Analyzing security issues of android mobile health and medical applications

Gioacchino Tangari, Muhammad Ikram*, I. Wayan Budi Sentana, Kiran Ijaz, Mohamed Ali Kaafar, Shlomo Berkovsky

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Objective: We conduct a first large-scale analysis of mobile health (mHealth) apps available on Google Play with the goal of providing a comprehensive view of mHealth apps' security features and gauging the associated risks for mHealth users and their data.

Materials and Methods: We designed an app collection platform that discovered and downloaded more than 20 000 mHealth apps from the Medical and Health & Fitness categories on Google Play. We performed a suite of app code and traffic measurements to highlight a range of app security flaws: certificate security, sensitive or unnecessary permission requests, malware presence, communication security, and security-related concerns raised in user reviews.

Results: Compared to baseline non-mHealth apps, mHealth apps generally adopt more reliable signing mechanisms and request fewer dangerous permissions. However, significant fractions of mHealth apps expose users to serious security risks. Specifically, 1.8% of mHealth apps package suspicious codes (eg, trojans), 45.0% rely on unencrypted communication, and as much as 23.0% of personal data (eg, location information and passwords) is sent on unsecured traffic. An analysis of the app reviews reveals that mHealth app users are largely unaware of the surfaced security issues.

Conclusion: Despite being better aligned with security best practices than non-mHealth apps, mHealth apps are still far from ensuring robust security guarantees. App users, clinicians, technology developers, and policy makers alike should be cognizant of the uncovered security issues and weigh them carefully against the benefits of mHealth apps.

Original languageEnglish
Pages (from-to)2074-2084
Number of pages11
JournalJournal of the American Medical Informatics Association : JAMIA
Volume28
Issue number10
DOIs
Publication statusPublished - 18 Sep 2021

Keywords

  • mobile health and medical application
  • static analysis
  • dynamic analysis
  • security
  • mobile malware

Fingerprint

Dive into the research topics of 'Analyzing security issues of android mobile health and medical applications'. Together they form a unique fingerprint.

Cite this