Forensic Taxonomy of Popular Android mHealth Apps

Mobile health applications (or mHealth apps, as they are commonly known) are increasingly popular with both individual end users and user groups such as physicians. Due to their ability to access, store and transmit personally identifiable and sensitive information (e.g. geolocation information and personal details), they are potentially an important source of evidentiary materials in digital investigations. In this paper, we examine 40 popular Android mHealth apps. Based on our findings, we propose a taxonomy incorporating artefacts of forensic interest to facilitate the timely collection and analysis of evidentiary materials from mobile devices involving the use of such apps. Artefacts of forensic interest recovered include user details and email addresses, chronology of user locations and food habits. We are also able to recover user credentials (e.g. user password and four-digit app login PIN number), locate user profile pictures and identify timestamp associated with the location of a user.

[1]  Klara Nahrstedt,et al.  Security Concerns in Android mHealth Apps , 2014, AMIA.

[2]  Kim-Kwang Raymond Choo,et al.  Conceptual evidence collection and analysis methodology for Android devices , 2015, The Cloud Security Ecosystem.

[3]  R. Silverman,et al.  Mobile health applications: the patchwork of legal and liability issues suggests strategies to improve oversight. , 2014, Health affairs.

[4]  KatosVasilios,et al.  A critical review of 7 years of Mobile Device Forensics , 2013 .

[5]  N. Ahuja,et al.  The Smartphone in Medicine: A Review of Current and Potential Use Among Physicians and Students , 2012, Journal of medical Internet research.

[6]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[7]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[8]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[9]  Ibrahim Baggili,et al.  Forensic analysis of social networking applications on mobile devices , 2012, Digit. Investig..

[10]  James B. Williams,et al.  Social networking applications in health care: threats to the privacy and security of health information , 2010, SEHC '10.

[11]  Feng Gao,et al.  Analysis of WeChat on IPhone , 2013 .

[12]  Michael Bauer,et al.  Data collection with iPhone Web apps efficiently collecting patient data using mobile devices , 2010, The 12th IEEE International Conference on e-Health Networking, Applications and Services.

[13]  Joyce M Lee,et al.  The Promise and Peril of Mobile Health Applications for Diabetes and Endocrinology , 2013, Pediatric diabetes.

[14]  George Fulk,et al.  Wearable shoe-based device for rehabilitation of stroke patients , 2010, 2010 Annual International Conference of the IEEE Engineering in Medicine and Biology.

[15]  Mohammad Iftekhar Husain,et al.  iForensics: Forensic Analysis of Instant Messaging on Smart Phones , 2009, ICDF2C.

[16]  Samir Chatterjee,et al.  A Taxonomy of mHealth Apps -- Security and Privacy Concerns , 2015, 2015 48th Hawaii International Conference on System Sciences.

[17]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[18]  Shiuh-Jeng Wang,et al.  The Partial Digital Evidence Disclosure in Respect to the Instant Messaging Embedded in Viber Application Regarding an Android Smart Phone , 2012, ITCS.

[19]  Daryl Johnson,et al.  Third Party Application Forensics on Apple Mobile Devices , 2011, 2011 44th Hawaii International Conference on System Sciences.

[20]  Kim-Kwang Raymond Choo,et al.  Remote Programmatic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[21]  Hadi Kharrazi,et al.  Mobile personal health records: An evaluation of features and functionality , 2012, Int. J. Medical Informatics.

[22]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[23]  Georgios Kambourakis,et al.  A critical review of 7 years of Mobile Device Forensics , 2013, Digit. Investig..

[24]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[25]  Han-Chieh Chao,et al.  The disclosure of an Android smartphone’s digital footprint respecting the Instant Messaging utilizing Skype and MSN , 2013, Electron. Commer. Res..

[26]  Paul Benjamin Lowry,et al.  A Longitudinal Study of Information Privacy on Mobile Devices , 2013, 2014 47th Hawaii International Conference on System Sciences.