From 7a74cf34ba5f059f6b8de0eb520cd429b90f6fe9 Mon Sep 17 00:00:00 2001
From: Ayaan Zaidi <zaidi@uplause.io>
Date: Tue, 24 Feb 2026 22:11:07 +0530
Subject: [PATCH] fix(android-security): remove token-derived logging from
 prefs

---
 .../java/ai/openclaw/android/SecurePrefs.kt   | 31 ++-----------------
 1 file changed, 2 insertions(+), 29 deletions(-)

diff --git a/apps/android/app/src/main/java/ai/openclaw/android/SecurePrefs.kt b/apps/android/app/src/main/java/ai/openclaw/android/SecurePrefs.kt
index 54f6292d29e..f03e2b56e0b 100644
--- a/apps/android/app/src/main/java/ai/openclaw/android/SecurePrefs.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/android/SecurePrefs.kt
@@ -4,7 +4,6 @@ package ai.openclaw.android
 
 import android.content.Context
 import android.content.SharedPreferences
-import android.util.Log
 import androidx.core.content.edit
 import androidx.security.crypto.EncryptedSharedPreferences
 import androidx.security.crypto.MasterKey
@@ -14,7 +13,6 @@ import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonArray
 import kotlinx.serialization.json.JsonNull
 import kotlinx.serialization.json.JsonPrimitive
-import java.security.MessageDigest
 import java.util.UUID
 
 class SecurePrefs(context: Context) {
@@ -100,10 +98,6 @@ class SecurePrefs(context: Context) {
   private val _talkEnabled = MutableStateFlow(prefs.getBoolean("talk.enabled", false))
   val talkEnabled: StateFlow<Boolean> = _talkEnabled
 
-  init {
-    logGatewayToken("init.gateway.manual.token", _gatewayToken.value)
-  }
-
   fun setLastDiscoveredStableId(value: String) {
     val trimmed = value.trim()
     prefs.edit { putString("gateway.lastDiscoveredStableID", trimmed) }
@@ -161,7 +155,6 @@ class SecurePrefs(context: Context) {
     val trimmed = value.trim()
     prefs.edit(commit = true) { putString("gateway.manual.token", trimmed) }
     _gatewayToken.value = trimmed
-    logGatewayToken("setGatewayToken", trimmed)
   }
 
   fun setGatewayPassword(value: String) {
@@ -180,15 +173,10 @@ class SecurePrefs(context: Context) {
 
   fun loadGatewayToken(): String? {
     val manual = _gatewayToken.value.trim()
-    if (manual.isNotEmpty()) {
-      logGatewayToken("loadGatewayToken.manual", manual)
-      return manual
-    }
+    if (manual.isNotEmpty()) return manual
     val key = "gateway.token.${_instanceId.value}"
     val stored = prefs.getString(key, null)?.trim()
-    val resolved = stored?.takeIf { it.isNotEmpty() }
-    logGatewayToken("loadGatewayToken.legacy", resolved.orEmpty())
-    return resolved
+    return stored?.takeIf { it.isNotEmpty() }
   }
 
   fun saveGatewayToken(token: String) {
@@ -247,21 +235,6 @@ class SecurePrefs(context: Context) {
     return fresh
   }
 
-  private fun logGatewayToken(event: String, value: String) {
-    val digest =
-      if (value.isBlank()) {
-        "empty"
-      } else {
-        try {
-          val bytes = MessageDigest.getInstance("SHA-256").digest(value.toByteArray(Charsets.UTF_8))
-          bytes.take(4).joinToString("") { "%02x".format(it) }
-        } catch (_: Throwable) {
-          "hash_err"
-        }
-      }
-    Log.i("OpenClawSecurePrefs", "$event tokenLen=${value.length} tokenSha256Prefix=$digest")
-  }
-
   private fun loadOrMigrateDisplayName(context: Context): String {
     val existing = prefs.getString(displayNameKey, null)?.trim().orEmpty()
     if (existing.isNotEmpty() && existing != "Android Node") return existing