On the Security and Privacy of AI-based Mobile Health Chatbots

• URL: http://arxiv.org/abs/2511.12377v1
• Date: Sat, 15 Nov 2025 22:49:07 GMT
• Title: On the Security and Privacy of AI-based Mobile Health Chatbots
• Authors: Samuel Wairimu, Leonardo Horn Iwaya,
• Abstract summary: This study empirically assesses 16 AI-based mHealth chatbots identified from the Google Play Store.<n>Our findings revealed security vulnerabilities, privacy issues, and non-compliance with Google Play policies.<n>These recommendations focus on improving data handling processes, disclosure, and user security.
• Score: 0.24554686192257424
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The rise of Artificial Intelligence (AI) has impacted the development of mobile health (mHealth) apps, most notably with the advent of AI-based chatbots used as ubiquitous ``companions'' for various services, from fitness to mental health assistants. While these mHealth chatbots offer clear benefits, such as personalized health information and predictive diagnoses, they also raise significant concerns regarding security and privacy. This study empirically assesses 16 AI-based mHealth chatbots identified from the Google Play Store. The empirical assessment follows a three-phase approach (manual inspection, static code analysis, and dynamic analysis) to evaluate technical robustness and how design and implementation choices impact end users. Our findings revealed security vulnerabilities (e.g., enabling Remote WebView debugging), privacy issues, and non-compliance with Google Play policies (e.g., failure to provide publicly accessible privacy policies). Based on our findings, we offer several recommendations to enhance the security and privacy of mHealth chatbots. These recommendations focus on improving data handling processes, disclosure, and user security. Therefore, this work also seeks to support mHealth developers and security/privacy engineers in designing more transparent, privacy-friendly, and secure mHealth chatbots.

Related papers

• Can I Trust This Chatbot? Assessing User Privacy in AI-Healthcare Chatbot Applications [2.7026776927145235]
  Our study evaluates the privacy practices of 12 widely downloaded AI healthcare chatbots apps available on the App Store and Google Play in the United States.<n>Half of the examined apps did not present a privacy policy during sign up, and only two provided an option to disable data sharing at that stage.<n>The majority of apps' privacy policies failed to address data protection measures.
  arXiv  Detail & Related papers  (2025-09-18T03:29:43Z)
• Towards Privacy-aware Mental Health AI Models: Advances, Challenges, and Opportunities [58.61680631581921]
  Mental health disorders create profound personal and societal burdens, yet conventional diagnostics are resource-intensive and limit accessibility.<n>This paper examines these challenges and proposes solutions, including anonymization, synthetic data, and privacy-preserving training.<n>It aims to advance reliable, privacy-aware AI tools that support clinical decision-making and improve mental health outcomes.
  arXiv  Detail & Related papers  (2025-02-01T15:10:02Z)
• Decoding User Concerns in AI Health Chatbots: An Exploration of Security and Privacy in App Reviews [1.2437039433843042]
  This study evaluates the effectiveness of automated methods, specifically BART and Gemini GenAI, in identifying security privacy related (SPR) concerns.<n>Our results indicate that while Gemini's performance in SPR classification is comparable to manual labeling, both automated methods have limitations.
  arXiv  Detail & Related papers  (2025-01-31T00:38:37Z)
• Open Problems in Machine Unlearning for AI Safety [61.43515658834902]
  Machine unlearning -- the ability to selectively forget or suppress specific types of knowledge -- has shown promise for privacy and data removal tasks.<n>In this paper, we identify key limitations that prevent unlearning from serving as a comprehensive solution for AI safety.
  arXiv  Detail & Related papers  (2025-01-09T03:59:10Z)
• A Qualitative Analysis Framework for mHealth Privacy Practices [0.0]
  This paper introduces a novel framework for the qualitative evaluation of privacy practices in mHealth apps. Our investigation encompasses an analysis of 152 leading mHealth apps on the Android platform. Our findings indicate persistent issues with negligence and misuse of sensitive user information.
  arXiv  Detail & Related papers  (2024-05-28T08:57:52Z)
• Privacy-preserving Optics for Enhancing Protection in Face De-identification [60.110274007388135]
  We propose a hardware-level face de-identification method to solve this vulnerability. We also propose an anonymization framework that generates a new face using the privacy-preserving image, face heatmap, and a reference face image from a public dataset as input.
  arXiv  Detail & Related papers  (2024-03-31T19:28:04Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• What Do End-Users Really Want? Investigation of Human-Centered XAI for Mobile Health Apps [69.53730499849023]
  We present a user-centered persona concept to evaluate explainable AI (XAI) Results show that users' demographics and personality, as well as the type of explanation, impact explanation preferences. Our insights bring an interactive, human-centered XAI closer to practical application.
  arXiv  Detail & Related papers  (2022-10-07T12:51:27Z)
• Contributions to Context-Aware Smart Healthcare: A Security and Privacy Perspective [0.0]
  dissertation contributes to several security and privacy challenges within the smart health paradigm. We present an extensive analysis on the security aspects of the underlying sensors and networks deployed in context-aware environments. We contribute to process mining, a popular analytical field that helps analyse business processes within organisations.
  arXiv  Detail & Related papers  (2022-06-28T16:54:16Z)
• On the Privacy of Mental Health Apps: An Empirical Investigation and its Implications for Apps Development [14.113922276394588]
  This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps. We analyzed 27 top-ranked mental health apps from Google Play Store. The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests.
  arXiv  Detail & Related papers  (2022-01-22T09:23:56Z)
• Assessing the Severity of Health States based on Social Media Posts [62.52087340582502]
  We propose a multiview learning framework that models both the textual content as well as contextual-information to assess the severity of the user's health state. The diverse NLU views demonstrate its effectiveness on both the tasks and as well as on the individual disease to assess a user's health.
  arXiv  Detail & Related papers  (2020-09-21T03:45:14Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.