Skip to content

Device ID Data Type Declaration Mismatch

Device ID Data Type Declaration Mismatch

Description

It has been identified that the Device ID data type declaration in your privacy policy does not match the actual usage of this data, potentially exposing users to privacy risks and violating data protection regulations.

Recommendation

To mitigate the vulnerability of mismatched data type declarations in your privacy policy, ensure that the Device ID data type declaration accurately reflects how the data is actually being used and collected. Regularly review and update your privacy policy to align with current practices and communicate any changes to users to maintain transparency and trust. Conduct regular audits to ensure compliance with privacy regulations and best practices.

Standards

  • OWASP_MASVS_L1:
  • OWASP_MASVS_L2:
  • OWASP_MASVS_RESILIENCE:
  • CWE_TOP_25:
  • GDPR:
    • ART_5
    • ART_6
    • ART_7
    • ART_9
    • ART_11
    • ART_13
    • ART_15
    • ART_16
    • ART_17
    • ART_32
  • CCPA:
    • CCPA_1798_100
    • CCPA_1798_105
    • CCPA_1798_110
    • CCPA_1798_115
    • CCPA_1798_120
    • CCPA_1798_125
    • CCPA_1798_130
    • CCPA_1798_135
    • CCPA_1798_140
    • CCPA_1798_150
  • PCI_STANDARDS:
  • OWASP_MASVS_v2_1:
    • MASVS_PRIVACY_1
    • MASVS_PRIVACY_2
    • MASVS_PRIVACY_3
    • MASVS_PRIVACY_4
  • OWASP_ASVS_L1:
  • OWASP_ASVS_L2:
  • OWASP_ASVS_L3:
  • SOC2_CONTROLS:
    • CC_2_3
    • CC_5_3