Email and Phone Fields Not Obfuscated in profileDiff Response

[lakshayman]

Issue Description

The profileDiff response returns the user's email and phone fields without obfuscation. This exposes sensitive information to the client, leading to privacy and security issues.

Expected Behavior

The email and phone fields in the profileDiff response should be obfuscated (masked) to protect sensitive user information before being returned to the client.

Current Behavior

Currently, the email and phone fields are returned as plain text in the profileDiff response, without obfuscation, potentially exposing sensitive data.

Screenshots

(No screenshots available as this is a backend issue)

Reproducibility

• This issue is reproducible
• This issue is not reproducible

Steps to Reproduce

1. Fetch the profileDiff of a user that contains an email and phone.
2. Observe that the email and phone are returned in plain text in the response, without any obfuscation.

Severity/Priority

• Critical
• High
• Medium
• Low

Additional Information

This issue affects the privacy of user data and needs to be addressed promptly to ensure compliance with data privacy standards.

Checklist

• I have read and followed the project's code of conduct.
• I have searched for similar issues before creating this one.
• I have provided all the necessary information to understand and reproduce the issue.
• I am willing to contribute to the resolution of this issue.