On the Privacy, Security and Safety of Blood Pressure and Diabetes Apps

Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions. In this paper, we examine whether mHealth apps succeed in ensuring the privacy, security, and safety of the health data entrusted to them. We investigate 154 apps from Android app stores using both automatic code and metadata analysis and a manual analysis of functionality and data leakage. Our study focuses on hypertension and diabetes, two common health conditions that require careful tracking of personal health data.

[1]  Anne Marie Helm,et al.  Privacy and mHealth: How Mobile Health 'Apps' Fit into a Privacy Framework Not Limited to HIPAA , 2014 .

[2]  David Kotz,et al.  A threat taxonomy for mHealth privacy , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[3]  Klara Nahrstedt,et al.  Security Concerns in Android mHealth Apps , 2014, AMIA.

[4]  Jürgen Unützer,et al.  Stigma and depression among primary care patients. , 2003, General hospital psychiatry.

[5]  Dongjing He,et al.  Security threats to Android apps , 2014 .

[6]  Bernd Freisleben,et al.  Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[7]  David Aspinall,et al.  Security testing for Android mHealth apps , 2015, 2015 IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW).

[8]  Maria Klara Wolters The minimal effective dose of reminder technology , 2014, CHI Extended Abstracts.

[9]  C Jason Wang,et al.  The HIPAA conundrum in the era of mobile health and communications. , 2013, JAMA.

[10]  Donna S. Eng,et al.  Mobile Health Applications for Diabetes and Endocrinology: Promise and Peril? , 2013 .

[11]  H. Nissenbaum A Contextual Approach to Privacy Online , 2011, Daedalus.

[12]  David Kotz,et al.  Privacy in mobile technology for personal healthcare , 2012, CSUR.

[13]  D. Schulke The Regulatory Arms Race:: Mobile-Health Applications and Agency Posturing , 2013 .

[14]  S. Wild,et al.  Diabetes in Europe: an update. , 2014, Diabetes research and clinical practice.

[15]  Dong Zhou,et al.  Translation techniques in cross-language information retrieval , 2012, CSUR.

[16]  Deborah Richards,et al.  Security and Privacy Issues Related to the Use of Mobile Health Apps , 2014 .

[17]  Narseo Vallina-Rodriguez,et al.  Breaking for commercials: characterizing mobile advertising , 2012, Internet Measurement Conference.

[18]  Martin Wehling,et al.  Changes in the Prevalence, Treatment and Control of Hypertension in Germany? A Clinical-Epidemiological Study of 50.000 Primary Care Patients , 2012, PloS one.

[19]  Ali Sunyaev,et al.  Availability and quality of mobile health app privacy policies , 2015, J. Am. Medical Informatics Assoc..

[20]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[21]  Harold W. Thimbleby,et al.  Improving Safety in Medical Devices and Systems , 2013, 2013 IEEE International Conference on Healthcare Informatics.

[22]  Joyce M Lee,et al.  The Promise and Peril of Mobile Health Applications for Diabetes and Endocrinology , 2013, Pediatric diabetes.

[23]  Jacques Klein,et al.  A Forensic Analysis of Android Malware -- How is Malware Written and How it Could Be Detected? , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.