Security testing for Android mHealth apps

K. Knorr; D. Aspinall

doi:10.1109/ICSTW.2015.7107459

Security testing for Android mHealth apps

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions; they are becoming incredibly popular despite posing risks to personal data privacy and security. In this paper, we propose a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the method, we have applied it to apps for managing hypertension and diabetes, discovering a number of serious vulnerabilities in the most popular applications. Here we summarise the results of that case study, and discuss the experience of using a testing method dedicated to the domain, rather than out-of-the-box Android security testing methods. We hope that details presented here will help design further, more automated, mHealth security testing tools and methods.

Original language	English
Title of host publication	Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on
Publisher	Institute of Electrical and Electronics Engineers
Pages	1-8
Number of pages	8
ISBN (Print)	978-1-4799-1885-0
DOIs	https://doi.org/10.1109/ICSTW.2015.7107459
Publication status	Published - Apr 2015

Keywords / Materials (for Non-textual outputs)

Android (operating system)
data privacy
medical computing
mobile computing
patient monitoring
program testing
security of data
Android mHealth apps
data security
long-term health conditions
mobile health apps
out-of-the-box Android security testing methods
personal data privacy
threat analysis
Biomedical monitoring
Data privacy
Privacy
Security
Smart phones
Testing
Web servers

Access to Document

10.1109/ICSTW.2015.7107459

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7107459

App Guarden: Resilient Application Stores
Aspinall, D. (Principal Investigator), Franke, B. (Co-investigator), Gordon, A. (Co-investigator), Sannella, D. (Co-investigator), Stark, I. (Co-investigator) & Sutton, C. (Co-investigator)
EPSRC
1/09/13 → 31/08/16
Project: Research

Cite this

@inproceedings{3102774ad67f433181bc9c0203334c9b,

title = "Security testing for Android mHealth apps",

abstract = "Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions; they are becoming incredibly popular despite posing risks to personal data privacy and security. In this paper, we propose a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the method, we have applied it to apps for managing hypertension and diabetes, discovering a number of serious vulnerabilities in the most popular applications. Here we summarise the results of that case study, and discuss the experience of using a testing method dedicated to the domain, rather than out-of-the-box Android security testing methods. We hope that details presented here will help design further, more automated, mHealth security testing tools and methods.",

keywords = "Android (operating system), data privacy, medical computing, mobile computing, patient monitoring, program testing, security of data, Android mHealth apps, data security, long-term health conditions, mobile health apps, out-of-the-box Android security testing methods, personal data privacy, threat analysis, Biomedical monitoring, Data privacy, Privacy, Security, Smart phones, Testing, Web servers",

author = "K. Knorr and D. Aspinall",

year = "2015",

month = apr,

doi = "10.1109/ICSTW.2015.7107459",

language = "English",

isbn = "978-1-4799-1885-0",

pages = "1--8",

booktitle = "Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

}

TY - GEN

T1 - Security testing for Android mHealth apps

AU - Knorr, K.

AU - Aspinall, D.

PY - 2015/4

Y1 - 2015/4

N2 - Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions; they are becoming incredibly popular despite posing risks to personal data privacy and security. In this paper, we propose a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the method, we have applied it to apps for managing hypertension and diabetes, discovering a number of serious vulnerabilities in the most popular applications. Here we summarise the results of that case study, and discuss the experience of using a testing method dedicated to the domain, rather than out-of-the-box Android security testing methods. We hope that details presented here will help design further, more automated, mHealth security testing tools and methods.

AB - Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions; they are becoming incredibly popular despite posing risks to personal data privacy and security. In this paper, we propose a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the method, we have applied it to apps for managing hypertension and diabetes, discovering a number of serious vulnerabilities in the most popular applications. Here we summarise the results of that case study, and discuss the experience of using a testing method dedicated to the domain, rather than out-of-the-box Android security testing methods. We hope that details presented here will help design further, more automated, mHealth security testing tools and methods.

KW - Android (operating system)

KW - data privacy

KW - medical computing

KW - mobile computing

KW - patient monitoring

KW - program testing

KW - security of data

KW - Android mHealth apps

KW - data security

KW - long-term health conditions

KW - mobile health apps

KW - out-of-the-box Android security testing methods

KW - personal data privacy

KW - threat analysis

KW - Biomedical monitoring

KW - Data privacy

KW - Privacy

KW - Security

KW - Smart phones

KW - Testing

KW - Web servers

U2 - 10.1109/ICSTW.2015.7107459

DO - 10.1109/ICSTW.2015.7107459

M3 - Conference contribution

SN - 978-1-4799-1885-0

SP - 1

EP - 8

BT - Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on

PB - Institute of Electrical and Electronics Engineers

ER -

Security testing for Android mHealth apps

Abstract

Keywords / Materials (for Non-textual outputs)

Access to Document

Fingerprint

Projects

App Guarden: Resilient Application Stores

Cite this