21 research outputs found
Empirical Studies on Secure Development and Usage of Mobile Health Applications
Mobile technologies, comprising portable devices, context-sensitive software applications, and wireless networking protocols, are being increasingly adopted to exploit services offered for pervasive computing platforms. The utilisation of mobile health (mHealth) apps in the healthcare domain has become a promising tool to improve and support delivering health services in a pervasive manner. mHealth apps enable health professionals and providers to monitor their patients remotely (e.g., managing patients with chronic diseases). mHealth apps enable expanding healthcare coverage (e.g., reaching places where little or no healthcare is available). Furthermore, mHealth apps were used to reduce the spread of disease and infection (e.g., the Covid-19 tracking apps). The use of mHealth apps will enhance the quality of healthcare, reduce the cost, and more convenient for patients. The security of mHealth apps becomes a significant concern due to the privacy and integrity of health-critical data. The interest of attackers in healthcritical data (medical records, clinical reports, disease symptoms, etc.) has increased due to its value in the ‘black market’ as well as the social, legal, and financial consequences of compromised data. This thesis focuses on understanding the security of mHealth apps based on (a) developers' and (b) end-users perspectives by conducting a set of empirical studies. To empirically investigate the existing research, a systematic literature review (SLR) was conducted to gain a deeper understanding of the security challenges, which hinder the development of secure mHealth apps. Based on the findings of the SLR, first, we conducted a survey-based study - involving 97 mHealth apps developers from 25 countries and six continents to investigate the practitioners’ perspectives on security challenges, practices, and motivational factors that help developers to ensure the security of mHealth apps. Second, we conducted survey research - involving 101 endusers from two Saudi Arabian health providers to examine their security awareness about using clinical mHealth apps. We complement the end-users research by conducting an attack simulation study - involving 105 end-users from 14 countries and five continents to investigate their security behaviours when using mHealth apps. The empirical studies in this thesis contribute to (i) providing developers' perspectives on critical challenges, best practices, and motivating factors that support the engineering and development of emerging and next-generation secure mHealth apps; (ii) providing empirical evidence and a set of guidelines to facilitate researchers, practitioners, and stakeholders to develop and adopt secure mHealth apps for clinical practices and public health; (iii) providing empirical evidence using action-driven measurement on human security behaviour when using mHealth apps, and presented the potential mechanisms that lead end-users to make improper security decisions.Thesis (Ph.D.) -- University of Adelaide, School of Computer Science, 202
Challenges With Developing Secure Mobile Health Applications: Systematic Review
BackgroundMobile health (mHealth) apps have gained significant popularity over the last few years due to their tremendous benefits, such as lowering health care costs and increasing patient awareness. However, the sensitivity of health care data makes the security of mHealth apps a serious concern. Poor security practices and lack of security knowledge on the developers’ side can cause several vulnerabilities in mHealth apps.
ObjectiveIn this review paper, we aimed to identify and analyze the reported challenges concerning security that developers of mHealth apps face. Additionally, our study aimed to develop a conceptual framework with the challenges for developing secure apps faced by mHealth app development organizations. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps.
MethodsWe followed the systematic literature review method for this review. We selected studies that were published between January 2008 and October 2020 since the major app stores launched in 2008. We selected 32 primary studies using predefined criteria and used a thematic analysis method for analyzing the extracted data.
ResultsOf the 1867 articles obtained, 32 were included in this review based on the predefined criteria. We identified 9 challenges that can affect the development of secure mHealth apps. These challenges include lack of security guidelines and regulations for developing secure mHealth apps (20/32, 63%), developers’ lack of knowledge and expertise for secure mHealth app development (18/32, 56%), lack of stakeholders’ involvement during mHealth app development (6/32, 19%), no/little developer attention towards the security of mHealth apps (5/32, 16%), lack of resources for developing a secure mHealth app (4/32, 13%), project constraints during the mHealth app development process (4/32, 13%), lack of security testing during mHealth app development (4/32, 13%), developers’ lack of motivation and ethical considerations (3/32, 9%), and lack of security experts’ engagement during mHealth app development (2/32, 6%). Based on our analysis, we have presented a conceptual framework that highlights the correlation between the identified challenges.
ConclusionsWhile mHealth app development organizations might overlook security, we conclude that our findings can help them to identify the weaknesses and improve their security practices. Similarly, mHealth app developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth app development
An empirical study on secure usage of mobile health apps : the attack simulation approach
Context: Mobile applications (apps) have proven their usefulness in enhancing service provisioning across a multitude of domains that range from smart healthcare, to mobile commerce, and areas of context-sensitive computing. In smart healthcare context, mobile health (mHealth) apps - representing a specific genre of mobile apps that manage health information - face some critical challenges relating to security and privacy of device and user data. In recent years, a number of empirically grounded, survey-based studies have been conducted to investigate secure usage of mHealth apps. However, such studies rely on self-reported behaviors documented via interviews or survey questions that lack practical approaches that can simulate attack scenario for monitoring users’ actions and behaviors while using mHealth apps. Objective: Our objective was to conduct an empirical study - engaging participants with attack simulation scenarios and analyze their actions - for investigating the security awareness of mHealth app users. Method: We simulated some common security attack scenarios in mHealth context and engaged a total of 105 app users to monitor their actions and analyze their behavior. We analyzed users' data with statistical analysis including correlations test, descriptive analysis, and qualitative data analysis (i.e., thematic analysis method). Results: Our results indicate that whilst the minority of our participants perceived access permissions positively, the majority had negative views. Users provide their consent, granting permissions, without a careful review of privacy policies that leads to undesired or malicious access to health data. Findings also indicated that 73.3% of our participants had denied at least one access permission, and 36% of our participants preferred no authentication method. Conclusion: The study complements existing research on secure usage of mHealth apps, simulates security threats to monitor users’ actions, and provides empirically grounded guidelines for secure development and usage of mobile health systems
Security awareness of end-users of mobile health applications : An empirical study
Mobile systems offer portable and interactive computing - empowering users - to exploit a multitude of context-sensitive services, including mobile healthcare. Mobile health applications (i.e., mHealth apps) are revolutionizing the healthcare sector by enabling stakeholders to produce and consume healthcare services. A widespread adoption of mHealth technologies and rapid increase in mHealth apps entail a critical challenge, i.e., lack of security awareness by end-users regarding health-critical data. This paper presents an empirical study aimed at exploring the security awareness of end-users of mHealth apps. We collaborated with two mHealth providers in Saudi Arabia to gather data from 101 end-users. The results reveal that despite having the required knowledge, end-users lack appropriate behaviour, i.e., reluctance or lack of understanding to adopt security practices that compromise health-critical data with social, legal, and financial consequences. The results emphasize that mHealth providers should ensure security training of endusers (e.g., threat analysis workshops), promote best practices to enforce security (e.g., multi-step authentication), and adopt suitable mHealth apps (e.g., trade-offs between security vs usability). The study provides empirical evidence and a set of guidelines about security awareness of mHealth apps
End-users’ knowledge and perception about security of clinical mobile health apps : A case study with two Saudi Arabian mHealth providers
Mobile health apps (mHealth apps) are being increasingly adopted in the healthcare sector, enabling stakeholders such as medics and patients, to utilize health services in a pervasive manner. Despite having several benefits, mHealth apps entail significant security and privacy challenges that can lead to data breaches with serious social, legal, and financial consequences. This research presents an empirical investigation into security awareness of end-users of mHealth apps that are available on major mobile platforms. We conducted end-users’ survey-driven case study research in collaboration with two mHealth providers in Saudi Arabia to survey 101 end-users, investigating their security awareness about (i) existing and desired security features, (ii) security-related issues, and (iii) methods to improve security knowledge. The results indicate that while security awareness among the different demographic groups was statistically significant based on their IT knowledge level and education level ,security awareness based on gender, age, and frequency of mHealth app usage was not statistically significant. We also found that the majority of the end-users are unaware of the existing security features provided (e.g., restricted app permissions); however, they desire usable security (e.g., biometric authentication) and are concerned about the privacy of their health information (e.g., data anonymization). End-users suggested that protocols such as two-factor authentication positively impact security but compromise usability. Security-awareness via peer guidance, or training from app providers can increase end-users’ trust in mHealth apps. This research investigates human-centric knowledge based on a case study and provides a set of guidelines to develop secure and usable mHealth apps
An empirical study on developing secure mobile health apps : The developers' perspective
Mobile apps exploit embedded sensors and wireless connectivity of a device to empower users with portable computations, context-aware communication, and enhanced interaction. Specifically, mobile health apps (mHealth apps for short) are becoming integral part of mobile and pervasive computing to improve the availability and quality of healthcare services. Despite the offered benefits, mHealth apps face a critical challenge, i.e., security of health-critical data that is produced and consumed by the app. Several studies have revealed that security specific issues of mHealth apps have not been adequately addressed. The objectives of this study are to empirically (a) investigate the challenges that hinder development of secure mHealth apps, (b) identify practices to develop secure apps, and (c) explore motivating factors that influence secure development. We conducted this study by collecting responses of 97 developers from 25 countries - across 06 continents - working in diverse teams and roles to develop mHealth apps for Android, iOS, and Windows platform. Qualitative analysis of the survey data is based on (i) 8 critical challenges, (ii) taxonomy of best practices to ensure security, and (iii) 6 motivating factors that impact secure mHealth apps. This research provides empirical evidence as practitioners' view and guidelines to develop emerging and next generation of secure mHealth apps
The effect of body acceleration on the generalized power law model of blood flow in a stenosed artery
An exploration study on developing blockchain systems–the practitioners' perspective
Abstract
Context:
Blockchain-based software (BBS) builds upon the foundational technologies of cryptocurrencies like Bitcoin, utilising decentralised, immutable ledgers, to support the development and operation of security-critical and transaction-intensive systems and services. In recent years, a number of research studies have investigated the strategic benefits and technical limitations of BBS that is central to the operations of a wide variety of systems ranging from cyber security, healthcare, education, and financial technologies. Despite an increasing interest both from academia and industry in BBS, there is a dearth of empirical evidence resulting in a lack of understanding about processes, methods, and techniques to enable a systematic development of this class of software systems.
Objectives:
Existing research lacks a consolidated view, particularly empirically-driven guidelines based on published evidence and development practices. Therefore, our objective is to derive new or leverage existing development processes, patterns, and models to design, implement, and validate BBS systems.
Method:
Tied to this knowledge gap, we conducted a two-phase research that unifies the findings of (i) a systematic literature review and (ii) practitioners’ survey to derive and validate the development process for BBS systems. First, we conducted a systematic literature review of 58 studies to derive a process comprising of 26 activities, to develop BBS systems. We than engaged 102 blockchain practitioners from, 35 countries across 6 continents to validate the BBS system development processes.
Results:
Our results revealed a statistically significant difference (p-value < .001) in the importance ratings of 24 out of 26 BBS activities by our participants. The only two activities that were not statistically significant were incentive protocol design and granularity design. Our study also presented some of the activities that have been emphasised by our participants within the different development phases (i.e., Analysis Phase, Design Phase, Implementation Phase, Deployment Phase, and Execution and Maintenance Phase).
Conclusion:
Our research is among the first to advance understanding on the aspect of development process for BBS and helps researchers and practitioners in their quests on challenges and recommendations associated with the development of BBS systems.Abstract
Context:
Blockchain-based software (BBS) builds upon the foundational technologies of cryptocurrencies like Bitcoin, utilising decentralised, immutable ledgers, to support the development and operation of security-critical and transaction-intensive systems and services. In recent years, a number of research studies have investigated the strategic benefits and technical limitations of BBS that is central to the operations of a wide variety of systems ranging from cyber security, healthcare, education, and financial technologies. Despite an increasing interest both from academia and industry in BBS, there is a dearth of empirical evidence resulting in a lack of understanding about processes, methods, and techniques to enable a systematic development of this class of software systems.
Objectives:
Existing research lacks a consolidated view, particularly empirically-driven guidelines based on published evidence and development practices. Therefore, our objective is to derive new or leverage existing development processes, patterns, and models to design, implement, and validate BBS systems.
Method:
Tied to this knowledge gap, we conducted a two-phase research that unifies the findings of (i) a systematic literature review and (ii) practitioners’ survey to derive and validate the development process for BBS systems. First, we conducted a systematic literature review of 58 studies to derive a process comprising of 26 activities, to develop BBS systems. We than engaged 102 blockchain practitioners from, 35 countries across 6 continents to validate the BBS system development processes.
Results:
Our results revealed a statistically significant difference (p-value < .001) in the importance ratings of 24 out of 26 BBS activities by our participants. The only two activities that were not statistically significant were incentive protocol design and granularity design. Our study also presented some of the activities that have been emphasised by our participants within the different development phases (i.e., Analysis Phase, Design Phase, Implementation Phase, Deployment Phase, and Execution and Maintenance Phase).
Conclusion:
Our research is among the first to advance understanding on the aspect of development process for BBS and helps researchers and practitioners in their quests on challenges and recommendations associated with the development of BBS systems
