CDD: Clarify privacy requirement for bugreports.
Clarify that bugreports are covered by the following requirement:
MUST NOT preload or distribute software components out-of-box that send
user's private information off the device without the user's consent or
clear ongoing notifications.
Bug: 132458597
Test: N/A
Change-Id: I4d1732bb45153e5eccce1964437f9bdf25350d54
diff --git a/9_security-model/9_8_privacy.md b/9_security-model/9_8_privacy.md
index 89371cd..bfd0e64 100644
--- a/9_security-model/9_8_privacy.md
+++ b/9_security-model/9_8_privacy.md
@@ -30,8 +30,8 @@
* [C-0-1] MUST NOT preload or distribute software components out-of-box that
send the user's private information (e.g. keystrokes, text displayed on the
- screen) off the device without the user's consent or clear ongoing
- notifications.
+ screen, bugreport) off the device without the user's consent or clear
+ ongoing notifications.
If device implementations include functionality in the system that captures
the contents displayed on the screen and/or records the audio stream played