I'm not even asking for stuff like network whitelisting. That'd be nice of course, but if you want that level of control you can root your phone and stick a firewall on it and achieve that goal. I'm talking more about the fact that it'd be nice for the app to be able to identify my phone without identifying me, or to create an account without having carte blanche to all the accounts I already have, just some really basic crap so that complete strangers can't lift my telephone number.
It'd also be nice if Google's own apps weren't the permission hungriest of them all. It'd be nice if you could say that a Google app asking for access to your SMS messages was suspicious, but it's not, Hangouts not only asks for that permission it frequently pops up alerts trying to convince you to let it take complete control of SMS messaging on your phone.
I'm attempting to make a point about the privacy of medical information and the way most people don't really understand it. Your point about your telco spying on you isn't really all that interesting so there wasn't much to say about it. They can already collect the information from the existing sensors if for some reason they wanted to whether you installed a medical app or not and unless the medical app was deliberately sharing with your Telco relatively trivial security mechanisms would stop them from getting anything from any additional sensors. The information isn't really all that interesting to them in isolation and doesn't give them much about you they couldn't already have gathered from information available to them.
The reason I was discussing what I was discussing is because if you're going to start having tin foil hat fantasies about your medical privacy it's important to actually understand the level of privacy you actually have and what that information actually is.
Digital music isn't going to be replacing instrumental artists any time soon, quite possibly it may never be even capable of doing so. Folks like Yo Yo Ma or the various orchestras are going to be able to make a living for a long time yet.
The problem is that digital music very much is replacing and will continue to replace commercial instrumental musicians, which are the vast majority of musicians actually able to earn a living from their craft. These folks are screwed. In the long term this may mean that there are far fewer instrumental artists simply because the chances of making a living from performance have become so small that no one bothers anymore.
The bigger problem is the really poor security options available on Android apps with somewhat ridiculously broad security rights. Most apps will ask to read phone identity simply because the need to be able to identify the device on which the app is installed, but the security grant for phone identity gives a whole crapload more than that. Manage accounts is another good one where in order for an app to actually store its own accounts it needs access to all the accounts.
Add to that the fact that Google themselves have been constantly trying to take over your SMS with bloody Hangouts and it's not really that surprising that folks don't really understand the permissions they are granting.
The point is that health information needs to be available to the people who actually need it. In every jurisdiction I have ever worked in your privacy comes second to the doctor, the nurse, catering staff's ability to not kill you. In most places you'll actually have a consent form which will allow them to share this information with additional third parties, but the number of people they don't need that consent for is actually fairly high.
For one, obviously your health insurance company also needs all your medical information, or at least all the medical information you expect them to pay for and they will share that information with whoever they share it with based on the agreement you have with them, which will in all likelihood be any number of people.
The government gets at least deidentified data for the purposes of hospital resourcing and health analysis(that is to say they may not know you went in for a procedure, but they know someone did). If the government is either your hospital provider(public hospital) or your health insurer(public health care) they obviously get significantly more than this as they get the information that those two roles would require.
Law enforcement is slightly more questionable, but its one of those situations where it starts legitimately. As an example, it makes sense that if you are arrested and have a mental illness or other significant impairment that the police who have arrested you are aware of that information so that they can take appropriate steps to ensure that you have the support you need so that your rights are not violated. The difficulty of course is that for a number of reasons which we won't get into here, the police cannot always be trusted to have your best interests at heart.
Your health information is private, but not exactly in the sense that most people believe. In theory we would only share information with the people who need that information when they need that information, but there's really no practical way to make that happen and in general the health care industry tends to be biased towards choices which involve patients not dying as opposed to ones which necessarily fully respect their rights. This is why if you don't have a legally implemented living will or the doctor is not aware of your living will they will resuscitate you against your wishes.
I hate to break it to you, but your health care data isn't anywhere near as private as you think it is.
That's not to say that it's being shared improperly or that it's particularly insecure, merely the fact that the number of people who have perfectly legitimate access to your health care information. We all treat health information like it's some sort of deep dark secret, but all the legislation is quite sensibly based around allowing medical professionals to actually do their jobs. Then of course the people who pay your bills need to know what you were treated for so your insurance company knows. Depending on what you were treated for the state or federal government may or may not be notified and the information they are provided with may or may not be deidentified(for whatever that's worth). You might even see law enforcement or social services notified under certain circumstances, all perfectly legally and perfectly legitimately.
Given that there are about a thousand different mechanisms available to keep you warm which are more energy efficient than an incandescent bulb all of which you can actually turn off when summer comes round, get stuffed.
There are two pieces to the level of punishment a person receives, severity and the number of offenses.
In this case even if you believe what he did was minor, he's done it a crap load of times. If I punch someone in the face I should obviously get a lesser degree of punishment than if I murder someone, but what if I punch 10 people in the face, 100, 1000? If you gave this guy a day for every image on his site it adds up to over 27 years.
I'm fortunately on the coding side these days so I don't have to re-certify all that much anymore, but that also gives me a certain amount of perspective on the impact of change. Even assuming that the information in the issue tracker is complete, which it almost certainly isn't, you're just fooling yourself. The folks who wrote the code don't really understand all the implications of the changes they made and the details in the issue tracker aren't anywhere close. The only thing a change log will ever do is tell you that it will definitely break.
Your compliance process is wildly optimistic.
Even if you had full source code and the change sets you wouldn't be able to guarantee no breaking changes. Either something is mission critical in which case it needs to be re-certified or it's not and it probably doesn't.
It's not atrocious, but hardware support for H.264 is ubiquitous. Even the shittiest mobile devices have had it built in for years. You'd be hard pressed to justify a switch even if VP9 was 6.2% better, let alone 6.2% worse.
It might be inflexible design, but it works really really well. A general purpose chip like the one you propose would be several orders of magnitude more expensive, use significantly more power and would probably still deliver inferior results.
Nope, this stuff is spying, this is regular old SIGINT, not metadata collection. You know how you can tell, there's a crap tonne of evidence.
The OP's problem is that the developers aren't really part of the IT department. If he had 5 support staff available he'd be over staffed, but that's not what he's got. Having developers do basic support basically shatters their productivity to the extent that the 4 guys they have working in that department are probably actually accomplishing less than 50% of the workload they should be able to manage. The current mess is a lose lose situation.