Title :
Security testing for Android mHealth apps
Author :
Knorr, Konstantin ; Aspinall, David
Author_Institution :
Trier Univ. of Appl. Sci., Trier, Germany
Abstract :
Mobile health (mHealth) apps are an ideal tool for monitoring and tracking long-term health conditions; they are becoming incredibly popular despite posing risks to personal data privacy and security. In this paper, we propose a testing method for Android mHealth apps which is designed using a threat analysis, considering possible attack scenarios and vulnerabilities specific to the domain. To demonstrate the method, we have applied it to apps for managing hypertension and diabetes, discovering a number of serious vulnerabilities in the most popular applications. Here we summarise the results of that case study, and discuss the experience of using a testing method dedicated to the domain, rather than out-of-the-box Android security testing methods. We hope that details presented here will help design further, more automated, mHealth security testing tools and methods.
Keywords :
Android (operating system); data privacy; medical computing; mobile computing; patient monitoring; program testing; security of data; Android mHealth apps; data security; long-term health conditions; mobile health apps; out-of-the-box Android security testing methods; personal data privacy; threat analysis; Biomedical monitoring; Data privacy; Privacy; Security; Smart phones; Testing; Web servers;
Conference_Titel :
Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on
Conference_Location :
Graz
DOI :
10.1109/ICSTW.2015.7107459
