Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice

@article{Papageorgiou2018SecurityAP,
  title={Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice},
  author={Achilleas Papageorgiou and Michael Strigkos and Eugenia A. Politou and Efthimios Alepis and Agusti Solanas and Constantinos Patsakis},
  journal={IEEE Access},
  year={2018},
  volume={6},
  pages={9390-9403}
}
Recent advances in hardware and telecommunications have enabled the development of low cost mobile devices equipped with a variety of sensors. As a result, new functionalities, empowered by emerging mobile platforms, allow millions of applications to take advantage of vast amounts of data. Following this trend, mobile health applications collect users health-related information to help them better comprehend their health status and to promote their overall wellbeing. Nevertheless, health… 
How Secure Is Your Mobile Health?
Research suggests that the interactions between a patient and a health professional through an mHealth app (a mobile health application), can improve the efficiency and quality of healthcare.
Analyzing security issues of android mobile health and medical applications
TLDR
A first large-scale analysis of mobile health (mHealth) apps available on Google Play is conducted, providing a comprehensive view of mHealth apps' security features and gauging the associated risks for mHealth users and their data.
Are PETs (Privacy Enhancing Technologies) Giving Protection for Smartphones? - A Case Study
TLDR
This study has conducted an evaluation of the most popular privacy apps from their total collection of five hundred and twelve to demonstrate their functionality specific data protections they are claiming to offer, both technologically and conventionally, measuring up to standards.
Security Awareness of End-Users of Mobile Health Applications: An Empirical Study
TLDR
The results reveal that despite having the required knowledge, end-users lack appropriate behaviour, i.e., reluctance or lack of understanding to adopt security practices, compromising health-critical data with social, legal, and financial consequences.
Automated Security Assessment Framework for Wearable BLE-enabled Health Monitoring Devices
TLDR
A new semi-automated framework is proposed that can be used to identify and discover both known and unknown vulnerabilities in WHMDs, which are vulnerable to a number of attacks, including eavesdropping, data manipulation, and denial of service attacks.
Security and Privacy of mHealth Applications: A Scoping Review
TLDR
This work consolidates recent research on security and privacy evaluation techniques and frameworks that have been proposed for mHealth applications, as well as relevant research-based design recommendations to support researchers, app designers, end users, and healthcare professionals in designing, evaluating, recommending and adopting m health applications.
End-Users' Knowledge and Perception about Security of Mobile Health Apps: An Empirical Study
TLDR
This research investigates human-centric knowledge based on empirical evidence and provides a set of guidelines to develop secure and usable mHealth apps.
A Fog Computing Solution for Context-Based Privacy Leakage Detection for Android Healthcare Devices
TLDR
This work designs the security and privacy protection framework based on the fog computing to improve tele-health and tele-medicine infrastructure and proposes a context-based privacy leakage detection method based onThe combination of dynamic and static information.
A Developer Driven Framework for Security and Privacy in the Internet of Medical Things
TLDR
A framework aimed at developers in small to medium enterprises, to assist in meeting regulatory requirements for security and privacy of data in flow in the IoMT, that expands on the basic established threat modeling steps and provides a foundation for the administration of a data protection impact assessment.
...
...

References

SHOWING 1-10 OF 30 REFERENCES
Security and Privacy Issues Related to the Use of Mobile Health Apps
TLDR
This project involves a systematic literature review and a comparative analysis of the 20 most popular mHealth apps to identify a set of risk and safe features that can assist consumers in the selection of mHealthapps and provide guidelines for the development of m health apps with appropriate security and privacy measures.
Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android
TLDR
In order to foster user acceptance and trust, appropriate security measures and processes need to be devised and employed so that users can benefit from seamlessly accessible, tailored mHealth apps without exposing themselves to the serious repercussions of information security and privacy infringements.
SoK: Privacy on Mobile Devices – It’s Complicated
TLDR
This work surveys the numerous components of mobile devices, giving particular attention to those that collect, process, or protect users’ private data, and suggests that abstracted complexity is the major cause of many privacy-related vulnerabilities.
Security testing for Android mHealth apps
  • Konstantin Knorr, D. Aspinall
  • Computer Science, Medicine
    2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW)
  • 2015
TLDR
This paper proposes a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain, and applies it to apps for managing hypertension and diabetes.
On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps
TLDR
This study investigates 154 apps from Android app stores using both automatic code and metadata analysis and a manual analysis of functionality and data leakage on hypertension and diabetes, two common health conditions that require careful tracking of personal health data.
Analysis of Privacy and Security Exposure in Mobile Dating Applications
TLDR
The findings indicate that a malicious user could easily obtain significant amounts of fine-grained personal information about users.
Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment
TLDR
Systematic gaps in compliance with data protection principles in accredited health apps question whether certification programs relying substantially on developer disclosures can provide a trusted resource for patients and clinicians.
Security Concerns in Android mHealth Apps
TLDR
Three studies of the mHealth apps in Google Play are presented that show that m health apps make widespread use of unsecured Internet communications and third party servers, suggesting that increased use of mHealthapps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data.
Availability and quality of mobile health app privacy policies
TLDR
The findings show that currently mHealth developers often fail to provide app privacy policies, and the privacy policies that are available do not make information privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself.
Why eve and mallory love android: an analysis of android SSL (in)security
TLDR
An analysis of 13,500 popular free apps downloaded from Google's Play Market revealed that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks, and MalloDroid is introduced, a tool to detect potential vulnerability againstMITM attacks.
...
...