A Case Study of Mobile Health Applications: The OWASP Risk of Insufficient Cryptography

Mobile devices are being deployed rapidly for both private and professional reasons. One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management. These applications help individuals track their own biorhythms and contain sensitive information. This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks. We first develop and justify a mobile OWASP Cryptographic knowledgegraph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography. We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications. Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications. As humans adopt healthcare applications for managing their health routines, it is essential that they consider the privacy and security risks they are accepting when sharing their data. Furthermore, many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations. In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded, the article suggests awareness and training modules for developers prior to marketplace software release

Investigating Privacy and Security Challenges of mHealth Applications

Privacy and mHealth are fast becoming an important influence on the U.S. healthcare system. The most visible element of mHealth is the profusion of mobile phone applications, especially ones related to wellness. Before researchers can fully examine the impact of mHealth on healthcare, barriers to use need to be addressed. One of the barriers most cited by medical professionals and patients is lack of adequate privacy and security policies and regulation for mHealth apps. In this paper the current state of data security in mobile apps is investigated by conducting a physical forensics analysis of several widely used mHealth applications. We report on the kinds of personal data that can be uncovered both before and after applications are removed and/or secured on a mobile device. These results can be used to develop a set of recommendations that can help to inform users, developers and policy stakeholders of best practices in this area. We also introduce a policy framework for mHealth apps and discuss future work

Challenges of Mobile Healthcare Application Security

Healthcare information technology has overcome many of the Web application security challenges in the past decade. We can now access information more securely and incidents of unintentional data loss are on the decline. However, more must be done to ensure the confidentiality, integrity, and availability of mobile applications in the healthcare field. Whether it is physicians using iPads to access treatment histories or patients managing healthcare options via smart phones, the proposed CAP framework (checks, assurances, protection) adds additional security and privacy layers to our modern mobile medical needs

User interface design for mobile-based sexual health interventions for young people: Design recommendations from a qualitative study on an online Chlamydia clinical care pathway

Background: The increasing pervasiveness of mobile technologies has given potential to transform healthcare by facilitating clinical management using software applications. These technologies may provide valuable tools in sexual health care and potentially overcome existing practical and cultural barriers to routine testing for sexually transmitted infections. In order to inform the design of a mobile health application for STIs that supports self-testing and self-management by linking diagnosis with online care pathways, we aimed to identify the dimensions and range of preferences for user interface design features among young people. Methods: Nine focus group discussions were conducted (n=49) with two age-stratified samples (16 to 18 and 19 to 24 year olds) of young people from Further Education colleges and Higher Education establishments. Discussions explored young people's views with regard to: the software interface; the presentation of information; and the ordering of interaction steps. Discussions were audio recorded and transcribed verbatim. Interview transcripts were analysed using thematic analysis. Results: Four over-arching themes emerged: privacy and security; credibility; user journey support; and the task-technology-context fit. From these themes, 20 user interface design recommendations for mobile health applications are proposed. For participants, although privacy was a major concern, security was not perceived as a major potential barrier as participants were generally unaware of potential security threats and inherently trusted new technology. Customisation also emerged as a key design preference to increase attractiveness and acceptability. Conclusions: Considerable effort should be focused on designing healthcare applications from the patient's perspective to maximise acceptability. The design recommendations proposed in this paper provide a valuable point of reference for the health design community to inform development of mobile-based health interventions for the diagnosis and treatment of a number of other conditions for this target group, while stimulating conversation across multidisciplinary communities

A Cloud-based Healthcare Framework for Security and Patients’ Data Privacy Using Wireless Body Area Networks

AbstractThe recent developments in remote healthcare systems have witnessed significant interests from IT industry (Microsoft, Google, VMware etc) that provide ubiquitous and easily deployable healthcare systems. These systems provide a platform to share medical information, applications, and infrastructure in a ubiquitous and fully automated manner. Communication security and patients’ data privacy are the aspects that would increase the confidence of users in such remote healthcare systems. This paper presents a secure cloud-based mobile healthcare framework using wireless body area networks (WBANs). The research work presented here is twofold: first, it attempts to secure the inter-sensor communication by multi-biometric based key generation scheme in WBANs; and secondly, the electronic medical records (EMRs) are securely stored in the hospital community cloud and privacy of the patients’ data is preserved. The evaluation and analysis shows that the proposed multi-biometric based mechanism provides significant security measures due to its highly efficient key generation mechanism

Securing mhealth applications with grid-based honey encryption

Mobile healthcare (mHealth) application and technologies have promised their cost-effectiveness to enhance healthcare quality, particularly in rural areas. However, the increased security incidents and leakage of patient data raise the concerns to address security risks and privacy issues of mhealth applications urgently. While recent mobile health applications that rely on password-based authentication cannot withstand password guessing and cracking attacks, several countermeasures such as One-Time Password (OTP), gridbased password, and biometric authentication have recently been implemented to protect mobile health applications. These countermeasures, however, can be thwarted by brute force attacks, man-in-the-middle attacks and persistent malware attacks. This paper proposed grid-based honey encryption by hybridising honey encryption with grid-based authentication. Compared to recent honey encryption limited in the hardening password attacks process, the proposed grid-based honey encryption can be further employed against shoulder surfing, smudge and replay attacks. Instead of rejecting access as a recent security defence mechanism in mobile healthcare applications, the proposed Grid-based Honey Encryption creates an indistinct counterfeit patient's record closely resembling the real patients' records in light of each off-base speculation legitimate password

Evaluating the Usability and User Acceptance of Biometric Authentication in Different Applications

This study investigates the usability and user acceptance of biometric authentication across different applications, including mobile devices and smartphones, access control systems, banking and financial applications, healthcare systems, and travel and border control. The research aims to identify the factors that influence user acceptance and the potential challenges faced in each domain. The findings reveal that biometric authentication in mobile devices and smartphones is widely accepted due to its convenience and speed. However, concerns related to false acceptance or rejection rates, sensor accuracy, and privacy issues can affect user acceptance. Similarly, in access control systems, fast and reliable biometric systems with seamless user experiences are more likely to be accepted. Challenges such as long verification times, high false rejection rates, and complex enrollment processes can impact user acceptance negatively. In banking and financial applications, user acceptance depends on the perceived security and privacy of biometric data. Trust in the system, a user-friendly interface, and clear instructions are crucial factors influencing user acceptance. Healthcare systems face unique challenges, including hygiene concerns, ease of use for elderly or disabled patients, and adherence to privacy and security regulations. User acceptance in healthcare settings is influenced by these factors, along with overall system reliability. In travel and border control, biometric authentication, particularly facial recognition, is gaining popularity for identity verification and immigration processes. User acceptance is influenced by factors such as accuracy, speed, and perceived effectiveness in enhancing security and reducing queues. Privacy concerns and data protection policies also play a role in shaping user acceptance

Data security in mobile healthcare

Introduction/purpose: The digitization of healthcare has gained particular importance in the years since the emergence of COVID-19 and also has become one of the primary goals of the Government of the Republic of Serbia. Telemedicine is a good solution when the patient cannot come to a healthcare facility. Mobile healthcare applications are already widely used, but in both fields the important challenge is data security. The aim of this paper is to review solutions for data security in mobile healthcare from the technical side and possible challenges in the process of digitization of the healthcare system in Serbia. Methods: This review is based on current papers in this area, on the available relevant literature and the authors' many years of experience in this field. Experiences in the process of digitization of healthcare in Serbia are based on available articles and regulations. Finally, possible challenges are presented from the authors' perspective based on everything presented in the field of data security in mobile healthcare. Results: The analysis of the papers reviewed from the point of view of data security showed that users are often ready to sacrifice their privacy for the sake of convenience provided by mobile applications. Conclusion: Based on the review of the papers and clear data security requirements that include the presented safeguards, one of the main tasks of the entire community is to raise awareness of information security and awareness of the need for cyber hygiene of each individual, which is the basis for the safe use of e-health services

Privacy Risks and Security Threats in mHealth apps

mHealth (Mobile Health) applications (apps) have transformed the doctor-patient relationship. They help users with varied functionalities such as monitoring their health, understanding specific health conditions, consulting doctors online and achieving fitness goals. Whilst these apps provide an option of equitable and convenient access to healthcare, a lot of personal and sensitive data about users is collected, stored and shared to achieve these functionalities. Little is known about the privacy and security concerns these apps address. Based on literature review, this paper identifies the privacy risks and security features for evaluating thirty apps in the Medical category across two app distribution platforms in India namely Google Play and App Store. Factors identified through the review formed a basis of the scoring model which helped to arrive at the ‘Privacy Risk Score’ and ‘Safety Score’ for each app. A comparative analysis of the selected apps was performed by studying their privacy policies. The results indicate that adopting these apps pose a risk. Finally, recommendations are provided to consumers such as examining the app before downloading it, customizing the app settings, and to developers to develop robust and transparent privacy policies