In-App Search Queries Collection Not Disclosed in Privacy Policy

In-App Search Queries Collection Not Disclosed in Privacy Policy

Risk: medium

Description

The application collects users' in-app search queries, but the privacy policy does not clearly disclose this. Search queries can reveal user interests, intentions, and potentially sensitive information. Failure to inform users about the collection and use of their search history can be misleading and may violate privacy regulations.

Recommendation

Update your application's privacy policy to explicitly state that in-app search queries are collected. Clearly describe the purposes for this collection, how the data is used (e.g., to improve search results, for analytics), how it is stored, its retention period, and any de-identification or aggregation practices applied.

Links

• GDPR - Personal Data Definition
• CCPA - Definition of Personal Information
• CWE-359: Exposure of Private Information ("Privacy Violation")

Standards

• GDPR:
  • ART_5
  • ART_6
  • ART_7
  • ART_12
  • ART_13
  • ART_25
  • ART_32
• CCPA:
  • CCPA_1798_100
  • CCPA_1798_110
  • CCPA_1798_150
• OWASP_MASVS_v2_1:
  • MASVS_PRIVACY_1
  • MASVS_PRIVACY_2
• SOC2_CONTROLS:
  • CC_2_3
  • CC_5_3
  • CC_6_1
• CNIL_FOR_EDITORS:
  • EDITORS_3_1_1
  • EDITORS_3_1_2