CDD: Require 15-min rotation of BLE RPA

As more and more apps might scan for beacons with Bluetooth Low
Energy (BLE), it is important for the end user's privacy to
implement Resolvable Private Address (RPA) rotation policy to
rotate the address at least every 15 minutes.

Bug: 24359397
Change-Id: Ib85cb9d012aba944f7f237660bed920a7cc35fa5
diff --git a/src/compatibility/android-cdd.html b/src/compatibility/android-cdd.html
index d0487dc..9869f19 100644
--- a/src/compatibility/android-cdd.html
+++ b/src/compatibility/android-cdd.html
@@ -3503,6 +3503,8 @@
   <li>MUST declare the hardware feature android.hardware.bluetooth_le.</li>
   <li>MUST enable the GATT (generic attribute profile) based Bluetooth APIs as
 described in the SDK documentation and [<a href="">Resources, 82</a>].</li>
+  <li>MUST implement a Resolvable Private Address (RPA) timeout no longer than
+15 minutes, and rotate the address at timeout to protect user privacy.</li>
   <li>SHOULD support offloading of the filtering logic to the bluetooth chipset when
 implementing the ScanFilter API [<a href="">Resources, 83</a>], and MUST report the correct value of where the filtering logic is implemented whenever queried via the
 android.bluetooth.BluetoothAdapter.isOffloadedFilteringSupported() method.</li>