Thread looking at the app starting now https://twitter.com/Q3w3e3/status/1293650546260353024">https://twitter.com/Q3w3e3/st...
Let& #39;s start with the manifest... that should give a decent overview.
bluetooth "admin" just means the app can discover and pair devices... but NOT without user interaction (that would be "android.permission.BLUETOOTH_PRIVILEGED" and that cannot be done by third party apps.
before i go further... this is going here for safekeeping:
endpoint: & #39; https://sns.us-west-2.amazonaws.com"> https://sns.us-west-2.amazonaws.com & #39;,
accessKeyId: & #39;[REMOVED FOR REASONS]& #39;,
secretAccessKey: & #39;[REMOVED FOR REASONS]& #39;,
region: & #39;us-west-2& #39;
accessKeyId: & #39;[REMOVED FOR REASONS]& #39;,
secretAccessKey: & #39;[REMOVED FOR REASONS]& #39;,
region: & #39;us-west-2& #39;
When i say reasons @albioncollege and @albioncollegeit I mean that these keys in the app exposes..... New Case info... testing info... and medical insurance info...
please... PLEASE consider not using this app..
please... PLEASE consider not using this app..
"The application will rapidly deliver results from our lab partners while maintaining HIPAA compliance."
I& #39;m not convinced
I& #39;m not convinced
like with those keys... someone can own *everything* that belongs to this app...
even the EC2 instances it runs on...
THIS IS NOT SAFE
even the EC2 instances it runs on...
THIS IS NOT SAFE
There is likely PII accessible with this shit....
how do i report a hipaa violation?