Skip to content

Continuous collection of GPS location

Continuous collection of GPS location

Description

The application continuously accesses and collects the device's GPS location. GPS tracking is subject to compliance requirements and is subject to strict restrictions under certain jurisdictions.

GPS tracking may also be abused by malware or attackers who gained access to the device with the permissions of the application.

Recommendation

To enable continuous GPS tracking, it is recommended:

  • Notify user of the reason requiring GPS tracking with the possibility for users to opt-out.
  • Avoid storage of GPS location locally, and if needed to, encrypt GPS with device-specific key.

Standards

  • OWASP_MASVS_L1:
    • MSTG_NETWORK_1
  • OWASP_MASVS_L2:
    • MSTG_NETWORK_1
  • PCI_STANDARDS:
    • REQ_6_2
  • OWASP_MASVS_v2_1:
    • MASVS_PRIVACY_1
    • MASVS_PRIVACY_2
    • MASVS_PRIVACY_3
    • MASVS_PRIVACY_4