Replies: 3 comments
-
|
Thanks @lndevel, in principle we'll have that new requirement covering for this and the details will be in the MSTG. However, please feel to open a PR in the new MSTG Privacy chapter with your enhancements and we'll take a look. |
Beta Was this translation helpful? Give feedback.
-
|
Sorry for my late feedback. I have carefully reviewed Determining Whether Sensitive Data Is Shared with Third Parties (MSTG-STORAGE-4) and Mobile App User Privacy Protection. I think in combination both chapters already offer enough information to weigh these considerations adequately. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for checking that and for sharing your concerns @lndevel. We hope that you keep following our current refactoring. If you ever have any questions or any other feedback please feel free to share that anytime. |
Beta Was this translation helpful? Give feedback.
-
Hello,
due to the Big Refactoring I am not sure at which place I should place my thoughts about MSTG-Storage-4 (MASVS Version 1.4.0).
Originally I was going to suggest adding another third-party requirement that relates to the frequency of data sharing. But it seems that in the "big refactoring" the requirement has been replaced by a more abstract one.
From my point of view, data exchange with third parties should be considered from different points of view:
The MSTG (page 491) provides only sparse information:
Consequently, no more information than is necessary should be sent to a service, and no sensitive information should be disclosed.Perhaps we could add another two sentences that in addition to the nature of the shared data, the frequency and its triggers for sending data should also be considered.
Beta Was this translation helpful? Give feedback.
All reactions