当前位置:
X-MOL 学术
›
J. Am. Med. Inform. Assoc.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Analyzing security issues of android mobile health and medical applications
Journal of the American Medical Informatics Association ( IF 6.4 ) Pub Date : 2021-08-12 , DOI: 10.1093/jamia/ocab131 Gioacchino Tangari 1 , Muhammad Ikram 1 , I Wayan Budi Sentana 1 , Kiran Ijaz 2 , Mohamed Ali Kaafar 1 , Shlomo Berkovsky 2
中文翻译:
安卓移动健康医疗应用安全问题分析
更新日期:2021-09-20
Journal of the American Medical Informatics Association ( IF 6.4 ) Pub Date : 2021-08-12 , DOI: 10.1093/jamia/ocab131 Gioacchino Tangari 1 , Muhammad Ikram 1 , I Wayan Budi Sentana 1 , Kiran Ijaz 2 , Mohamed Ali Kaafar 1 , Shlomo Berkovsky 2
Affiliation
Abstract
Objective
We conduct a first large-scale analysis of mobile health (mHealth) apps available on Google Play with the goal of providing a comprehensive view of mHealth apps’ security features and gauging the associated risks for mHealth users and their data.Materials and Methods
We designed an app collection platform that discovered and downloaded more than 20 000 mHealth apps from the Medical and Health & Fitness categories on Google Play. We performed a suite of app code and traffic measurements to highlight a range of app security flaws: certificate security, sensitive or unnecessary permission requests, malware presence, communication security, and security-related concerns raised in user reviews.Results
Compared to baseline non-mHealth apps, mHealth apps generally adopt more reliable signing mechanisms and request fewer dangerous permissions. However, significant fractions of mHealth apps expose users to serious security risks. Specifically, 1.8% of mHealth apps package suspicious codes (eg, trojans), 45.0% rely on unencrypted communication, and as much as 23.0% of personal data (eg, location information and passwords) is sent on unsecured traffic. An analysis of the app reviews reveals that mHealth app users are largely unaware of the surfaced security issues.Conclusion
Despite being better aligned with security best practices than non-mHealth apps, mHealth apps are still far from ensuring robust security guarantees. App users, clinicians, technology developers, and policy makers alike should be cognizant of the uncovered security issues and weigh them carefully against the benefits of mHealth apps.
中文翻译:
安卓移动健康医疗应用安全问题分析
摘要
客观的
我们对 Google Play 上可用的移动健康 (mHealth) 应用程序进行了首次大规模分析,目的是全面了解 mHealth 应用程序的安全功能,并衡量 mHealth 用户及其数据的相关风险。材料和方法
我们设计了一个应用程序收集平台,该平台从Google Play 上的医疗和健康与健身类别中发现并下载了 20 000 多个移动健康应用程序。我们执行了一套应用代码和流量测量,以突出一系列应用安全漏洞:证书安全、敏感或不必要的权限请求、恶意软件存在、通信安全以及用户评论中提出的与安全相关的问题。结果
与基准非移动健康应用相比,移动健康应用通常采用更可靠的签名机制,请求的危险权限更少。然而,很大一部分移动医疗应用程序使用户面临严重的安全风险。具体而言,1.8% 的移动医疗应用程序打包可疑代码(例如木马),45.0% 依赖于未加密的通信,多达 23.0% 的个人数据(例如位置信息和密码)是通过不安全的流量发送的。对应用程序评论的分析表明,移动医疗应用程序用户基本上不知道浮出水面的安全问题。结论
尽管与非移动健康应用程序相比,移动健康应用程序更符合安全最佳实践,但仍远未确保强大的安全保证。应用程序用户、临床医生、技术开发人员和政策制定者都应该意识到未发现的安全问题,并仔细权衡它们与移动医疗应用程序的好处。
京公网安备 11010802027423号