NCCoE NIST Cybersecurity Practice Guide, Mobile Device Security: Cloud and Hybrid Builds
was released on February 21, 2019. For ease of use, the draft guide is available to download or read in volumes:
- SP 1800-4a: Executive Summary
- SP 1800-4b: Approach, Architecture, and Security Characteristics
- SP 1800-4c: How-To Guides
https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/cloud-hybrid
HealthIT.gov – How Can You Protect and Secure Health Information When Using a Mobile Device?
Spanish DPA (AEPD): Analysis of Information Flows in Android – Tools for compliance with Accountability
The objectives of the study focus on:
- Defining the context and conceptual framework of the detection of the personal data communications in applications executed on an Android operating system.
- Demonstrating the elevated risk in the mobile application environment of leaks of personal data and the need to carry out an evaluation of data flows
- Studying the existing techniques for the detection and analysis of personal information flows in Android Applications.
https://www.aepd.es/media/estudios/estudio-flujos-informacion-android-en.pdf
Data quality and artificial intelligence (AI) – mitigating bias and error to protect fundamental rights
Zulässige Speicherfrist bei Bewerberdaten nach Abschluss des Bewerbungsverfahrens
Sieben Monate nach Abschluss des Verfahrens
https://www.dataprotect.at/2019/06/10/zul%C3%A4ssige-speicherfrist-bei-bewerberdaten-nach-abschluss-des-bewerbungsverfahrens/
Spanish DPA fine LaLiga 250,000 euros for a mobile app that uses microphone to find unlicensed soccer viewing in bars
.. without informing the users..
https://www.eldiario.es/tecnologia/Agencia-Proteccion-Datos-Liga-microfono_0_908859408.htm
Danish DPA fines IDesign S/A (a furniture company) ~200,000 EUR for data retention issues.
Hackers installed advanced backdoor on Android device
Advanced backdoor were pre-installed on Android devices before they left the factories in 2017.
https://arstechnica.com/information-technology/2019/06/google-confirms-2017-supply-chain-attack-that-sneaked-backdoor-on-android-devices/
Microsoft pulls open facial recognition dataset after Financial Times investigation
https://www.theverge.com/2019/6/7/18656800/microsoft-facial-recognition-dataset-removed-privacy
Privacy concerns, pictures were from public sources, – many data subjects not aware and didn’t consent.