Edinburgh Research Explorer

Security testing for Android mHealth apps

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Original languageEnglish
Title of host publicationSoftware Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages1-8
Number of pages8
ISBN (Print)978-1-4799-1885-0
DOIs
Publication statusPublished - Apr 2015

Abstract

Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions; they are becoming incredibly popular despite posing risks to personal data privacy and security. In this paper, we propose a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the method, we have applied it to apps for managing hypertension and diabetes, discovering a number of serious vulnerabilities in the most popular applications. Here we summarise the results of that case study, and discuss the experience of using a testing method dedicated to the domain, rather than out-of-the-box Android security testing methods. We hope that details presented here will help design further, more automated, mHealth security testing tools and methods.

    Research areas

  • Android (operating system), data privacy, medical computing, mobile computing, patient monitoring, program testing, security of data, Android mHealth apps, data security, long-term health conditions, mobile health apps, out-of-the-box Android security testing methods, personal data privacy, threat analysis, Biomedical monitoring, Data privacy, Privacy, Security, Smart phones, Testing, Web servers

ID: 19928268