Unsecured Data: Sensitive data like personal info and financial details were not properly encrypted.
Excessive Data Collection: The app collected more data than needed, violating privacy guidelines.
No HTTPS: Some data was sent over insecure HTTP, risking exposure during transmission.
Regulatory Non-compliance: The app did not fully meet GDPR/CCPA requirements for user data access and deletion.
Fixes Implemented:Data Encryption: Secured sensitive data with strong encryption (AES-256) and enforced HTTPS.
Data Minimization: Limited data collection to only what's necessary and got explicit user consent.
Compliance Updates: Added features for users to access, modify, or delete their data and created a data breach response plan.
Result:Enhanced app security, better compliance with privacy laws, and improved protection of user data.