• DocumentCode
    708963
  • Title

    Security testing for Android mHealth apps

  • Author

    Knorr, Konstantin ; Aspinall, David

  • Author_Institution
    Trier Univ. of Appl. Sci., Trier, Germany
  • fYear
    2015
  • fDate
    13-17 April 2015
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions; they are becoming incredibly popular despite posing risks to personal data privacy and security. In this paper, we propose a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the method, we have applied it to apps for managing hypertension and diabetes, discovering a number of serious vulnerabilities in the most popular applications. Here we summarise the results of that case study, and discuss the experience of using a testing method dedicated to the domain, rather than out-of-the-box Android security testing methods. We hope that details presented here will help design further, more automated, mHealth security testing tools and methods.
  • Keywords
    Android (operating system); data privacy; medical computing; mobile computing; patient monitoring; program testing; security of data; Android mHealth apps; data security; long-term health conditions; mobile health apps; out-of-the-box Android security testing methods; personal data privacy; threat analysis; Biomedical monitoring; Data privacy; Privacy; Security; Smart phones; Testing; Web servers;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on
  • Conference_Location
    Graz
  • Type

    conf

  • DOI
    10.1109/ICSTW.2015.7107459
  • Filename
    7107459
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=708963