From 485d615ea9402b0e2a2be925a4178ff0b7f212cb Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Thu, 13 Feb 2025 13:41:56 +0100 Subject: [PATCH 1/5] Document what data Java/Android SDK collects --- .../data-management/data-collected.mdx | 73 +++++++++++++++++++ .../common/data-management/data-collected.mdx | 73 +++++++++++++++++++ 2 files changed, 146 insertions(+) create mode 100644 docs/platforms/android/data-management/data-collected.mdx create mode 100644 docs/platforms/java/common/data-management/data-collected.mdx diff --git a/docs/platforms/android/data-management/data-collected.mdx b/docs/platforms/android/data-management/data-collected.mdx new file mode 100644 index 00000000000000..d107e8b368e6ae --- /dev/null +++ b/docs/platforms/android/data-management/data-collected.mdx @@ -0,0 +1,73 @@ +--- +title: Data Collected +description: "See what data is collected by the Sentry SDK." +sidebar_order: 1 +--- + +Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime of your application. + +The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories the Sentry Android SDK collects. + +For many of the categories listed here it is required to enable the send-default-pii option. + +## HTTP Headers + +By default, the Sentry SDK doesn't send any HTTP headers. Even when sending HTTP headers is enabled, we have a [denylist](https://github.com/getsentry/sentry-java/blob/main/sentry/src/main/java/io/sentry/util/HttpUtils.java#L21-L34) in place, which filters out any headers that contain sensitive data. + +To start sending HTTP headers, set `sendDefaultPii=true`. + +## Cookies + +By default, the Sentry SDK doesn't send cookies. Sentry tries to remove any cookies that contain sensitive information, such as the Session ID and CSRF Token cookies. + +If you want to send cookies, set `sendDefaultPii=true`. + +## Information About Logged-in User + +By default, the Sentry SDK doesn't send any information about the logged-in user, such as email address, user ID, or username. Even if enabled, the type of logged-in user information you'll be able to send depends on the integrations you enable in Sentry's SDK. Most integrations won't send any user information. Some will only set the user ID, but there are a few that will set the user ID, username, and email address. + +To start sending logged-in user information, set `sendDefaultPii=true`. + +## Users' IP Address + +By default, the Sentry SDK doesn't send the user's IP address. Even if enabled, whether you're able to send the user's IP address or not, will depend on the integrations you enable in Sentry's SDK. Most integrations won't set the user's IP address at all. + +To enable sending the user's IP address, set `sendDefaultPii=true`. + +## Request URL + +The full request URL of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data. + +## Request Query String + +The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data. + +## Request Body + +The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below: + +- **The type of the request body:** + - JSON and form bodies are sent +- **The size of the request body:** There's a maxRequestBodySize option that's set to `NONE` by default. This means by default no request body is sent to Sentry. + +## Source Context + +Our build tool plugins for Gradle and Maven can upload your source code to Sentry. + +To opt into of sending this source context to Sentry, you have to enable the feature as described in the Source Context documentation. + +## File I/O + +By default the Sentry SDK does not send the name or path of files when instrumenting File I/O. + +If you want to send file names and paths, set `sendDefaultPii=true`. + +## Device Information + +By default the Sentry SDK does not send the name of the device (Android phone). + +If you want to send the device name, set `sendDefaultPii=true`. + +## SQL Queries + +While SQL queries are sent to Sentry, neither the full SQL query (`UPDATE app_user SET password='supersecret' WHERE id=1;`), nor the values of its parameters will ever be sent. A parameterized version of the query (`UPDATE app_user SET password=? WHERE id=?;`) is sent instead. diff --git a/docs/platforms/java/common/data-management/data-collected.mdx b/docs/platforms/java/common/data-management/data-collected.mdx new file mode 100644 index 00000000000000..d9a80aaccfc380 --- /dev/null +++ b/docs/platforms/java/common/data-management/data-collected.mdx @@ -0,0 +1,73 @@ +--- +title: Data Collected +description: "See what data is collected by the Sentry SDK." +sidebar_order: 1 +--- + +Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime of your application. + +The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories the Sentry Java SDK collects. + +For many of the categories listed here it is required to enable the send-default-pii option. + +## HTTP Headers + +By default, the Sentry SDK doesn't send any HTTP headers. Even when sending HTTP headers is enabled, we have a [denylist](https://github.com/getsentry/sentry-java/blob/main/sentry/src/main/java/io/sentry/util/HttpUtils.java#L21-L34) in place, which filters out any headers that contain sensitive data. + +To start sending HTTP headers, set `sendDefaultPii=true`. + +## Cookies + +By default, the Sentry SDK doesn't send cookies. Sentry tries to remove any cookies that contain sensitive information, such as the Session ID and CSRF Token cookies. + +If you want to send cookies, set `sendDefaultPii=true`. + +## Information About Logged-in User + +By default, the Sentry SDK doesn't send any information about the logged-in user, such as email address, user ID, or username. Even if enabled, the type of logged-in user information you'll be able to send depends on the integrations you enable in Sentry's SDK. Most integrations won't send any user information. Some will only set the user ID, but there are a few that will set the user ID, username, and email address. + +To start sending logged-in user information, set `sendDefaultPii=true`. + +## Users' IP Address + +By default, the Sentry SDK doesn't send the user's IP address. Even if enabled, whether you're able to send the user's IP address or not, will depend on the integrations you enable in Sentry's SDK. Most integrations won't set the user's IP address at all. + +To enable sending the user's IP address, set `sendDefaultPii=true`. + +## Request URL + +The full request URL of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data. + +## Request Query String + +The full request query string of outgoing and incoming HTTP requests is **always sent to Sentry**. Depending on your application, this could contain PII data. + +## Request Body + +The request body of incoming HTTP requests can be sent to Sentry. Whether it's sent or not, depends on the type and size of request body as described below: + +- **The type of the request body:** + - JSON and form bodies are sent +- **The size of the request body:** There's a maxRequestBodySize option that's set to `NONE` by default. This means by default no request body is sent to Sentry. + +## Source Context + +Our build tool plugins for Gradle and Maven can upload your source code to Sentry. + +To opt into of sending this source context to Sentry, you have to enable the feature as described in the Source Context documentation. + +## File I/O + +By default the Sentry SDK does not send the name or path of files when instrumenting File I/O. + +If you want to send file names and paths, set `sendDefaultPii=true`. + +## Log Messages + +By default the Sentry SDK does not send unencoded Logback messages and parameters if an encoder has been set. It will however send the encoded message. + +If you want to send the unencoded message and parameters, set `sendDefaultPii=true`. + +## SQL Queries + +While SQL queries are sent to Sentry, neither the full SQL query (`UPDATE app_user SET password='supersecret' WHERE id=1;`), nor the values of its parameters will ever be sent. A parameterized version of the query (`UPDATE app_user SET password=? WHERE id=?;`) is sent instead. From 5c7f18b4910ad2edeb8937769a15072cdbf3c9e4 Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Fri, 14 Feb 2025 06:26:44 +0100 Subject: [PATCH 2/5] Apply suggestions from code review Co-authored-by: Alex Krawiec --- docs/platforms/android/data-management/data-collected.mdx | 6 +++--- .../java/common/data-management/data-collected.mdx | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/platforms/android/data-management/data-collected.mdx b/docs/platforms/android/data-management/data-collected.mdx index d107e8b368e6ae..e3abb4564fe3a1 100644 --- a/docs/platforms/android/data-management/data-collected.mdx +++ b/docs/platforms/android/data-management/data-collected.mdx @@ -6,9 +6,9 @@ sidebar_order: 1 Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime of your application. -The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories the Sentry Android SDK collects. +The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories that the Sentry Android SDK collects. -For many of the categories listed here it is required to enable the send-default-pii option. +Many of the categories listed here require you to enable the send-default-pii option. ## HTTP Headers @@ -28,7 +28,7 @@ By default, the Sentry SDK doesn't send any information about the logged-in user To start sending logged-in user information, set `sendDefaultPii=true`. -## Users' IP Address +## Users' IP Addresses By default, the Sentry SDK doesn't send the user's IP address. Even if enabled, whether you're able to send the user's IP address or not, will depend on the integrations you enable in Sentry's SDK. Most integrations won't set the user's IP address at all. diff --git a/docs/platforms/java/common/data-management/data-collected.mdx b/docs/platforms/java/common/data-management/data-collected.mdx index d9a80aaccfc380..7074ad37c249db 100644 --- a/docs/platforms/java/common/data-management/data-collected.mdx +++ b/docs/platforms/java/common/data-management/data-collected.mdx @@ -6,7 +6,7 @@ sidebar_order: 1 Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime of your application. -The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories the Sentry Java SDK collects. +The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories that the Sentry Java SDK collects. For many of the categories listed here it is required to enable the send-default-pii option. @@ -28,7 +28,7 @@ By default, the Sentry SDK doesn't send any information about the logged-in user To start sending logged-in user information, set `sendDefaultPii=true`. -## Users' IP Address +## Users' IP Addresses By default, the Sentry SDK doesn't send the user's IP address. Even if enabled, whether you're able to send the user's IP address or not, will depend on the integrations you enable in Sentry's SDK. Most integrations won't set the user's IP address at all. From 7cdc35b5243ab8c389f042227071017867115539 Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Fri, 14 Feb 2025 12:32:24 +0100 Subject: [PATCH 3/5] Apply suggestions from code review Co-authored-by: Lorenzo Cian --- docs/platforms/android/data-management/data-collected.mdx | 6 +++--- .../java/common/data-management/data-collected.mdx | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/platforms/android/data-management/data-collected.mdx b/docs/platforms/android/data-management/data-collected.mdx index e3abb4564fe3a1..ef8824ea619273 100644 --- a/docs/platforms/android/data-management/data-collected.mdx +++ b/docs/platforms/android/data-management/data-collected.mdx @@ -8,7 +8,7 @@ Sentry takes data privacy very seriously and has default settings in place that The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories that the Sentry Android SDK collects. -Many of the categories listed here require you to enable the send-default-pii option. +Many of the categories listed here require you to enable the sendDefaultPii option. ## HTTP Headers @@ -52,9 +52,9 @@ The request body of incoming HTTP requests can be sent to Sentry. Whether it's s ## Source Context -Our build tool plugins for Gradle and Maven can upload your source code to Sentry. +Our build tool plugins for Gradle and Maven can upload your source code to Sentry, which can then used to show the lines of code where an error happened in the Issue Details page. -To opt into of sending this source context to Sentry, you have to enable the feature as described in the Source Context documentation. +To opt into sending this source context to Sentry, you have to enable the feature as described in the Source Context documentation. ## File I/O diff --git a/docs/platforms/java/common/data-management/data-collected.mdx b/docs/platforms/java/common/data-management/data-collected.mdx index 7074ad37c249db..ae6da8898d18b1 100644 --- a/docs/platforms/java/common/data-management/data-collected.mdx +++ b/docs/platforms/java/common/data-management/data-collected.mdx @@ -8,7 +8,7 @@ Sentry takes data privacy very seriously and has default settings in place that The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. This page lists data categories that the Sentry Java SDK collects. -For many of the categories listed here it is required to enable the send-default-pii option. +For many of the categories listed here it is required to enable the sendDefaultPii option. ## HTTP Headers @@ -52,9 +52,9 @@ The request body of incoming HTTP requests can be sent to Sentry. Whether it's s ## Source Context -Our build tool plugins for Gradle and Maven can upload your source code to Sentry. +Our build tool plugins for Gradle and Maven can upload your source code to Sentry, which can then used to show the lines of code where an error happened in the Issue Details page. -To opt into of sending this source context to Sentry, you have to enable the feature as described in the Source Context documentation. +To opt into sending this source context to Sentry, you have to enable the feature as described in the Source Context documentation. ## File I/O From 125d53cbca258d65016ba86876581d7bb74bdd3f Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Mon, 17 Feb 2025 11:21:35 +0100 Subject: [PATCH 4/5] Apply suggestions from code review Co-authored-by: Markus Hintersteiner --- docs/platforms/android/data-management/data-collected.mdx | 2 +- docs/platforms/java/common/data-management/data-collected.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/platforms/android/data-management/data-collected.mdx b/docs/platforms/android/data-management/data-collected.mdx index ef8824ea619273..ede19ef27c3783 100644 --- a/docs/platforms/android/data-management/data-collected.mdx +++ b/docs/platforms/android/data-management/data-collected.mdx @@ -30,7 +30,7 @@ To start sending logged-in user information, set `sendDefaultPii=true`. diff --git a/docs/platforms/java/common/data-management/data-collected.mdx b/docs/platforms/java/common/data-management/data-collected.mdx index ae6da8898d18b1..523713f5cbd39a 100644 --- a/docs/platforms/java/common/data-management/data-collected.mdx +++ b/docs/platforms/java/common/data-management/data-collected.mdx @@ -30,7 +30,7 @@ To start sending logged-in user information, set `sendDefaultPii=true`. From 23b0fee4ef89d9da3633cb0c75fa4a086d04305f Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Mon, 17 Feb 2025 11:36:36 +0100 Subject: [PATCH 5/5] add session replay --- docs/platforms/android/data-management/data-collected.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/platforms/android/data-management/data-collected.mdx b/docs/platforms/android/data-management/data-collected.mdx index ede19ef27c3783..69abfc9c4376cd 100644 --- a/docs/platforms/android/data-management/data-collected.mdx +++ b/docs/platforms/android/data-management/data-collected.mdx @@ -52,7 +52,7 @@ The request body of incoming HTTP requests can be sent to Sentry. Whether it's s ## Source Context -Our build tool plugins for Gradle and Maven can upload your source code to Sentry, which can then used to show the lines of code where an error happened in the Issue Details page. +Our build tool plugins for Gradle and Maven can upload your source code to Sentry, which can then used to show the lines of code where an error happened in the Issue Details page. To opt into sending this source context to Sentry, you have to enable the feature as described in the Source Context documentation. @@ -71,3 +71,7 @@ If you want to send the device name, set more details in the Session Replay documentation.