was released on February 21, 2019. For ease of use, the draft guide is available to download or read in volumes:
- SP 1800-4a: Executive Summary
- SP 1800-4b: Approach, Architecture, and Security Characteristics
- SP 1800-4c: How-To Guides
The objectives of the study focus on:
- Defining the context and conceptual framework of the detection of the personal data communications in applications executed on an Android operating system.
- Demonstrating the elevated risk in the mobile application environment of leaks of personal data and the need to carry out an evaluation of data flows
- Studying the existing techniques for the detection and analysis of personal information flows in Android Applications.
Interesting article that tries to summarize some of the latest HHS guidance. Includes “If the individual’s app – chosen by an individual to receive the individual’s requested ePHI – was not provided by or on behalf of the covered entity (and, thus, does not create, receive, transmit, or maintain ePHI on its behalf), the covered entity would not be liable under the HIPAA Rules for any subsequent use or disclosure of the requested ePHI received by the app,” officials explained.
Fingerprinting smartphone devices (using sensors, etc) – globally unique, survives resethttps://www.lightbluetouchpaper.org/2019/05/21/calibration-fingerprint-attacks-for-smartphones/