Logging of interesting events

[ghost]

Thanks for the useful and timely app.

I wonder whether there is a logging of alerts. It seems that the cell/location information saved in the database doesn't actually have anything to do with events that would generate alerts.

Keep up the good work!

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[E3V3A]

Welcome @jdormansteele Thanks for a good tip. We'd like to see the events getting logged to a file as well. Perhaps a new feature request? (I'll reassign this.)

[SecUpwN]

@jdormansteele welcome to our project! Your opened Issue is actually something I've been thinking about for quite some time now. @E3V3A, should we move the Main Screen aside so that it is still accessible via the Navigation Drawer and add the recent events as the screen that the user sees first?

[leecolleton]

Having a list of recent events with coordinates where each was observed and a link to open those in a map would be my ideal first screen upon opening the app. I've seen alerts while my phone was on silent and had no idea when they'd occurred.

[SecUpwN]

@leecolleton, how awesome to see you back here on GitHub! Thing is, we are still in ALPHA stage and despite having a large follower base currently lack developers to erase the current bugs. If you would like to force this to be implemented, please don't hesitate to craft a pull request for this. It is a sad thing that we have 70+ forks, but close to no pull requests at all. I don't really get why people won't contribute.

@jdormansteele, I am just throwing in two screenshots of other programs out there. We will likely have a totally different design for this, but we are always open for any improvement suggestions. Which general style do you prefer? Are there any specific things you would definitely like to see in this screen?

[ghost]

@SecUpwN: Both presentations would be good together -- a graph on the front-end, clickable to open a detailed, editable list of events. The colors on the graph seem right except for the white, which to me suggests "missing information" rather than "no problem." And only "no suspicion" should be green.

[He3556]

We have a new view called "debug log" implemented. I want to use this as a quick solution to see what the program is doing. So the question, how to show a positive detection on the Screen can be discussed and developed later. The only thing we have to do is print out the values to the logcat.

for example:

Log.i("AIMSICD", "Changing LAC detected: " + CellID);
Log.i("AIMSICD", "Found a new Cell:  " + CellID); 

I keep working on that. If anybody has another ideas, let me know.

[SecUpwN]

And only "no suspicion" should be green.

Thanks for your feedback, @jdormansteele. How about if we just color the bars in the colors of our Status Icons? Which brings me to another question for @E3V3A and @He3556: Can you please review the Detailed Explanations on the Status Icons page? Would you please expand those with correct explanations? I want this to reflect the current usage of our Icons so that users know what they shall do.

[E3V3A]

@SecUpwN These review requests really deserve their own issues. Please make one and I'll add my thoughts there. We need to re-consider the words there...

[E3V3A]

@He3556 YES, this is definitely something we would like to have. As I see it there are really only two options to show and save event logs.

1. By parsing and saving specially tagged "AIMSICD" log events from logcat. (Easy and fast to implement)
2. By parsing our DBi_measurements (now called "BTS Measurements") DB table to keep and display past events.

We then have to visualize these events. Perhaps either or both:

• (a) As a simple table, like this:

[ From the GSM SignalMonitoring app.]

• (b) As a timeline graph, like this:

[ From the RF Signal Tracker app.]

[SecUpwN]

@d4rken, you where the first person I had in mind for this Issue since you coded the awesome trust event logger. Would you please read this whole Issue and see if you can create a pull request for this, changing the main view to what is proposed here?

[He3556]

ok i start with a. the simple table :) i will update my fork this weekend. Can't wait to do it - still have some work to do before my holliday starts.

[E3V3A]

@SecUpwN It's just another logger with a 1 MB of eyecandy! I really don't think we need that. Built-in SQLIte3 can pop out anything in CSV,TSV and several other formats with one little command, and to a file of your choice... We can even use the already built in DB viewer to do this. So let's not ask people to commit huge PR's to stuff we don't need and have no idea what else it does...

[d4rken]

@E3V3A I don't think @SecUpwN was suggesting to reuse that app. He was just reaching out, seeing if i could contribute something :), but i have no spare time atm :(.

[E3V3A]

@d4rken Yes, thanks, no problem.

[SecUpwN]

Just another screenshot to get a little more inspiration on possible solutions..

[E3V3A]

I've added a new table called EventLog in the "new" DB structure documentation, where we can save and export all these events. We can use the already implemented Database Viewer to look in that table, until we learn how to "pretty-print" all that info.

[E3V3A]

Ok so I see why this is a hard issue. We (devs) haven't at all specified _what_ to put in this EventLog table. So let's brainstorm. Generally speaking it should show:

• All AIMSICD detections
• All mobile network changes
• All mobile connection changes

In more detail:

1. (Eventually) all detections as listed in Detection List  #230
2. Changing LAC
3. Connected to unknown CID (not found in DBe_import, eg. OCID, MLS etc.)
4. Detected unusual SMS (Type-0, WAP, MWI, CB etc.)
5. All low level connection state changes as given by:

LISTEN_DATA_ACTIVITY           // No,In,Ou,IO,Do
LISTEN_DATA_CONNECTION_STATE   // Di,Ct,Cd,Su
LISTEN_CELL_INFO               // ...
LISTEN_CALL_STATE              // idle,ringing,offhook
LISTEN_SERVICE_STATE           // emergency_only,in_service,out_of_service,power_off

Any other suggestions?

[SecUpwN]

Any other suggestions?

If we have implemented all the things you've just mentioned, we're close to BETA and people will tell.