Skip to content

Missing Declaration of Photo Collection in Privacy Policy

Missing Declaration of Photo Collection in Privacy Policy

Description

The vulnerability exists in the app's failure to accurately reflect the collection of users' photos in the privacy policy, as required by the Play Data Safety Section. This oversight could lead to potential privacy violations and breaches of user trust.

Recommendation

To mitigate the vulnerability of collecting users' photos, ensure that your privacy policy clearly states the purpose for collecting this data, obtain explicit consent from users before collecting their photos, implement strong security measures to protect this sensitive information, and regularly review and update your privacy policy to stay compliant with data protection regulations.

Standards

  • OWASP_MASVS_L1:
  • OWASP_MASVS_L2:
  • OWASP_MASVS_RESILIENCE:
  • CWE_TOP_25:
  • GDPR:
    • ART_5
    • ART_6
    • ART_7
    • ART_9
    • ART_11
    • ART_13
    • ART_15
    • ART_16
    • ART_17
    • ART_32
  • CCPA:
    • CCPA_1798_100
    • CCPA_1798_105
    • CCPA_1798_110
    • CCPA_1798_115
    • CCPA_1798_120
    • CCPA_1798_125
    • CCPA_1798_130
    • CCPA_1798_135
    • CCPA_1798_140
    • CCPA_1798_150
  • PCI_STANDARDS:
  • OWASP_MASVS_v2_1:
    • MASVS_PRIVACY_1
    • MASVS_PRIVACY_2
    • MASVS_PRIVACY_3
    • MASVS_PRIVACY_4
  • OWASP_ASVS_L1:
  • OWASP_ASVS_L2:
  • OWASP_ASVS_L3:
  • SOC2_CONTROLS:
    • CC_2_3
    • CC_5_3