Collection of Users' Crash Logs without Consent
Collection of Users' Crash Logs without Consent
Description
The vulnerability exists in the app's privacy policy as it fails to mention the collection of users' crash logs, even though this data type is declared in the Play Data Safety Section, potentially putting users' privacy at risk.
Recommendation
To mitigate the vulnerability of collecting users' crash logs, ensure that your privacy policy clearly states the purpose of collecting this data, how it will be used, and how it will be protected. Additionally, provide users with the option to opt out of sharing crash logs if they are uncomfortable with this data collection. Regularly review and update your privacy policy to stay compliant with data protection regulations and maintain transparency with your users.
Links
- Android Privacy Guidelines
- Privacy Policies for Mobile Apps
- Apple Privacy Manifest
- CWE-359: Exposure of Private Information ("Privacy Violation")
Standards
- OWASP_MASVS_L1:
- OWASP_MASVS_L2:
- OWASP_MASVS_RESILIENCE:
- CWE_TOP_25:
- GDPR:
- ART_5
- ART_6
- ART_7
- ART_9
- ART_11
- ART_13
- ART_15
- ART_16
- ART_17
- ART_32
- CCPA:
- CCPA_1798_100
- CCPA_1798_105
- CCPA_1798_110
- CCPA_1798_115
- CCPA_1798_120
- CCPA_1798_125
- CCPA_1798_130
- CCPA_1798_135
- CCPA_1798_140
- CCPA_1798_150
- PCI_STANDARDS:
- OWASP_MASVS_v2_1:
- MASVS_PRIVACY_1
- MASVS_PRIVACY_2
- MASVS_PRIVACY_3
- MASVS_PRIVACY_4
- OWASP_ASVS_L1:
- OWASP_ASVS_L2:
- OWASP_ASVS_L3:
- SOC2_CONTROLS:
- CC_2_3
- CC_5_3