Project Mitt ARV

Mobile Applicaton Penetration Testing.

Scroll

Image

Project Type Mobile Application Security
Client Mitt Arv
Project Description Overview: Analyzed the "Mitt ARV" app for security and privacy issues, focusing on how it handles sensitive user data. Key Issues Found:

Unsecured Data: Sensitive data like personal info and financial details were not properly encrypted.

Excessive Data Collection: The app collected more data than needed, violating privacy guidelines.

No HTTPS: Some data was sent over insecure HTTP, risking exposure during transmission.

Regulatory Non-compliance: The app did not fully meet GDPR/CCPA requirements for user data access and deletion.

Fixes Implemented:

Data Encryption: Secured sensitive data with strong encryption (AES-256) and enforced HTTPS.

Data Minimization: Limited data collection to only what's necessary and got explicit user consent.

Compliance Updates: Added features for users to access, modify, or delete their data and created a data breach response plan.

Result:

Enhanced app security, better compliance with privacy laws, and improved protection of user data.