What is the best crash reporter method?

I was wondering how to collect crash from exceptions and getting useful values from it.
Any class doing that for Mac?

We once made a BugReporter Kit for that at MBS.

https://www.monkeybreadsoftware.de/xojo/Bugreporter/

I had made an app that generates the code / project parts to drop in App.UnhandledException to report exceptions, their stack, platform details, and comments directly to MantisBT. However, when trying to gauge community interest it didn’t seem like a commercially viable release.

Whatever method you go about it, I would recommend against “email the report by SMTPSocket” because of modern internet problems. My suggestion is to use a URLConnection and send yourself the report to a listener, whether that be your own web app or a tracker like MantisBT.

2 Likes

Interesting. My idea is to send the data to a MySQL server

If it’s a desktop application that you’re sharing publicly, you won’t want your credentials for a SMTP server or a database server to be embedded inside the app. If your app has embedded credentials and a malicious party were to find them, they could abuse your systems.

Another concern is that the user’s security settings must allow communication on the ports you plan to use. While security settings will differ, it’s most common to find ports 80 and 443 open for HTTP/S communication.

2 Likes

TIm is correct. You should use some kind of REST mechanism over HTTPS sending JSON or XML contents with some kind of mutant check key with TTL for validation. If check fails, maybe someone is trying some sort of attack, so ignore the contents. If ok, register the report received.

In case you get some stupid hacker wasting time to penetrate your barrier, the max he will get is recording lots of garbage reports, not deleting your database or stealing data from there.

If the database is protected with user privileges and dedicated password, the risk is low. you can only see some garbage stuff, but you can also run a script to clear it.

Disconnecting direct access is a “best practice”. A hacker with direct access to a DB port can find a way to circumvent your privilege restriction, like injecting new users without restriction and logging on them.

First of all, these need to be clearly defined, as there are limits depending on what you want.

Xojo Exceptions,

@Tim_Parnell has you covered there in being able to retrieve this information and have it returned to you.

NSExceptions and application crashes.

NSExceptions are exceptions within Apple’s frameworks, these generally come from either the Xojo framework, a plugin or declares. These typically occur with OS updates, major, minor, bug fixes as it’s when Apple has changed something that Xojo or plugin vendor isn’t aware of.

Crashes are when the OS terminates the application for whatever reason.
These reports (crashes and exceptions) are not available to you for security reasons, however there are exceptions.

  1. If the application comes from the Mac App Store, these reports are collated, cleaned and presented to you through App Store connect, this process is NOT instant and can take upto a month for a crash report to appear.

  2. If the app is distributed outside of the App Store and the customer is logged in with an Admin account, you can retrieve the files yourself. Regular accounts are prohibited from diagnostic information, again for security.

1 Like

Your telephone. Seriously, bear with me. Email is a close second. And I’m not talking about automated stuff. When your app ends with a fatal unhandled exception, include your phone number and email address on the MessageBox. When they get you on the phone, or when you respond in an actually meaningful (non-automated) way to their email, it is incredible how many folks will be so happy to know that they have your actual attention that they will let you send them a zillion special test versions of your app loaded with all manner of printf debugging, which they’ll be happy to use to recreate the problem, and the output of which they’ll happily screenshot or email or fax or carrier pigeon or otherwise get back to you. Seriously, they will become your ally if they believe you are trying to solve the problem. Who among us gives any faith to the automated popups with messages like “App ‘blablabla’ just crashed. Hang on while we collect diagnostic data to send to (Microsoft / Apple / Joe Developer)”?

I used to send data to a Mysql database but it was quite difficult to handle, group and filter exceptions when my app started having hundreds of thousands monthly active users.

I’ve been using sentry.io for the past year and I am extremely pleased with it.