Requesting permissions that grant access to sensitive device capabilities or personal data beyond what an application strictly needs exposes users to unnecessary privacy risks.
Some permissions grant access to device capabilities and personal data that have a significant impact on user privacy, such as precise location, camera, microphone, and file storage. When an application requests these permissions beyond what its functionality strictly requires, it collects or gains access to personal information unnecessarily.
This rule highlights intrusive permissions when requested with the browser Permissions API and specific APIs related to the permission. It is highly recommended to customize this rule with the permissions considered as intrusive in the context of the web application.
When an application holds unnecessary permissions, it has access to personal data or device capabilities beyond what it needs to function. This excess access increases the risk of privacy violations: if the application behaves maliciously or is compromised, the additional permissions can be exploited to track users, capture sensitive media, or access private files.
navigator.permissions.query({name:"geolocation"}).then(function(result) { // Noncompliant: geolocation is a powerful feature with high privacy concerns
});
navigator.geolocation.getCurrentPosition(function(position) { // Noncompliant: geolocation is a powerful feature with high privacy concerns
console.log("coordinates x="+position.coords.latitude+" and y="+position.coords.longitude);
});
If geolocation is required, always explain to the user why the application needs it and prefer requesting an approximate location when possible:
<html>
<head>
<title>
Retailer website example
</title>
</head>
<body>
Type a city, street or zip code where you want to retrieve the closest retail locations of our products:
<form method=post>
<input type=text value="New York">
</form>
</body>
</html>