Networking Issues for Security and Privacy in Mobile Health Apps

Al-Sharo, Yasser Mohammad

doi:10.14569/ijacsa.2019.0100225

Cited by 5 publications

(6 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to business pressures (eg, rushing to market), delivering an app on time tends to be the main aim mHealth apps developers try to satisfy for customers and avoid extra costs. High workload and tight timeframes require mHealth app developers to put more effort in meeting functional requirements as a primary task (S18 [ 46 ], S26 [ 40 ], S32 [ 4 ]). It also affects their attitude and behavior towards addressing security (eg, underestimating risks, assuming attackers will not realize the weaknesses) and dealing with security after releasing an app [ 61 ].…”

Section: Resultsmentioning

confidence: 99%

“…Table 2 illustrates the identified challenges, the key points that led us to consider them from the reviewed studies, and the frequency of each challenge. (63) Lack of security guidelines, regulations, direct laws about the security requirements, secure designing, security testing, security features that need to be employed in mHealth apps (S4 [32], S5 [17], S6 [34], S7 [35], S10 [36], S12 [9], S13 [37], S15 [38], S16 [19], S20 [39], S22 [20], S23 [1], S26 [40], S29 [41], S31 [42]); lack of framework or standards (eg, standardized policies and methodologies to ensure the security standards are met) for developing secure mHealth apps (S2 [43], S3 [12], S29 [41], S31 [42]); lack of compliance with the available guidance and/or standard (S25 [44], S29 [41]); challenges for the developers to deal with legal obligations, policies, and procedures (S32 [4]) C1. Lack of security guidelines and regulations for developing secure mHealth apps 18 (56) Insufficient knowledge of software developers about the security risks of mHealth apps (S12 [9], S17 [45], S18 [46], S27 [47]); lack of developers' security awareness (eg, towards the potential threats of mHealth apps; S3 [12], S9 [11], S14 [18], S21 [15], S28 [48], S32 [4]); developers' lack of knowledge towards secure coding practices, using secure APIs a , and utilizing up-to-date libraries (S18 [46]) or secure third-party services by mHealth app developers that could misuse users' health data (S1…”

Section: Challenges With Developing Secure Mhealth Appsmentioning

confidence: 99%

“…No or little attention by developers towards the security of mHealth apps 4 (13) No/low budget assigned for employing security measures (S32 [4]); unavailability of security tools (S32 [4]); developers lack training about developing secure mHealth apps (S4 [32], S5 [17]); lack of research and development efforts to facilitate developing secure mHealth apps (S14 [18]) C5. Lack of financial resources for developing secure mHealth apps 4 (13%) Rushing to market, which leaves vulnerabilities in mHealth apps (S18 [46], S26 [40], S32 [4]); the long process of gaining consent or approving the development choices of the developers (S7 [35]) C6. Time constraints during mHealth app development process 4 (13) Lack of security testing (S32 [4]); lack of proper security testing (eg, vulnerability scan) for mHealth apps (S6 [34], S18 [46], S23 [1]) C7.…”

Section: Challenges With Developing Secure Mhealth Appsmentioning

confidence: 99%

See 2 more Smart Citations

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Aljedaani¹,

Babar²

2021

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

Background Mobile health (mHealth) apps have gained significant popularity over the last few years due to their tremendous benefits, such as lowering health care costs and increasing patient awareness. However, the sensitivity of health care data makes the security of mHealth apps a serious concern. Poor security practices and lack of security knowledge on the developers’ side can cause several vulnerabilities in mHealth apps. Objective In this review paper, we aimed to identify and analyze the reported challenges concerning security that developers of mHealth apps face. Additionally, our study aimed to develop a conceptual framework with the challenges for developing secure apps faced by mHealth app development organizations. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps. Methods We followed the systematic literature review method for this review. We selected studies that were published between January 2008 and October 2020 since the major app stores launched in 2008. We selected 32 primary studies using predefined criteria and used a thematic analysis method for analyzing the extracted data. Results Of the 1867 articles obtained, 32 were included in this review based on the predefined criteria. We identified 9 challenges that can affect the development of secure mHealth apps. These challenges include lack of security guidelines and regulations for developing secure mHealth apps (20/32, 63%), developers’ lack of knowledge and expertise for secure mHealth app development (18/32, 56%), lack of stakeholders’ involvement during mHealth app development (6/32, 19%), no/little developer attention towards the security of mHealth apps (5/32, 16%), lack of resources for developing a secure mHealth app (4/32, 13%), project constraints during the mHealth app development process (4/32, 13%), lack of security testing during mHealth app development (4/32, 13%), developers’ lack of motivation and ethical considerations (3/32, 9%), and lack of security experts’ engagement during mHealth app development (2/32, 6%). Based on our analysis, we have presented a conceptual framework that highlights the correlation between the identified challenges. Conclusions While mHealth app development organizations might overlook security, we conclude that our findings can help them to identify the weaknesses and improve their security practices. Similarly, mHealth app developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth app development.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Challenges With Developing Secure Mhealth Appsmentioning

confidence: 99%

Section: Challenges With Developing Secure Mhealth Appsmentioning

confidence: 99%

See 1 more Smart Citation

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Aljedaani¹,

Babar²

2021

JMIR Mhealth Uhealth

View full text Add to dashboard Cite

show abstract

“…Some researchers have also defined a criteria for assessing and comparing mHealth apps, providing a security and privacy "score" in order to better communicate the potential risks of such systems to its end-users [38]. Some systematic reviews have focused on privacy and usability issues in mHealth systems [40] or networking issues for security and privacy of mHealth apps [41]. However, these studies are restricted to the investigation of mHealth apps developed for tablets and smartphones and Body Sensor Networks (BSNs).…”

Section: A Privacy and Usability Issues In Mhealth Systemsmentioning

confidence: 99%

Security and Privacy for mHealth and uHealth Systems: A Systematic Mapping Study

2020

View full text Add to dashboard Cite

An increased adoption of mobile health (mHealth) and ubiquitous health (uHealth) systems empower users with handheld devices and embedded sensors for a broad range of healthcare services. However, m/uHealth systems face significant challenges related to data security and privacy that must be addressed to increase the pervasiveness of such systems. This study aims to systematically identify, classify, compare, and evaluate state-of-the-art on security and privacy of m/uHealth systems. We conducted a systematic mapping study (SMS) based on 365 qualitatively selected studies to (i) classify the types, frequency, and demography of published research, (ii) synthesize and categorize research themes, (iii) recurring challenges, (iv) prominent solutions (i.e., research outcomes) and their (v) reported evaluations (i.e., practical validations). Results suggest that the existing research on security and privacy of m/uHealth systems primarily focuses on select group of control families (compliant with NIST800-53), protection of systems and information, access control, authentication, individual participation, and privacy authorisation. In contrast, areas of data governance, security and privacy policies, and program management are underrepresented, although these are critical to most of the organizations that employ m/uHealth systems. Most research proposes new solutions with limited validation, reflecting a lack of evaluation of security and privacy of m/uHealth in the real world. Empirical research, development, and validation of m/uHealth security and privacy is still incipient, which may discourage practitioners from readily adopting solutions from the literature. This SMS facilitates knowledge transfer, enabling researchers and practitioners to engineer security and privacy for emerging and next generation of m/uHealth systems.

show abstract

“…No matter how strong an android's security system is, it can still be penetrated if the user is still easy to manipulate, especially using social engineering methods. Social engineering is a manipulation technique that exploits human error to access private information or valuable data [7][8][9]. In the world of cybercrime, this type of human hacking scam can lure unsuspecting users.…”

Section: Introductionmentioning

confidence: 99%

Methods of Stealing Personal Data on Android using a Remote Administration Tool with Social Engineering Techniques

Satrio Hadikusuma,

Lukas,

Rizaludin

2023

Ultimatics

View full text Add to dashboard Cite

IT security is a significant concern of the internet because almost all communication occurs today. The purpose of testing personal data theft with the social engineering method is to ensure that the system and network on the user's Android have security holes to be hacked if the user is not aware of social engineering that allows data theft through the remote administration tool (RAT) which is accidentally downloaded on the Android User. Installing a RAT by applying social engineering is the possible and proper way to steal Android user privacy data. This study outlines some basic concepts of data theft, from recent call data and personal data to controlling Android users' cameras and microphones remotely.

show abstract

Networking Issues for Security and Privacy in Mobile Health Apps

Cited by 5 publications

References 29 publications

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Security and Privacy for mHealth and uHealth Systems: A Systematic Mapping Study

Methods of Stealing Personal Data on Android using a Remote Administration Tool with Social Engineering Techniques

Contact Info

Product

Resources

About