CDD: Bluetooth Privacy Updates.
Tightened the Resolvable Private address requirement to protect
user privacy and avoid timing attacks.
BUG:148566806
Change-Id: I7ee26f8389821b1a299d0de977e20dc5a7b737fd
diff --git a/7_hardware-compatibility/7_4_data-connectivity.md b/7_hardware-compatibility/7_4_data-connectivity.md
index af33139..590dbd2 100644
--- a/7_hardware-compatibility/7_4_data-connectivity.md
+++ b/7_hardware-compatibility/7_4_data-connectivity.md
@@ -363,17 +363,16 @@
* [C-3-4] MUST report the correct value for
`BluetoothAdapter.isMultipleAdvertisementSupported()` to indicate
whether Low Energy Advertising is supported.
+* [C-3-5] MUST implement a Resolvable Private Address (RPA) timeout no longer
+ than 15 minutes and rotate the address at timeout to protect user privacy.
+ To prevent timing attacks, timeout intervals MUST also be randomized
+ between 5 and 15 minutes.
* SHOULD support offloading of the filtering logic to the bluetooth chipset
when implementing the [ScanFilter API](
https://developer.android.com/reference/android/bluetooth/le/ScanFilter.html).
* SHOULD support offloading of the batched scanning to the bluetooth chipset.
* SHOULD support multi advertisement with at least 4 slots.
-
-* [SR] STRONGLY RECOMMENDED to implement a Resolvable Private Address (RPA)
-timeout no longer than 15 minutes and rotate the address at timeout to protect
-user privacy.
-
If device implementations support Bluetooth LE and use Bluetooth LE for
location scanning, they:
