The digitalization of holistic well-being models

Objectives The main objectives of this thesis were to examine the current consumer quantified-self technology in use today, how the technology can be used for well-being purposes, and the different factors in play when building the future well-being models. The research was conducted as an examination of literature. Summary The main applications of quantified-self technology are activity trackers, sleep trackers, and habit trackers. EEG (electroencephalogram) sensors are also used, but less popular. There are several initiatives such as Google Fit and Neosmart Health that use this technology with AI (artificial intelligence) and ML (machine learning) to create constantly developing well-being models. The technology is developing, but science is still yet to prove that using quantified-self technology works to improve users’ health. Furthermore, the applications are data heavy and issues with data ethics need to be sort out before wide commercial health applications can be assembled. Conclusions Quantified-self technology is still in its beginning phases. The potential of the technology with health care applications is notable in theory, but studies in randomized settings need to be conducted to prove the health benefits of using such technology. A working model for data ownership and privacy also is required for revolutionary health care applications. Until there is enough science and regulation behind quantified-self technology, industry pioneers will continue building new iterations of the technology and pushing it to be the future of health care

Permission Analysis of Health and Fitness Apps in IoT Programming Frameworks

© 2018 IEEE. Popular IoT programming frameworks, such as Google Fit, enable third-party developers to build apps to store and retrieve user data from a variety of data sources (e.g., wearables). The problem of overprivilege stands out due to the diversity and complexity of IoT apps, and developers rushing to release apps to meet the high demand in the IoT market. Any incorrect API usage of the IoT frameworks by third-party developers can lead to security risks, especially in health and fitness apps. Protecting sensitive user information is critically important to prevent financial and psychological harms. This paper presents PGFIT, a static permission analysis tool that precisely and efficiently identifies overprivilege issues in third-party apps built on top of a popular IoT programming framework, Google Fit. PGFIT extracts the set of requested permission scopes and the set of used data types in Google Fitenabled apps to determine whether the requested permission scopes are actually necessary. In this way, PGFIT serves as a quality assurance tool for developers and a privacy checker for app users. We used PGFIT to perform overprivilege analysis on a set of 20 Google Fit-enabled apps and with manual inspection, we found that 6 (30%) of them are overprivileged

PGFIT: Static permission analysis of health and fitness apps in IoT programming frameworks

© 2020 Popular Internet of Things (IoT) programming frameworks, such as Google Fit, enable third-party developers to build apps that store and retrieve user data from a variety of data sources such as wearable devices. Most of these apps, particularly those that are health and fitness-related, collect potentially sensitive personal data and send it to cloud servers. Analogous to Android OS, IoT programming frameworks often follow similar permission model; third-party apps on IoT platforms prompt users to grant the apps the access to their private data stored on cloud servers of IoT programming frameworks. Most users have a poor understanding of why these permissions are being asked. This can often lead to unnecessary permissions being granted, which in turn grant these apps with excessive privileges. Over-privileged apps might not be harmful to users when they are used as designed, however, they can potentially be exploited by a malicious actor in a cyber security attack. This is of particular concern with health and fitness apps, which may be exploited to leak highly sensitive personal information. This paper presents PGFIT, a static permission analysis tool that precisely and efficiently identifies privilege escalation in third-party apps built on top of a popular IoT programming framework, Google Fit. PGFIT extracts the set of requested permission scopes and the set of used data types in Google Fit-enabled apps to determine whether the requested permission scopes are actually necessary. PGFIT performs graph reachability analysis on inter-procedural control flow graph. PGFIT serves as a quality assurance tool for developers and a privacy checker for app users. We evaluated PGFIT using a set of 20 popular Google Fit-enabled apps downloaded from Google Play. Our tool successfully identified the unnecessary permission scopes granted in our data set apps and found that 6 (30%) of the 20 apps are over-privileged