Missing Opt-out Information in Privacy Policy

Missing Opt-out Information in Privacy Policy

Risk: medium

Description

The vulnerability exists in the lack of clarity or absence of information in the privacy policy regarding how users can opt out from the selling or sharing of their data, potentially leaving users unaware of their rights and unable to protect their privacy.

Recommendation

To mitigate this vulnerability, ensure that your privacy policy clearly outlines the process for users to opt out from the selling or sharing of their data, including providing easy-to-follow instructions and contact information for users to exercise their rights. Regularly review and update your privacy policy to stay compliant with regulations and best practices in data privacy.

Links

• Android Privacy Guidelines
• Privacy Policies for Mobile Apps
• Apple Privacy Manifest
• CWE-359: Exposure of Private Information ("Privacy Violation")

Standards

• OWASP_MASVS_L1:
• OWASP_MASVS_L2:
• OWASP_MASVS_RESILIENCE:
• CWE_TOP_25:
• GDPR:
  • ART_5
  • ART_6
  • ART_7
  • ART_9
  • ART_11
  • ART_13
  • ART_15
  • ART_16
  • ART_17
  • ART_32
• CCPA:
  • CCPA_1798_100
  • CCPA_1798_105
  • CCPA_1798_110
  • CCPA_1798_115
  • CCPA_1798_120
  • CCPA_1798_125
  • CCPA_1798_130
  • CCPA_1798_135
  • CCPA_1798_140
  • CCPA_1798_150
• PCI_STANDARDS:
• OWASP_MASVS_v2_1:
  • MASVS_PRIVACY_1
  • MASVS_PRIVACY_2
  • MASVS_PRIVACY_3
  • MASVS_PRIVACY_4
• OWASP_ASVS_L1:
• OWASP_ASVS_L2:
• OWASP_ASVS_L3:
• SOC2_CONTROLS:
  • CC_2_3
  • CC_5_3