Accepted author manuscript, 1.97 MB, PDF document
Available under license: CC BY: Creative Commons Attribution 4.0 International License
Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - An empirical study on secure usage of mobile health apps
T2 - the attack simulation approach
AU - Aljedaani, Bakheet
AU - Ahmad, Aakash
AU - Zahedi, Mansooreh
AU - Babar, Muhammad Ali
PY - 2023/11/30
Y1 - 2023/11/30
N2 - Context: Mobile applications (apps) have proven their usefulness in enhancing service provisioning across a multitude of domains that range from smart healthcare, to mobile commerce, and areas of context-sensitive computing. In smart healthcare context, mobile health (mHealth) apps - representing a specific genre of mobile apps that manage health information - face some critical challenges relating to security and privacy of device and user data. In recent years, a number of empirically grounded, survey-based studies have been conducted to investigate secure usage of mHealth apps. However, such studies rely on self-reported behaviors documented via interviews or survey questions that lack practical approaches that can simulate attack scenario for monitoring users’ actions and behaviors while using mHealth apps. Objective: Our objective was to conduct an empirical study - engaging participants with attack simulation scenarios and analyze their actions - for investigating the security awareness of mHealth app users. Method: We simulated some common security attack scenarios in mHealth context and engaged a total of 105 app users to monitor their actions and analyze their behavior. We analyzed users' data with statistical analysis including correlations test, descriptive analysis, and qualitative data analysis (i.e., thematic analysis method). Results: Our results indicate that whilst the minority of our participants perceived access permissions positively, the majority had negative views. Users provide their consent, granting permissions, without a careful review of privacy policies that leads to undesired or malicious access to health data. Findings also indicated that 73.3% of our participants had denied at least one access permission, and 36% of our participants preferred no authentication method. Conclusion: The study complements existing research on secure usage of mHealth apps, simulates security threats to monitor users’ actions, and provides empirically grounded guidelines for secure development and usage of mobile health systems.
AB - Context: Mobile applications (apps) have proven their usefulness in enhancing service provisioning across a multitude of domains that range from smart healthcare, to mobile commerce, and areas of context-sensitive computing. In smart healthcare context, mobile health (mHealth) apps - representing a specific genre of mobile apps that manage health information - face some critical challenges relating to security and privacy of device and user data. In recent years, a number of empirically grounded, survey-based studies have been conducted to investigate secure usage of mHealth apps. However, such studies rely on self-reported behaviors documented via interviews or survey questions that lack practical approaches that can simulate attack scenario for monitoring users’ actions and behaviors while using mHealth apps. Objective: Our objective was to conduct an empirical study - engaging participants with attack simulation scenarios and analyze their actions - for investigating the security awareness of mHealth app users. Method: We simulated some common security attack scenarios in mHealth context and engaged a total of 105 app users to monitor their actions and analyze their behavior. We analyzed users' data with statistical analysis including correlations test, descriptive analysis, and qualitative data analysis (i.e., thematic analysis method). Results: Our results indicate that whilst the minority of our participants perceived access permissions positively, the majority had negative views. Users provide their consent, granting permissions, without a careful review of privacy policies that leads to undesired or malicious access to health data. Findings also indicated that 73.3% of our participants had denied at least one access permission, and 36% of our participants preferred no authentication method. Conclusion: The study complements existing research on secure usage of mHealth apps, simulates security threats to monitor users’ actions, and provides empirically grounded guidelines for secure development and usage of mobile health systems.
KW - Empirical study
KW - Mobile computing
KW - Mobile healthcare (mHealth)
KW - Software engineering
U2 - 10.1016/j.infsof.2023.107285
DO - 10.1016/j.infsof.2023.107285
M3 - Journal article
AN - SCOPUS:85163448453
VL - 163
JO - Information and Software Technology
JF - Information and Software Technology
SN - 0950-5849
M1 - 107285
ER -