abhinavsuthar
GDPR Compliance Issues - Responsible Disclosure
GDPR Compliance Issues - Responsible Disclosure
Responsible Disclosure Notice
We are academic researchers conducting GDPR compliance analysis. Before publishing our research, we are notifying all affected repositories to provide findings and allow time for any desired fixes.
Contact: [email protected]
Research Repository: https://github.com/Haoyi-Zhang/GDPR-Bench-Android
Summary
Our analysis identified 150 potential GDPR violations in this codebase:
| GDPR Article | Count | Main Issue |
|---|---|---|
| Article 6 | 34 | No lawful basis for data collection |
| Article 32 | 31 | Security deficiencies |
| Article 5 | 29 | Lack of transparency |
| Article 25 | 23 | No privacy-by-design |
| Article 13 | 15 | Missing privacy notices |
| Others | 18 | Various issues |
Key Examples
1. Article 6 - Lawfulness of Processing
File: app/src/main/java/me/hawkshaw/test/MainActivity2.java:202
manager.openCamera(camerId, stateCallback, null);
Issue: Camera accessed without verifying lawful basis for processing.
2. Article 32 - Security of Processing
File: app/src/main/java/me/hawkshaw/test/MainActivity2.java:202
manager.openCamera(camerId, stateCallback, null);
Issue: No security measures documented for camera data processing.
3. Article 5 - Principles of Processing
File: app/src/main/java/me/hawkshaw/test/services/LocationService.java:78
LocationManager locationManager = (LocationManager) getSystemService(Context.LOCATION_SERVICE);
locationManager.requestLocationUpdates(LocationManager.GPS_PROVIDER, 0, 0, this);
Issue: Location tracking without transparency about purpose and retention.
4. Article 25 - Privacy by Design
File: app/src/main/java/me/hawkshaw/test/utils/NetworkUtil.java:123
URL url = new URL("http://example.com/upload");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
Issue: Unencrypted HTTP used for potentially sensitive data transmission.
5. Article 13 - Information to be Provided
File: app/src/main/AndroidManifest.xml:10-18
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
Issue: Sensitive permissions requested without privacy notice.
Recommendations
- Add consent dialogs before accessing camera, location, and microphone
- Implement HTTPS for all network communications
- Use EncryptedSharedPreferences for storing sensitive data
- Create privacy policy and display it to users
- Add purpose specification for each permission
- Implement data retention policies with automatic deletion
Your Feedback Matters
We understand this is a security research tool. Feel free to:
- Disagree with findings
- Request removal from our dataset
- Ask questions about specific violations
Contact: [email protected]
Thank you for your contribution to open-source.
