On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps

Abstract : Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions. In this paper, we examine whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We investigate 154 apps from Android app stores using both automatic code and metadata analysis and a manual analysis of functionality and data leakage. Our study focuses on hypertension and diabetes, two common health conditions that require careful tracking of personal health data.We find that many apps do not provide privacy policies or safe communications, are implemented in an insecure fashion, fail basic input validation tests and often have overall low code quality which suggests additional security and safety risks. We conclude with recommendations for App Stores, App developers, and end users.
Type de document :
Communication dans un congrès
Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.571-584, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_38〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01345147
Contributeur : Hal Ifip <>
Soumis le : mercredi 13 juillet 2016 - 11:16:00
Dernière modification le : jeudi 26 octobre 2017 - 16:34:02

Fichier

337885_1_En_38_Chapter.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Konstantin Knorr, David Aspinall, Maria Wolters. On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps. Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.571-584, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_38〉. 〈hal-01345147〉

Partager

Métriques

Consultations de la notice

82

Téléchargements de fichiers

11