Fingerprinting smartphone devices (using sensors, etc) – globally unique, survives reset
https://www.lightbluetouchpaper.org/2019/05/21/calibration-fingerprint-attacks-for-smartphones/Free mobile app scanning services
More free mobile application scanning services
Dutch DPA: SELECTION FROM DPA INVESTIGATION NIKE+ RUNNING APP
GSMA Privacy Design Guidelines for mobile app development
NHS mobile app assessment questions
USA: FTC: Mobile Health Apps Interactive Tool
Careful as this is US-specific.
https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-apps-interactive-tool
Norwegian DPA files complaint against Grindr mobile app data sharing (HIV status, ..)
https://fil.forbrukerradet.no/wp-content/uploads/2018/04/2018-04-03-complaint-grindr.pdf
Quote:
[..] “Insufficient consent
According to the SINTEF report, Grindr shares personal data with different of third parties.
When a user registers a user account in Grindr, the app asks for consent to the terms of service in whole, without individual elements being emphasized or singled out (see attached picture).
In the view of the Consumer Council, information about sensitive personal data being shared with third parties should not be hidden away in long terms of service and privacy policies. The Consumer Council cannot see that Grindr fulfill the conditions for gathering an informed and explicitly given consent.
During the process of registration and inside the app, there is no further description of how data may be shared, other than what is hidden away in the terms of service and privacy policy. There is also no separate consent for sharing sensitive personal data with third parties.
The app does not provide an opportunity to not share personal data with third parties.”
[..]
Paper “Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps”
Paper “Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps”
by Jinyan Zang, Krysta Dummit, James Graves, Paul Lisker, and Latanya Sweeney
UK: IoT security-by-design report and draft Code of Practice (devices, IoT, mobile apps)
“The report and draft Code of Practice advocates a fundamental shift in approach to moving the burden away from consumers having to secure their devices and instead ensure strong cyber security is built into consumer IoT products by design.
The draft Code of Practice for industry contains 13 practical steps to improve the cyber security of consumer IoT.”
Audience of the draft CoP is Device Manufacturers, IoT Service Providers, and Mobile Application Developers (!)
https://www.enisa.europa.eu/news/member-states/uk-government-published-security-by-design-report
[GMV Blog] US Regulation of mobile apps – case studies
Quick introduction with some examples
https://www.gmv.com/blog_gmv/regulation-of-mobile-apps-part-1-regulation-in-the-usa/