how private is your mobile health advisor free popular m
play

How private is your mobile health advisor? Free popular m-Health - PowerPoint PPT Presentation

Sep 25, 2022 •42 likes •302 views

How private is your mobile health advisor? Free popular m-Health apps under review Papageorgiou A. , Strigkos M., Politou E., Alepis E., Solanas. A, Patsakis C. Cryptacus: Workshop & MC meeting 2017 Android OS & apps Usages: Smart

  1. How private is your mobile health advisor? Free popular m-Health apps under review Papageorgiou A. , Strigkos M., Politou E., Alepis E., Solanas. A, Patsakis C. Cryptacus: Workshop & MC meeting 2017

  2. Android OS & apps Usages: Smart phones Wearables Smart cars Smart TV Monitors Smart home apps and more… Wearables Embedded portable devices How private is your mobile health advisor? Free popular m-Health apps under review

  3. Problem statement • Million of users today are sharing their health data using apps • Many different publishers/developers from all over the world store & process users’ data • Ground truth : Users do not know who can trust and in most of the cases blindly trust the most popular apps How private is your mobile health advisor? Free popular m-Health apps under review

  4. Health data sensitivity • Health data are considered to be sensitive data by all of the well-known regulations e.g. HIPAA, PIPEDA, GDPR etc. • Health data can harm the reputation of a person and/or create financial costs. • Anyone would expect that at least the popular apps would protect their users’ health data How private is your mobile health advisor? Free popular m-Health apps under review

  5. Research questions • What data are shared with whom (vendors, third parties)? • Are these data transmitted securely? • How do developers respond to bug reports? • How well prepared are we for the General Data Privacy Regulation ( GDPR )? How private is your mobile health advisor? Free popular m-Health apps under review

  6. Our sample 20 apps for (i) pregnancy and baby growth, (ii) . personal/family members‘ health agenda and symptoms assistants/checkers, (iii) blood pressure and diabetes support • Content in English • Minimum rating of 3.5/5 stars on Google Play Downloads #of apps 5.000.000 – 10.000.000 2 1.000.000 – 5.000.000 9 500.000 – 1.000.000 3 100.000 – 500.000 6 Stats by Google Play up to 01/2016 when we started the first round of APK collection How private is your mobile health advisor? Free popular m-Health apps under review

  7. Steps of our methodology • We carefully read the scope and objectives of each app and emulate a typical user's behavior • Privacy policies inspection • Dynamic analysis (web debugging tool) • SSL/TLS assessment (ssllabs.com) • Reporting and Re-evaluation • Examination of critical GDPR functional and non- functional requirements How private is your mobile health advisor? Free popular m-Health apps under review

  8. Market response analysis Collection of apps Evaluation process -02/2016 Privacy & market Reportings to App Vendors response experiment Re-evaluation of the 19 remaining apps - 08/2017 GDPR requirements checks How private is your mobile health advisor? Free popular m-Health apps under review

  9. Findings – Health data • 80% (16/20) of apps transmitted health data over the network – 20% (4/20) stored them locally • 50% (8/16) of apps shared health data at least with one third party entity – 75% (6/8) of them over HTTP • 44% (7/16) of apps that transmitted health data sent them via GET requests including the health data at the URLs How private is your mobile health advisor? Free popular m-Health apps under review

  10. Findings – The user’s multimedia • 20% (4/20) of the apps requested them • 50% (2/4) of those over HTTP • 75% (3/4) of the apps transmitted them to third party storage • Static links Patsakis, C., Zigomitros, A., Papageorgiou, A., & Solanas, A. (2014). Privacy and security for multimedia content shared on OSNs: issues and countermeasures. The Computer Journal , 58 (4), 518-535. How private is your mobile health advisor? Free popular m-Health apps under review

  11. Findings – The app’s multimedia There is no need to be a psychic! The unencrypted transmission of multimedia content can easily lead to the exposure of the scope of the app, or even the condition of the user instantly! How private is your mobile health advisor? Free popular m-Health apps under review

  12. Findings – Location • 35% (7/20) of the apps transmitted users' geolocation information or the address • 49% (3/7) of those apps sent the location over HTTP • 71% (5/7) of the apps that transmitted users' location requested it with a GET request • One app sent user’s location to 2 of its 3rd party ad services at a rate of almost one request per 3 seconds over HTTP connections via GET requests How private is your mobile health advisor? Free popular m-Health apps under review

  13. Findings – Email address • 15 apps were found to transmit at least to one domain the user’s email address • 33% (5/15) used HTTP • 60% (5/15) of them sent it to a third party • One of them sent it an unknown IP couldn't be identified based on online resources. How private is your mobile health advisor? Free popular m-Health apps under review

  14. Findings – Search queries • 25% (5/20) of the apps transmitted the search queries of their users • Only one app over HTTPS! • 80% (4/5) of the apps sent the searches to third parties • Two of the apps sent the health related queries to 16 different 3rd party domains • ALL of the apps that found to transmit their users’ search queries used GET requests. How private is your mobile health advisor? Free popular m-Health apps under review

  15. Findings – Chat • We found 2 apps containing chat functionalities • Chat is the place where users discuss their health issues and occasionally ask questions or help • No encryption! Don’t worry nobody will find it here! I also Hello, I have have health issues. health issues, but Let’s talk! at my job they don’t know anything! How private is your mobile health advisor? Free popular m-Health apps under review

  16. Findings – SSL/TLS Number of HTTPS connections for each data category per SSL grade based on ssllabs.com results https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide How private is your mobile health advisor? Free popular m-Health apps under review

  17. Re-evaluation and market response By the end of July to August 2017 we ran a re- evaluation process using the updated versions of APKs How private is your mobile health advisor? Free popular m-Health apps under review

  18. Meanwhile… • Google notified by email the developers since the early 2017 to provide a valid privacy policy when they are requesting sensitive permissions or user data either their apps are at risk of removal from the Play Store on March 15 How private is your mobile health advisor? Free popular m-Health apps under review

  19. Findings – Privacy Policy (02/2016) Before our reportings 2/20 apps do not provided any link, οne app provided a link to non-English content, one app provided a link to a 404 error page (07/2017) After our reportings and Google’s recommendations by email Only one of the apps responded providing a link to a valid Privacy policy section How private is your mobile health advisor? Free popular m-Health apps under review

  20. Major & Minor issues Major • 75% had major issues • 53% of them fixed at least one major issue • 27% of them fixed all of the reported issues Minor • 60% had minor issues • 42% of them fixed at least one minor issue • 25% of them fixed all of the reported issues How private is your mobile health advisor? Free popular m-Health apps under review

  21. GDPR readiness - 25th May 2018 Consent • Only one apps is found to asks for user consent up front each time the user provides additional information Right to withdraw consent • 37% of the apps provide a mechanism to user to withdraw its consent, and allow the erasure of any previously consented information Right to data portability • 37% of the apps provide a mechanism to send, upon request, the personal data to another entity in a machine readable format Transfer to third countries • 42% of apps notify their users in advance, even before their registration, that they are sharing data with third parties. Only 21% of apps in a functional manner (i.e. pop up with a checkbox) How private is your mobile health advisor? Free popular m-Health apps under review

  22. Conclusions • Very sensitive data are managed by apps that are vulnerable to simple sniffing attacks • Most of the detected vulnerabilities have very simple solutions that do not require much effort to fix, but only few apps fixed them • Users can be victims of user profiling, blackmailing, stalking, defamation, and even identity theft for economical or reputation attacks How private is your mobile health advisor? Free popular m-Health apps under review

  23. Open challenges • App developers/publishers seem to keep repeating the same mistakes over every new software environment • Will GDPR change this situation? • We are in the IoT era; What about wearables? Would you ‘wear’ such an app to your body? How private is your mobile health advisor? Free popular m-Health apps under review

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Private Sector Engagement Policy Susan Rae Ross, Sr. Private Sector Engagement Advisor

Private Sector Engagement Policy Susan Rae Ross, Sr. Private Sector Engagement Advisor

Private Sector Engagement Policy Susan Rae Ross, Sr. Private Sector Engagement Advisor USAID/Global Health August 27, 2019 1 AGENDA Overview of PSE Policy Market-Based Approaches Who is the Private Sector in PSE Ways

875 views • 23 slides
Tax-Free Exchange Advisor More Flexibility for Reverse Exchanges but replaces that risk with the

Tax-Free Exchange Advisor More Flexibility for Reverse Exchanges but replaces that risk with the

miller nash llp | Fall 2014 brought to you by the tax law practice team Tax-Free Exchange Advisor More Flexibility for Reverse Exchanges but replaces that risk with the fact that The facts of Private Letter Ruling the exchange will fail if the

306 views • 6 slides
Ken Globerman Strategic Advisor to Tequila Mobiles Board Tequila Mobile Tequila Mobile Case

Ken Globerman Strategic Advisor to Tequila Mobiles Board Tequila Mobile Tequila Mobile Case

Ken Globerman Strategic Advisor to Tequila Mobiles Board Tequila Mobile Tequila Mobile Case Study Ken Globerman Board Advisor, Tequila Mobile SA i The biggest mobile game production ever carried in Poland Tequila Mobile timeline $7M

142 views • 13 slides
Customer Presentation Advisor Management Software Company private Advisor Management Advisor

Customer Presentation Advisor Management Software Company private Advisor Management Advisor

Customer Presentation Advisor Management Software Company private Advisor Management Advisor Management Software Characteristics, Concept, Features & Benefits Integration of Security systems Intrusion, Access, Video, Fire

558 views • 24 slides
HEALTH SUMMARY OF THE PRESENTATION TO THE HEALTH MARKET INQUIRY Contents FSDoH Private

HEALTH SUMMARY OF THE PRESENTATION TO THE HEALTH MARKET INQUIRY Contents FSDoH Private

FREE STATE DEPARTMENT OF HEALTH SUMMARY OF THE PRESENTATION TO THE HEALTH MARKET INQUIRY Contents FSDoH Private Facilities per District Public-Private-Partnership; Netcare/CHM Remunerative Work Outside Public Service Radiology

707 views • 35 slides
Overview Operated by AltaPointe Health Free-standing psychiatric hospital located in Mobile, AL

Overview Operated by AltaPointe Health Free-standing psychiatric hospital located in Mobile, AL

Overview Operated by AltaPointe Health Free-standing psychiatric hospital located in Mobile, AL Treat children & adolescents ages 5-18 with extremely challenging psychiatric and behavioral problems Serve all of AL and MS Accredited by

578 views • 18 slides
Smoke-Free Housing New Yorkers Deserve Smoke-Free Air Why Smoke-Free Housing in NYC? Its

Smoke-Free Housing New Yorkers Deserve Smoke-Free Air Why Smoke-Free Housing in NYC? Its

Smoke-Free Housing New Yorkers Deserve Smoke-Free Air Why Smoke-Free Housing in NYC? Its good for health Its good for business Its popular among residents & owners We Need to Protect Our Littlest New Yorkers SHS

289 views • 13 slides
Mobile Health Monitoring health and well-being using mobile devices, wearable sensors, and smart

Mobile Health Monitoring health and well-being using mobile devices, wearable sensors, and smart

6.808: Mobile and Sensor Computing aka IoT Systems Lecture 11: Mobile Health Mobile Health Monitoring health and well-being using mobile devices, wearable sensors, and smart environments Applications: What do we want to measure? And why?

1.09k views • 73 slides
Mina Kwon - 2019.11.12 - Introduction Introduction mHealth , mobile health

Mina Kwon - 2019.11.12 - Introduction Introduction mHealth , mobile health

Mina Kwon - 2019.11.12 - Introduction Introduction mHealth , mobile health intervention, is a popular option for losing weight. Dietary lapses , non-adherence to reduced calorie dietary prescriptions, is a key challenge for

674 views • 34 slides
Tax-Free Exchange Advisor Related-Party Exchanges Can Sometimes Be Tax-Free party if both parties

Tax-Free Exchange Advisor Related-Party Exchanges Can Sometimes Be Tax-Free party if both parties

miller nash llp | Winter 2012 brought to you by the tax law practice team Tax-Free Exchange Advisor Related-Party Exchanges Can Sometimes Be Tax-Free party if both parties wait two years before Rul 200730002 (Apr. 26, 2007); Priv Ltr disposing

306 views • 6 slides
Bootstrap Most popular HTML, CSS, and JS framework for developing responsive, mobile first

Bootstrap Most popular HTML, CSS, and JS framework for developing responsive, mobile first

Bootstrap Most popular HTML, CSS, and JS framework for developing responsive, mobile first projects on the web About Bootstrap Designed for everyone, everywhere makes front-end web development faster and easier. It's made for folks

123 views • 9 slides
MOBILE APP PDF Client Presentation FREE APP FOR ALL The ultimate Mobile App for Fans, Drivers

MOBILE APP PDF Client Presentation FREE APP FOR ALL The ultimate Mobile App for Fans, Drivers

Keynote MOBILE APP PDF Client Presentation FREE APP FOR ALL The ultimate Mobile App for Fans, Drivers & Teams INTRODUCTION Key features of new App Works on all Apple iOS & Android devices Centralise all your official content in one

457 views • 21 slides
Deirdre Whyte Business Advisor Health and Safety Works NI Health and Safety Works NI is the

Deirdre Whyte Business Advisor Health and Safety Works NI Health and Safety Works NI is the

Deirdre Whyte Business Advisor Health and Safety Works NI Health and Safety Works NI is the small business advisory service of HSENI Health and Safety Works NI is a free and confidential service offering practical advice and guidance from

357 views • 25 slides
Cell free DNA: Disclosures The Popular Press vs The Evidence Mary E Norton, MD Professor of

Cell free DNA: Disclosures The Popular Press vs The Evidence Mary E Norton, MD Professor of

6/5/2014 Cell free DNA: Disclosures The Popular Press vs The Evidence Mary E Norton, MD Professor of Obstetrics, Gynecology & Reproductive Sciences; UCSF Principal Investigator of ongoing clinical trial Antepartum and Intrapartum

205 views • 18 slides
Benefits - Free Health Check-Up Every Member of Bonanza Health Card is eligible for a FREE

Benefits - Free Health Check-Up Every Member of Bonanza Health Card is eligible for a FREE

Benefits - Free Health Check-Up Every Member of Bonanza Health Card is eligible for a FREE Health Check-up worth Rs 2000 on enrollment. Following are the tests that are included in the Free Health Check-up Package. Benefits Concierge

297 views • 11 slides
Private Sector Consultation Faisal Naru Chief Regulatory Advisor, USAID/VNCI Private Sector

Private Sector Consultation Faisal Naru Chief Regulatory Advisor, USAID/VNCI Private Sector

ASEAN-OECD Meeting on Regulatory Reform 25 26 November 2010 Private Sector Consultation Faisal Naru Chief Regulatory Advisor, USAID/VNCI Private Sector Consultation Agenda 1. Why Consult? 2. UK Consultation Code 3. Private Sector

553 views • 16 slides
Smack In 2016 Casey Schaufler 1 Tizen Number one in the smart TV market 36% Second to Apple

Smack In 2016 Casey Schaufler 1 Tizen Number one in the smart TV market 36% Second to Apple

Smack In 2016 Casey Schaufler 1 Tizen Number one in the smart TV market 36% Second to Apple in smart watches 16% Fourth largest smart phone OS www.tizen.org 2 2 Other Projects 3 3 Application Launching Simplified Somewhat like

288 views • 6 slides
dra$-dthakore-tls-authz Dra$-03 IETF 86, Orlando

dra$-dthakore-tls-authz Dra$-03 IETF 86, Orlando

dra$-dthakore-tls-authz Dra$-03 IETF 86, Orlando Quick Recap Proposal ? Allow for the exchange of DTCP cerIficates as authorizaIon data in

214 views • 6 slides
On Privacy-Preserving Protocols for Smart Metering Systems Defense - Verteidigung - Seminrio de

On Privacy-Preserving Protocols for Smart Metering Systems Defense - Verteidigung - Seminrio de

On Privacy-Preserving Protocols for Smart Metering Systems Defense - Verteidigung - Seminrio de Ps-Graduao Fbio Borges Laboratrio Nacional de Computao Cientfica (LNCC) Coordenao de Sistemas e Redes (CSR) Table of Contents

1.53k views • 115 slides
Building Energy Data Analytics: Current Status and Future Directions Brock Glasgo, Postdoctoral

Building Energy Data Analytics: Current Status and Future Directions Brock Glasgo, Postdoctoral

Building Energy Data Analytics: Current Status and Future Directions Brock Glasgo, Postdoctoral Research Associate 7 th Annual High Performance Buildings Summit Cincinnati, OH | October 4, 2018 2 Motivation Buildings generate more data

1.72k views • 33 slides
SunyoungKim,PhD Group project website Individual project Create an individual project

SunyoungKim,PhD Group project website Individual project Create an individual project

Human-Computer Interaction Individual Project Assignment I2 SunyoungKim,PhD Group project website Individual project Create an individual project website Set up a project website using a Google site, and add three menus - Introduce

123 views • 10 slides
Programming an intelligent watch Gavin Lam Supervisor: Prof Francis Lau Navik - Cycling

Programming an intelligent watch Gavin Lam Supervisor: Prof Francis Lau Navik - Cycling

Programming an intelligent watch Gavin Lam Supervisor: Prof Francis Lau Navik - Cycling navigation, with smartwatch compatibility Navik Cycling navigation solution Feature Highlights Offline Map Overview Route planning

262 views • 10 slides
Lecture for March 7, 2016 ECS 235A UC Davis Matt Bishop March 7, 2016 ECS 235A, Matt Bishop

Lecture for March 7, 2016 ECS 235A UC Davis Matt Bishop March 7, 2016 ECS 235A, Matt Bishop

Lecture for March 7, 2016 ECS 235A UC Davis Matt Bishop March 7, 2016 ECS 235A, Matt Bishop Slide #1 Presentations for Monday, March 7 Shiqi Xiong: Questioner: Jonathan Nguyen Context-Free Attacks Using Keyboard Acoustic

273 views • 4 slides
Pebble INTRODUCTION AND HANDS-ON Introduction to the Pebble smartwatch. Installation of the SDK

Pebble INTRODUCTION AND HANDS-ON Introduction to the Pebble smartwatch. Installation of the SDK

Pebble INTRODUCTION AND HANDS-ON Introduction to the Pebble smartwatch. Installation of the SDK and base operations with Python. Im the Pebble A smartwatch http://getpebble.com Project funded on Kickstarter, initially on May,

443 views • 18 slides

More recommend