Inaccurately and Incomprehensibly guides of Data Privacy for Mobile #5724
Comments
|
Thank you @xiaoyue10131748 for your report and suggestions, we will review and come back to you. |
|
Hi kahest, thanks for your quick response. Here is the [removed] with the case study. |
|
Thanks @xiaoyue10131748 - please note that I removed the link to the document as it may contain information that could be sensitive, and we have all the information we need here. |
|
Routing to @getsentry/team-mobile for triage. ⏲️ |
kahest
moved this from Needs Discussion
to Needs Investigation
in Mobile & Cross Platform SDK
|
Regarding |
|
Hi Kahest, thanks for your clarification. However, we observed app developers set " [1] Koch, Simon, et al. "Keeping privacy labels honest." Proceedings on Privacy Enhancing Technologies 4 (2022): 486-506. |
|
@xiaoyue10131748 to clarify, the Sentry Cocoa SDK does not send An app developer could decide to explicitely read |
|
Yes. We totally agree that it's the app developer's misconfiguration that caused the data exfiltration. The app developer could probably misunderstand the "key" set by configurable Tags (e.g., "deviceID" is actually "installationId" which is not linked to users). It is better if Sentry SDK can update privacy label guidance[1] to clearly notify the app developers which data is configurable by which setting tags and whether enabling those configurations need appropriate disclosure in their apps' privacy labels. |
brustolin
moved this from Needs Investigation
to Blocked
in Mobile & Cross Platform SDK
philipphofmann
moved this from Needs Discussion
to Blocked
in Mobile & Cross Platform SDK
|
related to getsentry/rfcs#70 |
github-project-automation
bot
moved this from Blocked
to Done
in Mobile & Cross Platform SDK
Core or SDK?
Platform/SDK
Which part? Which one?
Mobile SDK Documentation (https://docs.sentry.io/product/security/mobile-privacy/)
Description
Summary
Dear Security & Privacy Teams of Sentry,
We found your Privacy label guidance [1] inaccurately and incomprehensibly disclose data collection practices, which probably induces that many apps integrated with Sentry SDK are non-compliant with Apple’s privacy label requirements. As required by Apple, Apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases, be removed from the App Store entirely if they don’t come into compliance [2], which in turn will impact your SDK integration rate and reputation of being Privacy-Conscious vendor.
We observed that Sentry SDK allows app developers to pass the user’s Precise Location, Device ID, and Performance Data to the Sentry backend. However, those apps integrated Sentry SDK didn’t disclose this data collection in their privacy labels. Furthermore, we found that Sentry's privacy label guideline [1] inaccurately described that device ID (IDFA) is not collected and also didn’t mention precise location, and performance data can be collected based on the developer’s configuration.
Case study
Precise Location, Device ID, and Performance Data are transmitted to Sentry endpoint in an app without disclosure in privacy label.
[NOTE: screenshot removed]
Reference
[1] https://docs.sentry.io/product/security/mobile-privacy/
[2] https://9to5mac.com/2021/01/29/app-store-privacy-labels/
Suggested Solution
Recommendation for improvement:
Although app developers are responsible for all code included in their apps, they may not be able to know the data collection and tracking practices of code used in your SDK. To help the app developer correctly specify the app’s privacy label, we suggest Sentry’s privacy team update your privacy label guidance [1] to clearly describe that “Precise Location, Device ID, and Performance Data” are collected optionally based on the developer’s configuration, instead of miss declaring it or directly declaring it as not collected.
The text was updated successfully, but these errors were encountered: