Mobile Apps

Assess Mobile App Privacy Risks to help meet GDPR, CCPA and other regulatory compliance requirements

Mobile Application Privacy Testing (MAPT)

Arrka Mobile App Privacy Testing

Global privacy regulations like the General Data Protection Regulation (GDPR) and  the California Consumer Privacy Act (CCPA) have turned the focus on the significant Privacy intrusion that takes place viaMobile Apps. Since most of the Personal Data captured by Mobile Apps is ‘below the surface’, a user is often in the dark.

What is of even greater concern is that many organizations also remain in the dark about what Data Privacy transgressions their own Mobile Apps are indulging in – the dangerous permissions they are taking, the 3rd party SDKs that are embedded in the App, the cross border transmission of personal data that is taking place via the app, etc. Lack of this detailed technical understanding coupled with missing standards further contribute to this problem. However, this can be a costly oversight – given the stringent requirements of laws like GDPR.

Arrka’s Mobile App Privacy Testing (MAPT) solution helps organizations address this very problem. The solution assessesaMobile App’s compliance to Privacy Regulationslike the GDPR, CCPA, Singapore PDPA and a host of others. The solution scans for dangerous permissions, 3rd party SDKs embedded in the app, data sharing with unknown 3rd Parties& the security of personal data in the App. This provides an organization’sprivacy and mobile app development teams visibility into  the App’s complianceto regulatory requirements and lays the foundation to achieve “Privacy By Design”. Companies can export visual reports to help business units and developers gain an understanding of the app’s “privacy health.”

 

For further details, do contact us

Scans for Dangerous Permissions

 Dangerous Permissions

Dangerous Permissionsenable Mobile Appsto collect highly sensitive Personal Data from an individual’s mobile device, thereby potentially compromising the privacy of the individual. Arrka’s solution identifiesthe dangerous permissions collected by the App and provides benchmarks against industry peers.

Our proprietary Permission to Function (P2F) Index highlights excess permissions based on the App functionality

Scan for 3rd Parties & Cross Border Transfers

Data Sharing with 3rd Parties

Arrka’s solution identifies the embedded third parties (via their SDKs) and the specific category or type of third party it is, thereby letting the organization know with whom the Mobile App is sharing data and therefore the privacy risks, if any, associated with the same. It then benchmarks this against industry peers.

Cross Border Transfers

Further, the solution also provides a list of countries outside of the base country that the data is being transmitted to. This enables the organization to check where this impacts cross border data transfer requirements of various laws and regulations and institute the requisite controls in place

The solution also highlights uncommon third parties and high-risk countries which needs to be looked into in more detail.

Scan for Data Security

 Data Security is an important aspect of Privacy and is a feature in all Privacy Regulations. Arrka’s MAPT solution arrives at a Security score based on  whether Data is stored in the App in a Secure manner, data is transmitted in a safe manner (encryption), and whether secure coding practices are followed based on the latest security incidents. The solution also tests if any  Personal data is processed post App uninstallation.

Scan for Transparency

The concept of transparency is a major requirement  across global privacy regulations.  The solution assesses the accurate declaration of privacy practices by the Mobile App as well as the accessibility and readability of the declaration. The solution also assesses whether usersare provided with legitimate choices that they can exerciseand whether consent is elicited  for all critical privacy impacting activities.

Assess User Rights Provisions

User Rights Provisions

The concept of User Rights provisions has evolved over the years. Over and above the basic data access and rectification rights, GDPR has come up with a  host of other user rights provisions. The solution assesses whether the user has been informed of their rights and alsoif the process of availing those rights have been clearly communicated to the user and is functional.

Benchmarking with Industry

Industry Benchmarks

Arrka has been an industry thought leader in the area of Mobile App Privacy. We have published two editions of the State of Data Privacy of Mobile Apps report. As part of the Study, we have collected Benchmarking data on Privacy parameters covering Indian and global organizations across multiple sectors. The Arrka study has shed light on inter-sector and intra-sector variation in Privacy metrics. Arrka’s MAPT customers have access to the detailed benchmarks and benefit from the insights on where they stand vis-à-vis their peer group on Privacy metrics.