Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

News: MASVS-PRIVACY #2459

Merged
merged 2 commits into from
Oct 10, 2023
Merged

News: MASVS-PRIVACY #2459

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
264c3c1
add masvs privacy
cpholguera Oct 10, 2023
09e66fe
minor addition
cpholguera Oct 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added docs/assets/news/masvs_privacy.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
27 changes: 27 additions & 0 deletions docs/news.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,33 @@ hide:

Follow [:material-twitter: @OWASP_MAS](https://twitter.com/OWASP_MAS) to get the latest updates instantly.

## Oct 10th, 2023: MASVS-PRIVACY

Mobile applications frequently access sensitive user data to deliver their core functionalities. This data ranges from personally identifiable information (PII), health metrics, location data, to device identifiers. Mobile devices are a constant companion to users, always connected, and equipped with numerous sensors—including cameras, microphones, GPS and BLE—that generate data capable of inferring user behavior and even identifying individuals. The landscape is further complicated by advanced tracking techniques, the integration of third-party SDKs, and a heightened awareness of privacy issues among users and regulators. As a response, there's a growing trend towards on-device processing to keep user data localized and more secure.

<center>
<img style="width: 80%; border-radius: 5px" src="../assets/news/masvs_privacy.png"/>
</center>

Today we're excited to announce the release of the new MASVS-PRIVACY, a new MASVS category and MAS profile with focus on privacy. The new profile is designed to help organizations and individuals assess the privacy implications of their mobile applications and make informed decisions.

The new controls are:

- **MASVS-PRIVACY-1**: The app minimizes access to sensitive data and resources.
- **MASVS-PRIVACY-2**: The app prevents identification of the user.
- **MASVS-PRIVACY-3**: The app is transparent about data collection and usage.
- **MASVS-PRIVACY-4**: The app offers user control over their data.

The proposal defines the scope of the new MASVS-PRIVACY category and profile, and includes a detailed description of each control, a rationale, and a list of tests. The new profile MAS-P, establishes a baseline for privacy and is intended to work cohesively, and in some cases even overlap, with other OWASP MAS profiles, such as MAS-L1 and MAS-L2, ensuring a holistic approach to both security and privacy.

**Call to Action:**

We'd be thrilled to hear what you think! Your input is really important to us, and it can make a big difference in shaping the final version of the document. Please take a moment to review it and share your comments, feedback, and ideas.

**Review Timeline:** until November 30, 2023

Please follow the link here to access the document: <https://docs.google.com/document/d/1jq7V9cRureRFF_XT7d_Z9H_SLsaFs43cE50k6zMRu0Q/edit?usp=sharing>

## Sept 29th, 2023: MASTG Refactor Part 2 - Techniques, Tools & Reference Apps

We are thrilled to announce the second phase of the MASTG (Mobile Application Security Testing Guide) refactor. These changes aim to enhance the usability and accessibility of the MASTG.
Expand Down
Loading