MobSF: Mobile Health Care Android Applications Through The Lens of Open Source Static Analysis

LaMalva, Grace; Schmeelk, Suzanna

doi:10.1109/urtc51696.2020.9668870

Cited by 5 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…General Vulnerabilities: State-of-the-practice tools [16,29,46,50] also presented general vulnerabilities. We summarize them into the following nine categories in the VR context.…”

Section: Security and Privacy Vulnerabilities Of Vr Appsmentioning

confidence: 99%

An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives

Guo,

Dai,

Luo

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

Although Virtual Reality (VR) has accelerated its prevalent adoption in emerging metaverse applications, it is not a fundamentally new technology. On one hand, most VR operating systems (OS) are based on off-the-shelf mobile OS (e.g., Android). As a result, VR apps also inherit privacy and security deficiencies from conventional mobile apps. On the other hand, in contrast to conventional mobile apps, VR apps can achieve immersive experience via diverse VR devices, such as head-mounted displays, body sensors, and controllers though achieving this requires the extensive collection of privacy-sensitive human biometrics (e.g., hand-tracking and facetracking data). Moreover, VR apps have been typically implemented by 3D gaming engines (e.g., Unity), which also contain intrinsic security vulnerabilities. Inappropriate use of these technologies may incur privacy leaks and security vulnerabilities although these issues have not received significant attention compared to the proliferation of diverse VR apps. In this paper, we develop a security and privacy assessment tool, namely the VR-SP detector for VR apps. The VR-SP detector has integrated program static analysis tools and privacy-policy analysis methods. Using the VR-SP detector, we conduct a comprehensive empirical study on 500 popular VR apps. We obtain the original apps from the popular Oculus and SideQuest app stores and extract APK files via the Meta Oculus Quest 2 device. We evaluate security vulnerabilities and privacy data leaks of these VR apps by VR app analysis, taint analysis, and privacy-policy analysis. We find that a number of security vulnerabilities and privacy leaks widely exist in VR apps. Moreover, our results also reveal conflicting representations in the privacy policies of these apps and inconsistencies of the actual data collection with

show abstract

“…General Vulnerabilities: State-of-the-practice tools [16,29,46,50] also presented general vulnerabilities. We summarize them into the following nine categories in the VR context.…”

Section: Security and Privacy Vulnerabilities Of Vr Appsmentioning

confidence: 99%

An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives

Guo,

Dai,

Luo

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

show abstract

“…Other studies have privileged the "invisible" aspects of mHealth apps' security and privacy, e.g., using pentesting tools to analyze the apps' code, network traffic, logs, and generated data (He et al 2014;Papageorgiou et al 2018;Hussain et al 2018;LaMalva and Schmeelk 2020). The earlier work of He et al (2014) expressed concerns about the widespread use of unsecured Internet communication and 3rd-party servers by mHealth apps.…”

Section: Security and Privacy Of Mhealth Apps In Generalmentioning

confidence: 99%

On the privacy of mental health apps

et al. 2022

View full text Add to dashboard Cite

An increasing number of mental health services are now offered through mobile health (mHealth) systems, such as in mobile applications (apps). Although there is an unprecedented growth in the adoption of mental health services, partly due to the COVID-19 pandemic, concerns about data privacy risks due to security breaches are also increasing. Whilst some studies have analyzed mHealth apps from different angles, including security, there is relatively little evidence for data privacy issues that may exist in mHealth apps used for mental health services, whose recipients can be particularly vulnerable. This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps. We analyzed 27 top-ranked mental health apps from Google Play Store. Our methodology enabled us to perform an in-depth privacy analysis of the apps, covering static and dynamic analysis, data sharing behaviour, server-side tests, privacy impact assessment requests, and privacy policy evaluation. Furthermore, we mapped the findings to the LINDDUN threat taxonomy, describing how threats manifest on the studied apps. The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests. There is also a high risk of user profiling as the apps’ development do not provide foolproof mechanisms against linkability, detectability and identifiability. Data sharing among 3rd-parties and advertisers in the current apps’ ecosystem aggravates this situation. Based on the empirical findings of this study, we provide recommendations to be considered by different stakeholders of mHealth apps in general and apps developers in particular. We conclude that while developers ought to be more knowledgeable in considering and addressing privacy issues, users and health professionals can also play a role by demanding privacy-friendly apps.

show abstract

Security and Privacy of Digital Mental Health: An Analysis of Web Services and Mobile Applications

Surani,

Bawaked,

Wheeler

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

MobSF: Mobile Health Care Android Applications Through The Lens of Open Source Static Analysis

Cited by 5 publications

References 7 publications

An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives

An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives

On the privacy of mental health apps

Security and Privacy of Digital Mental Health: An Analysis of Web Services and Mobile Applications

Contact Info

Product

Resources

About