An Empirical Study on Secure Usage of Mobile Health Apps: The Attack
Simulation Approach
- URL: http://arxiv.org/abs/2211.07585v1
- Date: Mon, 14 Nov 2022 18:10:34 GMT
- Title: An Empirical Study on Secure Usage of Mobile Health Apps: The Attack
Simulation Approach
- Authors: Bakheet Aljedaani, Aakash Ahmad, Mansooreh Zahedi, M. Ali Babar
- Abstract summary: This study investigates the security awareness of mHealth app users via action-based research.
We simulated some common security attack scenarios in mHealth context and engaged a total of 105 app users to monitor their actions and analyse their behavior.
Our results indicate that whilst the minority of our participants perceived access permissions positively, the majority had negative views by indicating that such an app could violate or cost them to lose privacy.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Mobile applications, mobile apps for short, have proven their usefulness in
enhancing service provisioning across a multitude of domains that range from
smart healthcare, to mobile commerce, and areas of context sensitive computing.
In recent years, a number of empirically grounded, survey-based studies have
been conducted to investigate secure development and usage of mHealth apps.
However, such studies rely on self reported behaviors documented via interviews
or survey questions that lack a practical, i.e. action based approach to
monitor and synthesise users actions and behaviors in security critical
scenarios. We conducted an empirical study, engaging participants with attack
simulation scenarios and analyse their actions, for investigating the security
awareness of mHealth app users via action-based research. We simulated some
common security attack scenarios in mHealth context and engaged a total of 105
app users to monitor their actions and analyse their behavior. We analysed
users data with statistical analysis including reliability and correlations
tests, descriptive analysis, and qualitative data analysis. Our results
indicate that whilst the minority of our participants perceived access
permissions positively, the majority had negative views by indicating that such
an app could violate or cost them to lose privacy. Users provide their consent,
granting permissions, without a careful review of privacy policies that leads
to undesired or malicious access to health critical data. The results also
indicated that 73.3% of our participants had denied at least one access
permission, and 36% of our participants preferred no authentication method. The
study complements existing research on secure usage of mHealth apps, simulates
security threats to monitor users actions, and provides empirically grounded
guidelines for secure development and usage of mobile health systems.
Related papers
- MisinfoEval: Generative AI in the Era of "Alternative Facts" [50.069577397751175]
We introduce a framework for generating and evaluating large language model (LLM) based misinformation interventions.
We present (1) an experiment with a simulated social media environment to measure effectiveness of misinformation interventions, and (2) a second experiment with personalized explanations tailored to the demographics and beliefs of users.
Our findings confirm that LLM-based interventions are highly effective at correcting user behavior.
arXiv Detail & Related papers (2024-10-13T18:16:50Z) - Collection, usage and privacy of mobility data in the enterprise and public administrations [55.2480439325792]
Security measures such as anonymization are needed to protect individuals' privacy.
Within our study, we conducted expert interviews to gain insights into practices in the field.
We survey privacy-enhancing methods in use, which generally do not comply with state-of-the-art standards of differential privacy.
arXiv Detail & Related papers (2024-07-04T08:29:27Z) - A Qualitative Analysis Framework for mHealth Privacy Practices [0.0]
This paper introduces a novel framework for the qualitative evaluation of privacy practices in mHealth apps.
Our investigation encompasses an analysis of 152 leading mHealth apps on the Android platform.
Our findings indicate persistent issues with negligence and misuse of sensitive user information.
arXiv Detail & Related papers (2024-05-28T08:57:52Z) - Privacy and Security of Women's Reproductive Health Apps in a Changing Legal Landscape [1.7930036479971307]
Privacy and security vulnerabilities in period-tracking and fertility-monitoring apps present significant risks.
Our approach involves manual observations of privacy policies and app permissions, along with dynamic and static analysis.
Our analysis identifies that 61% of the code vulnerabilities found in the apps are classified under the top-ten Open Web Application Security Project (OWASP) vulnerabilities.
arXiv Detail & Related papers (2024-04-08T21:19:10Z) - A Comprehensive Picture of Factors Affecting User Willingness to Use
Mobile Health Applications [62.60524178293434]
The aim of this paper is to investigate the factors that influence user acceptance of mHealth apps.
Users' digital literacy has the strongest impact on their willingness to use them, followed by their online habit of sharing personal information.
Users' demographic background, such as their country of residence, age, ethnicity, and education, has a significant moderating effect.
arXiv Detail & Related papers (2023-05-10T08:11:21Z) - On the Privacy of Mental Health Apps: An Empirical Investigation and its
Implications for Apps Development [14.113922276394588]
This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps.
We analyzed 27 top-ranked mental health apps from Google Play Store.
The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests.
arXiv Detail & Related papers (2022-01-22T09:23:56Z) - StudyMe: A New Mobile App for User-Centric N-of-1 Trials [68.8204255655161]
N-of-1 trials are multi-crossover self-experiments that allow individuals to systematically evaluate the effect of interventions on their personal health goals.
We present StudyMe, an open-source mobile application that is freely available from https://play.google.com/store/apps/details?id=health.studyu.me.
arXiv Detail & Related papers (2021-07-31T20:43:36Z) - Privacy-preserving medical image analysis [53.4844489668116]
We present PriMIA, a software framework designed for privacy-preserving machine learning (PPML) in medical imaging.
We show significantly better classification performance of a securely aggregated federated learning model compared to human experts on unseen datasets.
We empirically evaluate the framework's security against a gradient-based model inversion attack.
arXiv Detail & Related papers (2020-12-10T13:56:00Z) - An Empirical Study on Developing Secure Mobile Health Apps: The
Developers Perspective [0.0]
MHealth apps (mHealth apps for short) are becoming integral part of mobile and pervasive computing to improve the availability and quality of healthcare services.
Despite the offered benefits, mHealth apps face a critical challenge, i.e., security of health critical data that is produced and consumed by the app.
Several studies have revealed that security specific issues of mHealth apps have not been adequately addressed.
arXiv Detail & Related papers (2020-08-07T08:23:21Z) - COVI White Paper [67.04578448931741]
Contact tracing is an essential tool to change the course of the Covid-19 pandemic.
We present an overview of the rationale, design, ethical considerations and privacy strategy of COVI,' a Covid-19 public peer-to-peer contact tracing and risk awareness mobile application developed in Canada.
arXiv Detail & Related papers (2020-05-18T07:40:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.