Security testing for Android mHealth apps

K. Knorr, D. Aspinall

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions; they are becoming incredibly popular despite posing risks to personal data privacy and security. In this paper, we propose a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the method, we have applied it to apps for managing hypertension and diabetes, discovering a number of serious vulnerabilities in the most popular applications. Here we summarise the results of that case study, and discuss the experience of using a testing method dedicated to the domain, rather than out-of-the-box Android security testing methods. We hope that details presented here will help design further, more automated, mHealth security testing tools and methods.
Original languageEnglish
Title of host publicationSoftware Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages1-8
Number of pages8
ISBN (Print)978-1-4799-1885-0
DOIs
Publication statusPublished - Apr 2015

Keywords

  • Android (operating system)
  • data privacy
  • medical computing
  • mobile computing
  • patient monitoring
  • program testing
  • security of data
  • Android mHealth apps
  • data security
  • long-term health conditions
  • mobile health apps
  • out-of-the-box Android security testing methods
  • personal data privacy
  • threat analysis
  • Biomedical monitoring
  • Data privacy
  • Privacy
  • Security
  • Smart phones
  • Testing
  • Web servers

Fingerprint Dive into the research topics of 'Security testing for Android mHealth apps'. Together they form a unique fingerprint.

Cite this