mobile apps – Privacy Design® / [protecting people by good design, solid security, efficient processes and trusted services] Fri, 18 Sep 2020 08:29:48 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 /wp-content/uploads/2018/02/cropped-favicon-32x32.jpg mobile apps – Privacy Design® / 32 32 California: AG settlement with Fertility App company /2020/09/18/california-ag-settlement-with-fertility-app-company/ Fri, 18 Sep 2020 20:05:04 +0000 /?p=2345 Continue reading "California: AG settlement with Fertility App company"

]]> Xavier Becerra: ” Today’s settlement is a wake up call not just for Glow, but for every app maker that handles sensitive private data.”

Landmark settlement against GlowHQ – a fertility app that had serious privacy and security failures that risked exposing millions of women’s medical information.

As part of the settlement, Glow will be required to:

  • incorporate privacy and security design principles into its mobile apps,
  • get consent from users before sharing private information,
  • and allow users to revoke previously granted consent.

https://oag.ca.gov/news/press-releases/attorney-general-becerra-announces-landmark-settlement-against-glow-inc-%E2%80%93

Link to settlement: https://oag.ca.gov/sites/default/files/2020%2009-17%20-%20People%20v%20Upward%20Labs%20-%20Stipulation.pdf

Link to complaint: https://oag.ca.gov/sites/default/files/2020%2009-17%20-%20People%20v%20Upward%20Labs%20-%20Complaint.pdf

]]> New Health Apps Section on HHS.gov/HIPAA /2020/09/03/new-health-apps-section-on-hhs-gov-hipaa/ Thu, 03 Sep 2020 06:30:47 +0000 /?p=2274 Continue reading "New Health Apps Section on HHS.gov/HIPAA"

]]> OCR launched a new feature on HHS.gov, titled Health Apps. This new webpage takes the place of OCR’s previous Health App Developer Portal, and is available at https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html.

The new webpage highlights OCR’s guidance on when and how the Health Insurance Portability and Accountability Act (HIPAA) regulations apply to mobile health applications, including:

]]> 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System /2019/07/11/50-ways-to-leak-your-data-an-exploration-of-apps-circumvention-of-the-android-permissions-system/ Thu, 11 Jul 2019 20:59:29 +0000 /?p=950 Paper https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf

]]> CreditVidya’s Sai Baba app Was Made To Spy On Your Phone For Credit Ratings /2019/07/11/creditvidyas-sai-baba-app-was-made-to-spy-on-your-phone-for-credit-ratings/ Thu, 11 Jul 2019 20:54:42 +0000 /?p=942 https://www.huffingtonpost.in/entry/fintech-apps-privacy-snooping-credit-vidya_in_5d1cbc34e4b082e55373370a

]]> HIPAA OCR Health Mobile App Developer Portal /2019/06/13/hipaa-ocr-health-mobile-app-developer-portal/ Thu, 13 Jun 2019 21:26:54 +0000 /?p=897 https://hipaaqsportal.hhs.gov/

]]> xcertia mhealth mobile app guidelines /2019/06/13/xcertia-mhealth-mobile-app-guidelines/ Thu, 13 Jun 2019 21:25:46 +0000 /?p=895 https://xcertia.org/the-guidelines/ 

]]> NCCoE NIST Cybersecurity Practice Guide, Mobile Device Security: Cloud and Hybrid Builds /2019/06/13/nccoe-nist-cybersecurity-practice-guide-mobile-device-security-cloud-and-hybrid-builds/ Thu, 13 Jun 2019 21:24:47 +0000 /?p=893 was released on February 21, 2019. For ease of use, the draft guide is available to download or read in volumes:

  • SP 1800-4a: Executive Summary
  • SP 1800-4b: Approach, Architecture, and Security Characteristics
  • SP 1800-4c: How-To Guides

https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/cloud-hybrid

]]> HealthIT.gov – How Can You Protect and Secure Health Information When Using a Mobile Device? /2019/06/13/healthit-gov-how-can-you-protect-and-secure-health-information-when-using-a-mobile-device/ Thu, 13 Jun 2019 21:22:36 +0000 /?p=891 https://archive.healthit.gov/providers-professionals/how-can-you-protect-and-secure-health-information-when-using-mobile-device

]]> Spanish DPA (AEPD): Analysis of Information Flows in Android – Tools for compliance with Accountability /2019/06/13/spanish-dpa-aepd-analysis-of-information-flows-in-android-tools-for-compliance-with-accountability/ Thu, 13 Jun 2019 21:20:59 +0000 /?p=889 Continue reading "Spanish DPA (AEPD): Analysis of Information Flows in Android – Tools for compliance with Accountability"

]]>

The objectives of the study focus on:

  • Defining the context and conceptual framework of the detection of the personal data communications in applications executed on an Android operating system.
  • Demonstrating the elevated risk in the mobile application environment of leaks of personal data and the need to carry out an evaluation of data flows
  • Studying the existing techniques for the detection and analysis of personal information flows in Android Applications.

https://www.aepd.es/media/estudios/estudio-flujos-informacion-android-en.pdf

]]> HHS Clarifies HIPAA Liability Around Third-Party Health Apps /2019/06/05/hhs-clarifies-hipaa-liability-around-third-party-health-apps/ Wed, 05 Jun 2019 20:26:01 +0000 /?p=819 Continue reading "HHS Clarifies HIPAA Liability Around Third-Party Health Apps"

]]> Interesting article that tries to summarize some of the latest HHS guidance. Includes “If the individual’s app – chosen by an individual to receive the individual’s requested ePHI – was not provided by or on behalf of the covered entity (and, thus, does not create, receive, transmit, or maintain ePHI on its behalf), the covered entity would not be liable under the HIPAA Rules for any subsequent use or disclosure of the requested ePHI received by the app,” officials explained.

https://healthitsecurity.com/news/hhs-clarifies-hipaa-liability-around-third-party-health-apps

]]>