Auditing and attributing behaviours of suspicious Android health applications

Muhammad Salman; I Wayan Budi Sentana; Muhammad Ikram; Dali Kaafar

Auditing and attributing behaviours of suspicious Android health applications

Muhammad Salman, I Wayan Budi Sentana, Muhammad Ikram, Dali Kaafar

School of Computing

Research output: Contribution to conference › Paper › peer-review

Abstract

Mobile health and fitness applications for consumers, collectively known as mobile health applications or mHealth, monitor user ac- tivities such as steps, locations, and email. It seamlessly aggregates sensitive information to facilitate a wide range of functions, such as the management of health conditions and symptom checking. Although mHealth apps provide real-time health monitoring and easier access to healthcare resources, they can also pose serious risks to user safety. Although the research community is primarily well aware of the user’s exposure to several types of malware, there has not been a large-scale in-depth analysis of suspicious mHealth apps using a consistent methodology.

This study conducts a large-scale security and privacy analysis of 381 suspicious free mHealth apps (chosen from a corpus of 15,893 apps) available on “Google Play”. We built a customized toolset to perform a comprehensive analysis of these applications. We explore the range of mechanisms used by mHealth apps to monitor users’ activities, such as photos, text messages, and live microphone access, mainly through the injection of suspicious third-party libraries. In addition, we uncover the use of obfuscation methods used by suspicious mHealth apps to hide their malicious codes. As mHealth apps are used by a large number of customers worldwide, we argue that patients, clinicians, technology developers, and policy-makers alike should be conscious of the hidden risks involved and weigh them carefully against the benefits.

Original language	English
Number of pages	16
Publication status	Accepted/In press - 5 Sept 2024
Event	18th International Conference on Network and System Security - Abu Dhabi, Abu Dhabi, United Arab Emirates Duration: 20 Nov 2024 → 22 Nov 2024 Conference number: 18 https://nsclab.org/nss-socialsec2024/

Conference

Conference	18th International Conference on Network and System Security
Abbreviated title	NSS
Country/Territory	United Arab Emirates
City	Abu Dhabi
Period	20/11/24 → 22/11/24
Internet address	https://nsclab.org/nss-socialsec2024/

Cite this

@conference{d4d1786159f54d8184a07fe30b66a56b,

title = "Auditing and attributing behaviours of suspicious Android health applications",

abstract = "Mobile health and fitness applications for consumers, collectively known as mobile health applications or mHealth, monitor user ac- tivities such as steps, locations, and email. It seamlessly aggregates sensitive information to facilitate a wide range of functions, such as the management of health conditions and symptom checking. Although mHealth apps provide real-time health monitoring and easier access to healthcare resources, they can also pose serious risks to user safety. Although the research community is primarily well aware of the user{\textquoteright}s exposure to several types of malware, there has not been a large-scale in-depth analysis of suspicious mHealth apps using a consistent methodology.This study conducts a large-scale security and privacy analysis of 381 suspicious free mHealth apps (chosen from a corpus of 15,893 apps) available on “Google Play”. We built a customized toolset to perform a comprehensive analysis of these applications. We explore the range of mechanisms used by mHealth apps to monitor users{\textquoteright} activities, such as photos, text messages, and live microphone access, mainly through the injection of suspicious third-party libraries. In addition, we uncover the use of obfuscation methods used by suspicious mHealth apps to hide their malicious codes. As mHealth apps are used by a large number of customers worldwide, we argue that patients, clinicians, technology developers, and policy-makers alike should be conscious of the hidden risks involved and weigh them carefully against the benefits.",

author = "Muhammad Salman and Sentana, {I Wayan Budi} and Muhammad Ikram and Dali Kaafar",

year = "2024",

month = sep,

day = "5",

language = "English",

note = "18th International Conference on Network and System Security, NSS ; Conference date: 20-11-2024 Through 22-11-2024",

url = "https://nsclab.org/nss-socialsec2024/",

}

TY - CONF

T1 - Auditing and attributing behaviours of suspicious Android health applications

AU - Salman, Muhammad

AU - Sentana, I Wayan Budi

AU - Ikram, Muhammad

AU - Kaafar, Dali

N1 - Conference code: 18

PY - 2024/9/5

Y1 - 2024/9/5

N2 - Mobile health and fitness applications for consumers, collectively known as mobile health applications or mHealth, monitor user ac- tivities such as steps, locations, and email. It seamlessly aggregates sensitive information to facilitate a wide range of functions, such as the management of health conditions and symptom checking. Although mHealth apps provide real-time health monitoring and easier access to healthcare resources, they can also pose serious risks to user safety. Although the research community is primarily well aware of the user’s exposure to several types of malware, there has not been a large-scale in-depth analysis of suspicious mHealth apps using a consistent methodology.This study conducts a large-scale security and privacy analysis of 381 suspicious free mHealth apps (chosen from a corpus of 15,893 apps) available on “Google Play”. We built a customized toolset to perform a comprehensive analysis of these applications. We explore the range of mechanisms used by mHealth apps to monitor users’ activities, such as photos, text messages, and live microphone access, mainly through the injection of suspicious third-party libraries. In addition, we uncover the use of obfuscation methods used by suspicious mHealth apps to hide their malicious codes. As mHealth apps are used by a large number of customers worldwide, we argue that patients, clinicians, technology developers, and policy-makers alike should be conscious of the hidden risks involved and weigh them carefully against the benefits.

AB - Mobile health and fitness applications for consumers, collectively known as mobile health applications or mHealth, monitor user ac- tivities such as steps, locations, and email. It seamlessly aggregates sensitive information to facilitate a wide range of functions, such as the management of health conditions and symptom checking. Although mHealth apps provide real-time health monitoring and easier access to healthcare resources, they can also pose serious risks to user safety. Although the research community is primarily well aware of the user’s exposure to several types of malware, there has not been a large-scale in-depth analysis of suspicious mHealth apps using a consistent methodology.This study conducts a large-scale security and privacy analysis of 381 suspicious free mHealth apps (chosen from a corpus of 15,893 apps) available on “Google Play”. We built a customized toolset to perform a comprehensive analysis of these applications. We explore the range of mechanisms used by mHealth apps to monitor users’ activities, such as photos, text messages, and live microphone access, mainly through the injection of suspicious third-party libraries. In addition, we uncover the use of obfuscation methods used by suspicious mHealth apps to hide their malicious codes. As mHealth apps are used by a large number of customers worldwide, we argue that patients, clinicians, technology developers, and policy-makers alike should be conscious of the hidden risks involved and weigh them carefully against the benefits.

M3 - Paper

T2 - 18th International Conference on Network and System Security

Y2 - 20 November 2024 through 22 November 2024

ER -