MicroPythonOS · ThomasFarstrike · Apr 19, 2026 · Apr 19, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ Frameworks:
 - Add new LoRaManager framework
 - Add mpos.ui.change_task_handler() for improving IR timing accuracy
 - AppearanceManager: fix set_light_mode() and set_primary_color() — they called a non-existent `prefs.set_string()` and raised AttributeError for every third-party caller; writes now go through `edit().put_string().commit()` and the LVGL theme is reinitialised when the colour changes
+- SharedPreferences: security fix — `load()` no longer prints the entire prefs dict to serial/REPL. Any pref holding a secret (WiFi password in `access_points`, Lightning wallet API keys, NWC secrets, xpubs, etc.) was being leaked to logs every time an app loaded its prefs. Now logs only the filepath and key count
 
 OS:
 - LilyGo T-Watch S3 Plus: add support for IR Remote app

diff --git a/internal_filesystem/lib/mpos/config.py b/internal_filesystem/lib/mpos/config.py
@@ -29,7 +29,14 @@ def load(self):
         try:
             with open(self.filepath, 'r') as f:
                 self.data = ujson.load(f)
-                print(f"load: Loaded preferences from {self.filepath}: {self.data}")
+                # Deliberately log only the filepath and key count, NOT the
+                # values. Prefs often hold secrets (WiFi passwords in
+                # access_points, wallet API keys / NWC secrets / xpubs in
+                # third-party apps, etc.) — printing self.data leaked those
+                # to serial/REPL every time any app loaded its prefs. An
+                # app that wants rich debug output can opt in by logging
+                # selected keys itself.
+                print(f"load: Loaded preferences from {self.filepath} ({len(self.data)} keys)")
         except Exception as e:
             print(f"SharedPreferences.load didn't find preferences: {e}")
             self.data = {}