LogoLogo
HomeArticlesCommunity ProductsPremium ProductsGitHubTalsec Website
  • πŸ‘‹Introduction
  • πŸ› οΈIntegration
    • πŸ€–Android
      • API
      • Troubleshooting
    • 🍎iOS
      • API
      • Troubleshooting
    • 🐦Flutter
      • FlutterFlow
      • API
      • Troubleshooting
    • βš›οΈReact Native
      • Expo
      • API
      • Troubleshooting
    • πŸ‘ΎCordova
      • API
      • Troubleshooting
    • πŸͺ½Capacitor
      • API
      • Troubleshooting
  • πŸš€Features and Pricing plans
    • The Key Differences: freeRASP vs. RASP+
  • 🎀What's New and Changelog
  • πŸ“ŠSecurity Report
  • βš–οΈUser Data Policies
  • πŸ“„License
  • 🀝Fair Usage Policy (FUP)
  • ℹ️Wiki
    • Getting Signing Certificate Hash
    • Callback Delay, Telemetry Impact, and Threat Scanning Completion Status
    • Threat detection
      • Detecting rooted or jailbroken devices
      • Emulator detection
      • Hook detection
      • App tampering detection
      • Debugger detection
      • Detecting unofficial installation
      • Device binding detection
      • Missing obfuscation detection [Android devices only]
      • Secure Hardware detection (Keystore/Keychain secure storage check)
      • Passcode
      • System VPN detection
      • Developer Mode detection [Android devices only]
      • ADB enabled detection [Android devices only]
      • Screen Capture
    • Source code obfuscation
    • isProd flag
  • πŸ¦‰FAQ
  • πŸ§‘β€πŸ’»About Us
  • 🀝Contribution
Powered by GitBook
On this page
  • Google Play's Data Safety Policy
  • App Store User Data Policy
  • Disclosure Screen

Was this helpful?

Export as PDF

User Data Policies

PreviousSecurity ReportNextLicense

Last updated 8 months ago

Was this helpful?

freeRASP collects anonymized security diagnostics data from apps. These data contain:

  • Application state and security.

  • Device state and security.

  • Anonymous app instance ID and device ID.

This information allows Talsec to provide a , improve the freeRASP product and even the , or prepare mobile security reports and articles.

Data collection can be disabled or configured to a custom customer-owned logging service in

All the data collected by the freeRASP is technical diagnostics information and anonymous, but depending on the regulations applied, it could be considered sensitive and/or personal data.

Talsec recommends adding the statement below to the dedicated privacy policy page of your app. You can also use the text below while filling in the or publishing.

Privacy Policy Statement

For the purpose of Fraud prevention, user safety, and compliance the dedicated App safety SDK needs to send the following anonymous diagnostic data off the device for detection of security issues. Thus the application collects the following data:

  • Category: App info and performance

    • Data Type: Diagnostics

    • Information about the integrity of the app and the operating system. For example, rooting, running in an emulator, hooking framework usage, etc...

  • Category: Device or other identifiers

    • Data Type: Device or other identifiers

    • Information that relates to an individual device. For example, a device model and anonymous identifier to control that app instance executed on the original device that it was initially installed on. It is needed to combat threats like bots and API abuse.

Google Play's Data Safety Policy

Google Play requires all app publishers to declare how they collect and handle user data for the apps they publish on Google Play. They should inform users properly of the data collected by the apps and how the data is shared and processed. Google will reject the apps which do not comply with the policy.

More about Google Play's Data safety .

The checks for the Google Play and details about data are specified above in Privacy Policy Statement.

App Store User Data Policy

Apple requires that all app developers disclose their data collection and handling practices for apps published on the App Store. Developers must clearly inform users about the data their apps collect, as well as how this data is shared and processed. Apps that do not adhere to Apple's data privacy guidelines will be rejected.

To comply with the policy, in the App Privacy section, it is important to check the following:

  • Identifiers -> Device ID -> App Functionality

    • Talsec Security SDK can not link the device identifier to the user

  • Diagnostics -> Performance Data -> App Functionality, Other Purposes, No for linking to the user

  • Diagnostics -> Other diagnostics data -> App Functionality, Other Purposes, No for linking to the user

  • Other data -> App Functionality, No for linking to the user

    • Security diagnostics data (such as jailbreak)

Disclosure Screen

Google Play’s User Data policy indicates that a prominent disclosure should be presented to the users in case of an app collecting personal or sensitive data.

Although freeRASP collects diagnostical data (anonymous and not user-related), you (as the app publisher) should consider adding a disclosure screen, describing why the security diagnostic data is needed, what data, and how the data is used.

More about Apple App privacy .

It is an anonymous device identifier for the App vendor as per:

More about Google's best practices for prominent disclosure and consent .

βš–οΈ
here
https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor
here
security report
commercial RASP SDK
premium plans of Talsec.
here
Google Play Safety Section
similar for Apple App Store
Example of disclosure screen