Audits and Compliance
To date there hasn’t been much in the way of the industry converging on a set of mobile security compliance standards that developers have to follow. The PCI guidelines are not mandatory—they are still just guidelines. The HIPAA requirements that we covered in Chapter 1 are not written for mobile security—it would be safe to say that they were written for a different era, where medical software amounted to client/server applications running on desktop PCs locked in a medical office. But even though HIPAA has not caught up the technology they still apply to smartphones, which in many cases have no physical barriers to accessing an end user’s device.
We looked at the HIPAA technical requirements at the beginning of this book. ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
