Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues.
作者: Jannis Müthing , Thomas Jäschke , Christoph M Friedrich
DOI: 10.2196/MHEALTH.7791
关键词:
摘要: Background: Mobile health (mHealth) apps show a growing importance for patients and care professionals. Apps in this category are diverse. Some display important information (ie, drug interactions), whereas others help to keep track of their health. However, insufficient transport security can lead confidentiality issues medical professionals, as well safety regarding data integrity. mHealth should therefore deploy intensified vigilance protect This paper analyzes the state apps. Objective: The objectives study were follows: (1) identification relevant apps, (2) development platform test purposes, (3) recommendation practices mitigate them. Methods: Security characteristics assessed, presented, discussed. These used prototypical facilitating streamlined tests For tests, six lists 10 most downloaded free from three countries two stores selected. As some part these top more than one country, 53 unique tested. Results: Out tested European App Stores Android iOS, 21/53 (40%) showed critical results. All 21 failed guarantee integrity displayed. A total 18 leaked private or observable way that compromised between servers; 17 unprotected connections; validate certificates correctly. None utilized certificate pinning. Many employed analytics ad providers, undermining user privacy. Conclusions: many do not apply sufficient measures. common issue was use any kind connection. secure connections only selected tasks, leaving all other traffic vulnerable. [JMIR Mhealth Uhealth 2017;5(10):e147]
jmir.org
sci-hub.st 参考文章(32)
Alexios Mylonas, Vasilis Meletiadis, Bill Tsoumas, Lilian Mitrou, Dimitris Gritzalis, Smartphone Forensics: A Proactive Investigation Scheme for Evidence Acquisition information security conference. pp. 249- 260 ,(2012) , 10.1007/978-3-642-30436-1_21
Claude Castelluccia, Mohamed-Ali Kaafar, Minh-Dung Tran, Betrayed by your ads!: reconstructing user profiles from targeted ads privacy enhancing technologies. pp. 1- 17 ,(2012) , 10.1007/978-3-642-31680-7_1
Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, Vitaly Shmatikov, Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations ieee symposium on security and privacy. ,vol. 2014, pp. 114- 129 ,(2014) , 10.1109/SP.2014.15
Thomas Lorchan Lewis, Jeremy C Wyatt, None, mHealth and Mobile Medical Apps: A Framework to Assess Risk and Promote Safer Use Journal of Medical Internet Research. ,vol. 16, ,(2014) , 10.2196/JMIR.3133
Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, Andrew C. Myers, Fabric: a platform for secure distributed computation and storage symposium on operating systems principles. pp. 321- 334 ,(2009) , 10.1145/1629575.1629606
Terence Chen, Imdad Ullah, Mohamed Ali Kaafar, Roksana Boreli, Information leakage through mobile analytics services workshop on mobile computing systems and applications. pp. 15- ,(2014) , 10.1145/2565585.2565593
Sunyaev, Consumer Facing Health Care Systems E-service Journal. ,vol. 9, pp. 1- 23 ,(2014) , 10.2979/ESERVICEJ.9.2.1
Tobias Dehling, Fangjian Gao, Stephan Schneider, Ali Sunyaev, Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android Jmir mhealth and uhealth. ,vol. 3, pp. 8- ,(2015) , 10.2196/MHEALTH.3672
Patricia N. Mechael, The Case for mHealth in Developing Countries Innovations: Technology, Governance, Globalization. ,vol. 4, pp. 103- 118 ,(2009) , 10.1162/ITGG.2009.4.1.103
R.S.H. Istepanian, E. Jovanov, Y.T. Zhang, Guest Editorial Introduction to the Special Section on M-Health: Beyond Seamless Mobility and Global Wireless Health-Care Connectivity international conference of the ieee engineering in medicine and biology society. ,vol. 8, pp. 405- 414 ,(2004) , 10.1109/TITB.2004.840019