Mobile App
Apps collect more data than websites — and the rules are stricter.
Mobile apps access device sensors, location data, push notifications, and app store ecosystems — each with its own regulatory implications beyond standard web compliance.
Realitätscheck
Does your app's privacy policy cover all data collected by third-party SDKs you've integrated?
GDPR (General Data Protection Regulation)
mandatory Art. 5(1)(c), Art. 6, Art. 7, Art. 25Ihre Pflichten
- Consent before accessing device features (camera, location)
- Privacy policy accessible before first use
- App store privacy labels must match actual processing
- DPAs with all SDK providers (analytics, crash reporting)
- Data minimisation — only collect what's necessary
SiteGuardian überwacht dies
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Risiko bei Nichteinhaltung
App store removal for privacy violations. Class action lawsuits (noyb-style complaints). Fines per user affected.
ePrivacy Directive (Cookie Consent)
mandatory Art. 5(3)Ihre Pflichten
- Consent for device storage access (equivalent to cookies)
- Consent for advertising identifiers (IDFA/GAID)
- No tracking without explicit opt-in
SiteGuardian überwacht dies
- Pre-consent cookie and tracker detection
- Cookie banner presence and configuration analysis
- Reject option validation
- Consent mode compatibility check
Risiko bei Nichteinhaltung
Apple/Google ATT enforcement. CNIL fines for app tracking without consent (multiple €M penalties in 2023-2024).
Cyber Resilience Act (CRA)
conditional Art. 10, Art. 11, Art. 13Ihre Pflichten
- Security by design for products with digital elements
- Vulnerability handling and disclosure obligations
- Security updates for the product's expected lifetime
- Software Bill of Materials (SBOM) provision
SiteGuardian überwacht dies
- TLS version and cipher suite monitoring
- Security headers enforcement checks
- Certificate chain and expiry validation
Risiko bei Nichteinhaltung
Products banned from EU market. Fines up to €15M or 2.5% of global turnover.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31Ihre Pflichten
- Mobile app accessibility (VoiceOver/TalkBack support)
- Touch target sizes per WCAG 2.2
- Accessible gestures and alternative input methods
SiteGuardian überwacht dies
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Risiko bei Nichteinhaltung
App store accessibility requirements increasing. Legal complaints under national EAA laws from June 2025.
Betrifft Sie das?
Wenn Sie 2 oder mehr mit Ja beantworten, gelten diese Vorschriften sehr wahrscheinlich für Ihr Unternehmen.
Sehen Sie, wo Sie stehen
Unser kostenloser Scanner prüft die Sicherheitslage Ihrer Website, SSL, Header, E-Mail-Authentifizierung und mehr. Kein Konto erforderlich.
Scan your app's backend securityDiese Seite bietet allgemeine Informationen zu EU-Regulierungsrahmen. Sie stellt keine Rechtsberatung dar. Wenden Sie sich für eine auf Ihre Situation zugeschnittene Beratung an einen qualifizierten Rechtsanwalt. SiteGuardian dokumentiert Ihr Monitoring kontinuierlich — Compliance liegt in der Verantwortung Ihrer Organisation.