Priority: High
Every user voice command, resolved action, and extracted parameters are logged via developer.log() which writes to Android system logs visible via adb logcat. While debugPrint() is a no-op in release builds, developer.log() is not.
Impact
- User voice transcripts visible in system logs
- Resolved action parameters (which may contain personal data) are logged
- Any app with log-read permission or USB debugging can see these
Recommended fix
Gate all developer.log calls behind kDebugMode:
if (kDebugMode) {
developer.log(encoded, name: 'HarkDebugNlu');
}Files
lib/screens/assistant_screen.dart (lines 216, 278-283, 463-479)lib/services/nlu_command_resolver.dart (lines 39-49, 143-150, 236-239)lib/services/slot_filling_service.dart (lines 75-78, 93-95, 99-103)
Priority: High
Every user voice command, resolved action, and extracted parameters are logged via
developer.log()which writes to Android system logs visible viaadb logcat. WhiledebugPrint()is a no-op in release builds,developer.log()is not.Impact
Recommended fix
Gate all
developer.logcalls behindkDebugMode:Files
lib/screens/assistant_screen.dart(lines 216, 278-283, 463-479)lib/services/nlu_command_resolver.dart(lines 39-49, 143-150, 236-239)lib/services/slot_filling_service.dart(lines 75-78, 93-95, 99-103)