Evaluating the security risk of mobile apps

The Article: Dehling, T., Gao, F., Schneider, S., & Sunyaev, A. (2015). Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android. JMIR mHealth and uHealth, 3(1), e8. doi:10.2196/mhealth.3672

Big Idea: The number of mobile apps for health (mHealth) has rapidly proliferated. Given the large variations in health information collected an serves offered there is a wide range of security standards applied and possible risks to consumers.

Evidence: A systematic review of the app stores was conducted, apps were clustered 245 clusters and 12 app archetypes of security risks.

Quotable:

 

In there review they found 24,405 medical and health & fitness apps in the iOS and Android App Stores. The large majority were in iOS (21,952 versus 2,452).

 

“95.63% poses at least some potential damage through information security and privacy infringement

 

“Health IT faces various threats, for instance, intentional and unintentional disclosure or manipulation of information through insiders or outsiders, user errors, maintenance errors, software failures, or hardware failures, as well as environmental threats

 

The researchers came up with 12 app archetypes. mHealth App Archetypes

 

So What?

The article was well balanced, pointing out that all sides (developers, device manufacturers, providers and consumers) have a role to play in security and privacy in mHealth. The archetypes provide a nice framing device with a grading towards higher risks for breach at AT12. Given the push to adopt mobile apps and the excitement to use big data made available this article outlines considerations of the hazards involved. Organizations or individuals interested in developing apps should consider this when starting to plan in order to avoid critical incidents during their apps use.

No comments yet.

Leave a Reply