On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps

Konstantin Knorr; David Aspinall; Maria Wolters

doi:10.1007/978-3-319-18467-8_38

On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps

Konstantin Knorr, David Aspinall, Maria Wolters

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions. In this paper, we examine whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We investigate 154 apps from Android app stores using both automatic code and metadata analysis and a manual analysis of functionality and data leakage. Our study focuses on hypertension and diabetes, two common health conditions that require careful tracking of personal health data.

We find that many apps do not provide privacy policies or safe communications, are implemented in an insecure fashion, fail basic input validation tests and often have overall low code quality which suggests additional security and safety risks. We conclude with recommendations for App Stores, App developers, and end users.

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection
Subtitle of host publication	30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings
Editors	Hannes Federrath, Dieter Gollmann
Publisher	Springer International Publishing
Pages	571-584
Number of pages	14
ISBN (Electronic)	978-3-319-18467-8
ISBN (Print)	978-3-319-18466-1
DOIs	https://doi.org/10.1007/978-3-319-18467-8_38
Publication status	Published - 2015

Publication series

Name	IFIP Advances in Information and Communication Technology
Publisher	Springer International Publishing
Volume	455

Access to Document

10.1007/978-3-319-18467-8_38

healthapp-secAccepted author manuscript, 834 KB

http://link.springer.com/chapter/10.1007%2F978-3-319-18467-8_38

1 Finished

App Guarden: Resilient Application Stores
Aspinall, D., Franke, B., Gordon, A., Sannella, D., Stark, I. & Sutton, C.
EPSRC
1/09/13 → 31/08/16
Project: Research

Cite this

Knorr, K., Aspinall, D., & Wolters, M. (2015). On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps. In H. Federrath, & D. Gollmann (Eds.), ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings (pp. 571-584). (IFIP Advances in Information and Communication Technology; Vol. 455). Springer International Publishing. https://doi.org/10.1007/978-3-319-18467-8_38

Knorr, Konstantin ; Aspinall, David ; Wolters, Maria. / On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps. ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings. editor / Hannes Federrath ; Dieter Gollmann. Springer International Publishing, 2015. pp. 571-584 (IFIP Advances in Information and Communication Technology).

@inproceedings{1b6aad993eb54507871984da245fce6e,

title = "On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps",

abstract = "Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions. In this paper, we examine whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We investigate 154 apps from Android app stores using both automatic code and metadata analysis and a manual analysis of functionality and data leakage. Our study focuses on hypertension and diabetes, two common health conditions that require careful tracking of personal health data.We find that many apps do not provide privacy policies or safe communications, are implemented in an insecure fashion, fail basic input validation tests and often have overall low code quality which suggests additional security and safety risks. We conclude with recommendations for App Stores, App developers, and end users.",

author = "Konstantin Knorr and David Aspinall and Maria Wolters",

year = "2015",

doi = "10.1007/978-3-319-18467-8_38",

language = "English",

isbn = "978-3-319-18466-1",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer International Publishing",

pages = "571--584",

editor = "Hannes Federrath and Dieter Gollmann",

booktitle = "ICT Systems Security and Privacy Protection",

}

Knorr, K, Aspinall, D & Wolters, M 2015, On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps. in H Federrath & D Gollmann (eds), ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings. IFIP Advances in Information and Communication Technology, vol. 455, Springer International Publishing, pp. 571-584. https://doi.org/10.1007/978-3-319-18467-8_38

On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps. / Knorr, Konstantin; Aspinall, David ; Wolters, Maria.

ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings. ed. / Hannes Federrath; Dieter Gollmann. Springer International Publishing, 2015. p. 571-584 (IFIP Advances in Information and Communication Technology; Vol. 455).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps

AU - Knorr, Konstantin

AU - Aspinall, David

AU - Wolters, Maria

PY - 2015

Y1 - 2015

N2 - Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions. In this paper, we examine whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We investigate 154 apps from Android app stores using both automatic code and metadata analysis and a manual analysis of functionality and data leakage. Our study focuses on hypertension and diabetes, two common health conditions that require careful tracking of personal health data.We find that many apps do not provide privacy policies or safe communications, are implemented in an insecure fashion, fail basic input validation tests and often have overall low code quality which suggests additional security and safety risks. We conclude with recommendations for App Stores, App developers, and end users.

AB - Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions. In this paper, we examine whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We investigate 154 apps from Android app stores using both automatic code and metadata analysis and a manual analysis of functionality and data leakage. Our study focuses on hypertension and diabetes, two common health conditions that require careful tracking of personal health data.We find that many apps do not provide privacy policies or safe communications, are implemented in an insecure fashion, fail basic input validation tests and often have overall low code quality which suggests additional security and safety risks. We conclude with recommendations for App Stores, App developers, and end users.

U2 - 10.1007/978-3-319-18467-8_38

DO - 10.1007/978-3-319-18467-8_38

M3 - Conference contribution

SN - 978-3-319-18466-1

T3 - IFIP Advances in Information and Communication Technology

SP - 571

EP - 584

BT - ICT Systems Security and Privacy Protection

A2 - Federrath, Hannes

A2 - Gollmann, Dieter

PB - Springer International Publishing

ER -

Knorr K, Aspinall D , Wolters M. On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps. In Federrath H, Gollmann D, editors, ICT Systems Security and Privacy Protection: 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings. Springer International Publishing. 2015. p. 571-584. (IFIP Advances in Information and Communication Technology). https://doi.org/10.1007/978-3-319-18467-8_38

On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps

Abstract

Publication series

Access to Document

Fingerprint

Projects

App Guarden: Resilient Application Stores

Cite this