(
- text = stringResource(R.string.home_socks_password, socksPass),
+ text = stringResource(R.string.home_socks_password_hidden),
style = MaterialTheme.typography.bodySmall,
color = MdvColor.OnSurfaceVariant
)
diff --git a/android/app/src/main/java/com/masterdns/vpn/util/VpnManager.kt b/android/app/src/main/java/com/masterdns/vpn/util/VpnManager.kt
index 2b7e116..c1861b9 100644
--- a/android/app/src/main/java/com/masterdns/vpn/util/VpnManager.kt
+++ b/android/app/src/main/java/com/masterdns/vpn/util/VpnManager.kt
@@ -78,6 +78,13 @@ object VpnManager {
private var trafficMonitorJob: Job? = null
private const val MAX_LOG_LINES = 500
+ private const val REDACTED_VALUE = ""
+ private val SENSITIVE_ASSIGNMENT_REGEX = Regex(
+ "(?i)\\b(ENCRYPTION_KEY|SOCKS5_PASS|SOCKS5_USER|PASSWORD|PASS|TOKEN|SECRET)\\b\\s*[:=]\\s*(\"[^\"]*\"|'[^']*'|[^\\s,;]+)"
+ )
+ private val ANDROID_APP_PATH_REGEX = Regex(
+ "(?:/data/(?:user|data)/\\d*/?[^\\s,;]+|/data/data/[^\\s,;]+|[A-Za-z]:\\\\Users\\\\[^\\s,;]+)"
+ )
fun updateState(newState: VpnState) {
_state.value = newState
@@ -108,7 +115,7 @@ object VpnManager {
}
private fun appendLogInternal(line: String, source: LogSource) {
- val normalizedLine = normalizeLogTimestampToLocal(line)
+ val normalizedLine = redactSensitiveLogContent(normalizeLogTimestampToLocal(line))
val upper = normalizedLine.uppercase()
val isError = upper.contains("[ERROR]") || upper.contains(" ERROR ")
val isWarn = upper.contains("[WARN]") || upper.contains(" WARNING ") || upper.contains(" WARN ")
@@ -127,6 +134,14 @@ object VpnManager {
parseScanLine(normalizedLine)
}
+ private fun redactSensitiveLogContent(line: String): String {
+ return line
+ .replace(SENSITIVE_ASSIGNMENT_REGEX) { match ->
+ "${match.groupValues[1]}=$REDACTED_VALUE"
+ }
+ .replace(ANDROID_APP_PATH_REGEX, "")
+ }
+
fun clearLogs() {
_logEntries.value = emptyList()
_logs.value = emptyList()
diff --git a/android/app/src/main/res/values/strings.xml b/android/app/src/main/res/values/strings.xml
index 64dc1e5..8064c1f 100644
--- a/android/app/src/main/res/values/strings.xml
+++ b/android/app/src/main/res/values/strings.xml
@@ -68,6 +68,7 @@
SOCKS5 authentication
Username: %1$s
Password: %1$s
+ Password: hidden
PROFILE
Connect
Disconnect
diff --git a/android/app/src/main/res/xml/backup_rules.xml b/android/app/src/main/res/xml/backup_rules.xml
new file mode 100644
index 0000000..29eb0eb
--- /dev/null
+++ b/android/app/src/main/res/xml/backup_rules.xml
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
diff --git a/android/app/src/main/res/xml/data_extraction_rules.xml b/android/app/src/main/res/xml/data_extraction_rules.xml
new file mode 100644
index 0000000..ef6462f
--- /dev/null
+++ b/android/app/src/main/res/xml/data_extraction_rules.xml
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/android/app/src/main/res/xml/network_security_config.xml b/android/app/src/main/res/xml/network_security_config.xml
index d7b4192..683208f 100644
--- a/android/app/src/main/res/xml/network_security_config.xml
+++ b/android/app/src/main/res/xml/network_security_config.xml
@@ -1,6 +1,6 @@
-
+