The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
MSTG‑ARCH‑12: The app should comply with privacy laws and regulations.
Furthermore, based on this, the following actions need to be taken:
[ ] Extend user education section
[x] Extend explanation on that this includes not having location data in images and tracking, unless that is consented by the user (https://github.com/OWASP/owasp-masvs/issues/298). Next, make sure we show how to remove exif data.
[x] Extend explanation on that tracking info should be removed timely as well, this includes location-databases,images with location info, etc. https://github.com/OWASP/owasp-masvs/issues/281
MSTG‑ARCH‑12: The app should comply with privacy laws and regulations. Furthermore, based on this, the following actions need to be taken: