Abstract
Consumer mobile medical, health and fitness apps, collectively known as mobile health or mHealth apps, monitor user activities such as steps, locations and email. It seamlessly aggregates sensitive information to facilitate a wide range of functions, such as man-
agement of health conditions and symptom checking. Although mHealth apps provide real-time health monitoring and easier access to healthcare resources, they may also pose serious risks to user safety. Although the research community is primarily well
aware of the user’s exposure to several types of malware, there has not been a large-scale in-depth analysis of suspicious mHealth apps using a consistent methodology.
This study conducts a large-scale security and privacy analysis of 381 suspicious free mHealth apps (chosen from a corpus of 15,893 apps) available on "Google Play". We built a customised tool set to perform a comprehensive analysis of these apps. We explore
the range of mechanisms used by mHealth apps to monitor users’ activities, such as photos, text messages, and live microphone access, mainly through the injection of suspicious third-party libraries. In addition, we uncover the use of obfuscation methods employed by the suspicious mHealth apps to hide their malicious codes. As
mHealth apps are used by a large number of customers worldwide, we argue that patients, clinicians, technology developers, and policy-makers alike should be conscious of the hidden risks involved and weigh them carefully against the benefits.
agement of health conditions and symptom checking. Although mHealth apps provide real-time health monitoring and easier access to healthcare resources, they may also pose serious risks to user safety. Although the research community is primarily well
aware of the user’s exposure to several types of malware, there has not been a large-scale in-depth analysis of suspicious mHealth apps using a consistent methodology.
This study conducts a large-scale security and privacy analysis of 381 suspicious free mHealth apps (chosen from a corpus of 15,893 apps) available on "Google Play". We built a customised tool set to perform a comprehensive analysis of these apps. We explore
the range of mechanisms used by mHealth apps to monitor users’ activities, such as photos, text messages, and live microphone access, mainly through the injection of suspicious third-party libraries. In addition, we uncover the use of obfuscation methods employed by the suspicious mHealth apps to hide their malicious codes. As
mHealth apps are used by a large number of customers worldwide, we argue that patients, clinicians, technology developers, and policy-makers alike should be conscious of the hidden risks involved and weigh them carefully against the benefits.
| Original language | English |
|---|---|
| Number of pages | 11 |
| Publication status | Submitted - 29 Aug 2022 |
| Event | Asia Computer Communication Security Conference - Melbourne, Australia, Melbourne, Australia Duration: 10 Jul 2023 → 14 Jul 2023 Conference number: 14 https://asiaccs2023.org/ |
Conference
| Conference | Asia Computer Communication Security Conference |
|---|---|
| Abbreviated title | AsiaCCS |
| Country/Territory | Australia |
| City | Melbourne |
| Period | 10/07/23 → 14/07/23 |
| Internet address |