Analysis of the Adherence of mHealth Applications to HIPAA Technical Safeguards

The proliferation of mobile health technology, or mHealth apps, has made it essential to protect individual health details. People now have easy access to digital platforms that allow them to save, share, and access their medical data and treatment information as well as easily monitor and manage health-related issues. It is crucial to make sure that protected health information (PHI) is effectively and securely transmitted, received, created, and maintained in accordance with the rules outlined by the Health Insurance Portability and Accountability Act (HIPAA), as the use of mHealth apps increases. Unfortunately, many mobile app developers, particularly those of mHealth apps, do not completely understand the HIPAA security and privacy requirements. This offers a unique opportunity for research to create an analytical framework that can help programmers maintain safe and HIPAA-compliant source code while also educating users about the security and privacy of private health information. The plan is to develop a framework which will serve as the foundation for developing an integrated development environment (IDE) plugin for mHealth app developers and a web-based interface for mHealth app consumers. This will help developers identify and address HIPAA compliance issues during the development process and provide consumers with a tool to evaluate the privacy and security of mHealth apps before downloading and using them. The goal is to encourage the development of secure and compliant mHealth apps that safeguard personal health information

Gestão de ameaças de segurança em sistemas android

Dissertação de mestrado integrado em Engenharia Eletrónica Industrial e ComputadoresWith the exponential use of mobile phones to handle sensitive information, the intrusion systems development has also increased. Malicious software is constantly being developed and the intrusion techniques are increasingly more sophisticated. Security protection systems trying to counteract these intrusions are constantly being improved and updated. Being Android one of the most popular operating systems, it became an intrusion’s methods development target. Developed security solutions constantly monitor their host system and by accessing a set of defined parameters they try to find potentially harmful changes. An important topic when addressing malicious applications detection is the malware identification and characterization. Usually, to separate the normal system behavior from the malicious behavior, security systems employ machine learning or data mining techniques. However, with the constant evolution of malicious applications, such techniques are still far from being capable of completely responding to the market needs. This dissertation aim was to verify if malicious behavior patterns definition is a viable way of addressing this challenge. As part of the proposed research two data mining classification models were built and tested with the collected data, and their performances were compared. the RapidMiner software was used for the proposed model development and testing, and data was collected from the FlowDroid application. To facilitate the understanding of the security potential of the Android framework, research was done on the its architecture, overall structure, and security methods, including its protection mechanisms and breaches. It was also done a study on models threats/attacks’ description, as well as, on the current existing applications for anti-mobile threats, analyzing their strengths and weaknesses.Com o uso exponencial de telefones para lidar com informações sensíveis, o desenvolvimento de sistemas de intrusão também aumentou. Softwares maliciosos estão constantemente a ser desenvolvidos e as técnicas de intrusão são cada vez mais sofisticadas. Para neutralizar essas intrusões, os sistemas de proteção de segurança precisam constantemente de ser melhorados e atualizados. Sendo o Android um dos sistemas operativos (SO) mais populares, tornou-se também num alvo de desenvolvimento de métodos de intrusão. As soluções de segurança desenvolvidas monitoram constantemente o sistema em que se encontram e acedendo a um o conjunto definido de parâmetros procuram alterações potencialmente prejudiciais. Um tópico importante ao abordar aplicações mal-intencionadas é a identificação e caracterização do malware. Normalmente, para separar o comportamento normal do sistema do comportamento mal-intencionado, os sistemas de segurança empregam técnicas de machine learning ou de data mining. No entanto, com a constante evolução das aplicações maliciosas, tais técnicas ainda estão longe de serem capazes de responder completamente às necessidades do mercado. Esta dissertação teve como objetivo verificar se os padrões de comportamento malicioso são uma forma viável de enfrentar esse desafio. Para responder à pesquisa proposta foram construídos e testados dois modelos de classificação de dados, usando técnicas de data mining, e com os dados recolhidos compararam-se os seus desempenhos. Para o desenvolvimento e teste do modelo proposto foi utilizado o software RapidMiner, e os dados foram recolhidos através do uso da aplicação FlowDroid. Para facilitar a compreensão sobre as potencialidades de segurança da framework do Android, realizou-se uma pesquisa sobre a sua arquitetura, estrutura geral e métodos de segurança, incluindo seus mecanismos de defesa e algumas das suas limitações. Além disso, realizou-se um estudo sobre algumas das atuais aplicações existentes para a defesa contra aplicações maliciosas, analisando os seus pontos fortes e fracos

Solution centralisée de contrôle d'accès basée sur la réécriture d'applications pour la plateforme Android

Bien que les méthodes API offrent de nombreux avantages ainsi qu'un grand confort lors de l'utilisation des applications Android, l'utilisation de ces dernières par des applications malicieuses peut être potentiellement dangereuse. Surtout que l'exploitation de ces méthodes par les applications malsaines n'est pas forcement détectée comme étant une action de malware. La présente étude s'intéresse à des contextes dans lesquels certains appels de méthodes API par certaines applications ne sont pas acceptables. Ces contextes peuvent être créés par une application ou par la collaboration entre plusieurs applications. L'approche proposée par la présente étude est basée sur la réécriture des applications. En effet, un Framework de réécriture d'applications y est présenté. Celui-ci permet l'injection de certaines portions de code, responsables de la communication avec un contrôleur d'applications. Ce dernier est une application Android tierce partie, se basant principalement sur des politiques de sécurité pour le contrôle de l'ensemble des applications en temps réel. Les résultats montrent que la solution présentée dans cette étude permet de contrôler tous les appels API sollicités par les applications malsaines, et de lutter contre la collaboration entre ces dernières pour toute tentative de création de contexte malicieux

Rohelisema tarkvaratehnoloogia poole tarkvaraanalüüsi abil

Mobiilirakendused, mis ei tühjenda akut, saavad tavaliselt head kasutajahinnangud. Mobiilirakenduste energiatõhusaks muutmiseks on avaldatud mitmeid refaktoreerimis- suuniseid ja tööriistu, mis aitavad rakenduse koodi optimeerida. Neid suuniseid ei saa aga seoses energiatõhususega üldistada, sest kõigi kontekstide kohta ei ole piisavalt energiaga seotud andmeid. Olemasolevad energiatõhususe parandamise tööriistad/profiilid on enamasti prototüübid, mis kohalduvad ainult väikese alamhulga energiaga seotud probleemide suhtes. Lisaks käsitlevad olemasolevad suunised ja tööriistad energiaprobleeme peamiselt a posteriori ehk tagantjärele, kui need on juba lähtekoodi sees. Android rakenduse koodi saab põhijoontes jagada kaheks osaks: kohandatud kood ja korduvkasutatav kood. Kohandatud kood on igal rakendusel ainulaadne. Korduvkasutatav kood hõlmab kolmandate poolte teeke, mis on rakendustesse lisatud arendusprotessi kiirendamiseks. Alustuseks hindame mitmete lähtekoodi halbade lõhnade refaktoreerimiste energiatarbimist Androidi rakendustes. Seejärel teeme empiirilise uuringu Androidi rakendustes kasutatavate kolmandate osapoolte võrguteekide energiamõju kohta. Pakume üldisi kontekstilisi suuniseid, mida võiks rakenduste arendamisel kasutada. Lisaks teeme süstemaatilise kirjanduse ülevaate, et teha kindlaks ja uurida nüüdisaegseid tugitööriistu, mis on rohelise Androidi arendamiseks saadaval. Selle uuringu ja varem läbi viidud katsete põhjal toome esile riistvarapõhiste energiamõõtmiste jäädvustamise ja taasesitamise probleemid. Arendame tugitööriista ARENA, mis võib aidata koguda energiaandmeid ja analüüsida Androidi rakenduste energiatarbimist. Viimasena töötame välja tugitööriista REHAB, et soovitada arendajatele energiatõhusaid kolmanda osapoole võrguteekeMobile apps that do not drain the battery usually get good user ratings. To make mobile apps energy efficient many refactoring guidelines and tools are published that help optimize the app code. However, these guidelines cannot be generalized w.r.t energy efficiency, as there is not enough energy-related data for every context. Existing energy enhancement tools/profilers are mostly prototypes applicable to only a small subset of energy-related problems. In addition, the existing guidelines and tools mostly address the energy issues a posteriori, i.e., once they have already been introduced into the code. Android app code can be roughly divided into two parts: the custom code and the reusable code. Custom code is unique to each app. Reusable code includes third-party libraries that are included in apps to speed up the development process. We start by evaluating the energy consumption of various code smell refactorings in native Android apps. Then we conduct an empirical study on the energy impact of third-party network libraries used in Android apps. We provide generalized contextual guidelines that could be used during app development Further, we conduct a systematic literature review to identify and study the current state of the art support tools available to aid green Android development. Based on this study and the experiments we conducted before, we highlight the problems in capturing and reproducing hardware-based energy measurements. We develop the support tool ‘ARENA’ that could help gather energy data and analyze the energy consumption of Android apps. Last, we develop the support tool ‘REHAB’ to recommend energy efficient third-party network libraries to developers.https://www.ester.ee/record=b547174