On the Privacy of Mental Health Apps: An Empirical Investigation and its
Implications for Apps Development
- URL: http://arxiv.org/abs/2201.09006v1
- Date: Sat, 22 Jan 2022 09:23:56 GMT
- Title: On the Privacy of Mental Health Apps: An Empirical Investigation and its
Implications for Apps Development
- Authors: Leonardo Horn Iwaya, M. Ali Babar, Awais Rashid and Chamila
Wijayarathna
- Abstract summary: This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps.
We analyzed 27 top-ranked mental health apps from Google Play Store.
The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests.
- Score: 14.113922276394588
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: An increasing number of mental health services are offered through mobile
systems, a paradigm called mHealth. Although there is an unprecedented growth
in the adoption of mHealth systems, partly due to the COVID-19 pandemic,
concerns about data privacy risks due to security breaches are also increasing.
Whilst some studies have analyzed mHealth apps from different angles, including
security, there is relatively little evidence for data privacy issues that may
exist in mHealth apps used for mental health services, whose recipients can be
particularly vulnerable. This paper reports an empirical study aimed at
systematically identifying and understanding data privacy incorporated in
mental health apps. We analyzed 27 top-ranked mental health apps from Google
Play Store. Our methodology enabled us to perform an in-depth privacy analysis
of the apps, covering static and dynamic analysis, data sharing behaviour,
server-side tests, privacy impact assessment requests, and privacy policy
evaluation. Furthermore, we mapped the findings to the LINDDUN threat taxonomy,
describing how threats manifest on the studied apps. The findings reveal
important data privacy issues such as unnecessary permissions, insecure
cryptography implementations, and leaks of personal data and credentials in
logs and web requests. There is also a high risk of user profiling as the apps'
development do not provide foolproof mechanisms against linkability,
detectability and identifiability. Data sharing among third parties and
advertisers in the current apps' ecosystem aggravates this situation. Based on
the empirical findings of this study, we provide recommendations to be
considered by different stakeholders of mHealth apps in general and apps
developers in particular. [...]
Related papers
- Model Inversion Attacks: A Survey of Approaches and Countermeasures [59.986922963781]
Recently, a new type of privacy attack, the model inversion attacks (MIAs), aims to extract sensitive features of private data for training.
Despite the significance, there is a lack of systematic studies that provide a comprehensive overview and deeper insights into MIAs.
This survey aims to summarize up-to-date MIA methods in both attacks and defenses.
arXiv Detail & Related papers (2024-11-15T08:09:28Z) - Security Analysis of Top-Ranked mHealth Fitness Apps: An Empirical Study [0.32885740436059047]
We investigate the security vulnerabilities of ten top-ranked Android health and fitness apps, a set that accounts for 237 million downloads.
Our findings revealed many vulnerabilities, such as insecure coding, hardcoded sensitive information, over-privileged permissions, misconfiguration, and excessive communication with third-party domains.
arXiv Detail & Related papers (2024-09-27T08:11:45Z) - A Qualitative Analysis Framework for mHealth Privacy Practices [0.0]
This paper introduces a novel framework for the qualitative evaluation of privacy practices in mHealth apps.
Our investigation encompasses an analysis of 152 leading mHealth apps on the Android platform.
Our findings indicate persistent issues with negligence and misuse of sensitive user information.
arXiv Detail & Related papers (2024-05-28T08:57:52Z) - Privacy and Security of Women's Reproductive Health Apps in a Changing Legal Landscape [1.7930036479971307]
Privacy and security vulnerabilities in period-tracking and fertility-monitoring apps present significant risks.
Our approach involves manual observations of privacy policies and app permissions, along with dynamic and static analysis.
Our analysis identifies that 61% of the code vulnerabilities found in the apps are classified under the top-ten Open Web Application Security Project (OWASP) vulnerabilities.
arXiv Detail & Related papers (2024-04-08T21:19:10Z) - An Empirical Study on Secure Usage of Mobile Health Apps: The Attack
Simulation Approach [0.0]
This study investigates the security awareness of mHealth app users via action-based research.
We simulated some common security attack scenarios in mHealth context and engaged a total of 105 app users to monitor their actions and analyse their behavior.
Our results indicate that whilst the minority of our participants perceived access permissions positively, the majority had negative views by indicating that such an app could violate or cost them to lose privacy.
arXiv Detail & Related papers (2022-11-14T18:10:34Z) - Privacy Explanations - A Means to End-User Trust [64.7066037969487]
We looked into how explainability might help to tackle this problem.
We created privacy explanations that aim to help to clarify to end users why and for what purposes specific data is required.
Our findings reveal that privacy explanations can be an important step towards increasing trust in software systems.
arXiv Detail & Related papers (2022-10-18T09:30:37Z) - Mobile Mental Health Apps: Alternative Intervention or Intrusion? [2.131521514043068]
Mobile Mental Health (MMH) apps emerge as an effective alternative to assist with a broad range of psychological disorders.
The absence of a transparent privacy policy and lack of user awareness may pose a significant threat to undermining the applicability of such tools.
Our results indicate that apps' exploitable flaws, dangerous permissions, and insecure data handling pose a potential threat to the users' privacy and security.
arXiv Detail & Related papers (2022-06-21T21:05:54Z) - Analysis of Longitudinal Changes in Privacy Behavior of Android
Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy.
We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers.
We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z) - Learning Language and Multimodal Privacy-Preserving Markers of Mood from
Mobile Data [74.60507696087966]
Mental health conditions remain underdiagnosed even in countries with common access to advanced medical care.
One promising data source to help monitor human behavior is daily smartphone usage.
We study behavioral markers of daily mood using a recent dataset of mobile behaviors from adolescent populations at high risk of suicidal behaviors.
arXiv Detail & Related papers (2021-06-24T17:46:03Z) - Decentralized Privacy-Preserving Proximity Tracing [50.27258414960402]
DP3T provides a technological foundation to help slow the spread of SARS-CoV-2.
System aims to minimise privacy and security risks for individuals and communities.
arXiv Detail & Related papers (2020-05-25T12:32:02Z) - COVI White Paper [67.04578448931741]
Contact tracing is an essential tool to change the course of the Covid-19 pandemic.
We present an overview of the rationale, design, ethical considerations and privacy strategy of COVI,' a Covid-19 public peer-to-peer contact tracing and risk awareness mobile application developed in Canada.
arXiv Detail & Related papers (2020-05-18T07:40:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.