Extend user education testcase based on MSTG‑ARCH‑12

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Creative Commons Attribution Share Alike 4.0 International

11.6k stars 2.29k forks source link

MSTG‑ARCH‑12: The app should comply with privacy laws and regulations. Furthermore, based on this, the following actions need to be taken:

[ ] Extend user education section
[x] Extend explanation on that this includes not having location data in images and tracking, unless that is consented by the user (https://github.com/OWASP/owasp-masvs/issues/298). Next, make sure we show how to remove exif data.
[x] Extend explanation on that tracking info should be removed timely as well, this includes location-databases,images with location info, etc. https://github.com/OWASP/owasp-masvs/issues/281

OWASP / owasp-mastg

Extend user education testcase based on MSTG‑ARCH‑12 #1491