analyzing privacy risks of mhealth · pdf fileanalyzing privacy risks of mhealth ......
TRANSCRIPT
Analyzing privacy risks of mHealthapplications
Alexander Mense, Philipp Urbauer, Harald Wahl, Stefan Sauermann
© FH Technikum Wien 2
Agenda
• Motivation
• Analyzing health apps
• Results
• Discussion
© FH Technikum Wien 3
Motivation
• eHealth Team of University of Applied Sciences TechnikumWien has been working in the area of connecting Medical Devices / Personal Health Devices (PHD) since 2007– Main focus on interoperability using international standards
Medical Device
Personal Health Device
Monitoring Device
Web Portal
11073 Archiv
Statistik
Daten Extraktor
Hospital
Service
Electronic Health Record
Personal Health Record
Number of mobile applications (apps) is tremendously growing
165,000 health & medical apps now on the market
Additional gadgets of personal health devices and rising number of wearables
© FH Technikum Wien 4
http://www.imedicalapps.com/2015/09/ims-health-apps-report/#
samsung.com
„Professional“ Use
Use of mobile health apps in professional careenvironments
– e.g. Telemonitoring Architecture Austria
© FH Technikum Wien 5
Security & Privacy
Dealing with sensitive data implies privacy requirements – privacy implies security requirements
Well known, that many health apps cause security and privacy problems (even “officially” endorsed e.g. from “NHS England's Health Apps Library”)– Conceptional weaknesses of mobile OS
– Bad programming of apps
– Insecure data transmission
– Unknown data usage by developing company
– Data usage by third parties (analytics & advertising)
– …
© FH Technikum Wien 6
General Objective
Test environment and generic procedures for evaluation of security and privacy aspects of specific mHealth apps and solutions
Can be used …
– … as part of an overall evaluation process
– … as input to a risk analysis for mHealth applications
– … for educational purposes
© FH Technikum Wien 7
Analyzing Health Apps
© FH Technikum Wien 8
General architecture
© FH Technikum Wien 9
Embedded application
Mobile application
Backend application
transmissiontransmission
Analyzing health apps 1/4
Testing categories
– Static analysis
Analyzing source code
– Dynamic analysis
mobile app is executed in a simulation environment to examine runtime behavior, access to local services and storage as well as interaction with the remote services
© FH Technikum Wien 10
Analyzing health apps 2/4
Data classification– Generic data
Device Identifiers
Location
Contact information
Others like pictures, SMS, chat, …
– Health app specific data Personal Identifiers
Personal health information collected, maintained and transmitted to services in the internet over public lines
E.g. body measures, fitness & activity data, medication list, vaccinations, personal health device measurements
© FH Technikum Wien 11
Analyzing health apps 3/4
Generic Mobile Application Security Risks
– Majority of mobile applications are actually client-server applications
mobile device app is used to collect data, provide specific application functionalities and data visualization
storage and another part of application functions are handled by software running on a “developer-controlled” server
– Use of generic risk models such as Open Web Application Security Project (OWASP) top 10 risks for mobile applications
© FH Technikum Wien 12
Analyzing health apps 4/4
Additional Privacy Risks
– Unintended app functionalities such as behavioral tracking or user specific advertising are not covered by generic frameworks like OWASP
– Data provided to third party “analytics” or advertising services
© FH Technikum Wien 13
Evaluating security & privacy of connectivity and data transfer
Main focus of the first step was on analysis of data transmission over network
– Use of encrypted traffic
– Possible interception of encrypted communication
– Where is information sent to (developer owned vs. third party servers)
– Which information is transmitted to whom
© FH Technikum Wien 14
Test architecture
Android emulator in a virtual environment
WiFi-Pinapple as WiFi access point and traffic interceptor for non-HTTP traffic
Fiddler proxy server for MitM (also SSL interception)
© FH Technikum Wien 15
Results
© FH Technikum Wien 16
Mobile health Apps evaluation
Set of selected free mobile applications from “health and fitness” category has been tested
– personal health record, self-management, calorie counter and diet plan, healthy living and health promotion (activity and fitness tracker, workout and sports) and medication management
© FH Technikum Wien 17
Mobile health Apps evaluation
All applications use encrypted communication
All encrypted communication can be intercepted
No appropriate certificates checks and certificate pinning
No end to end security
© FH Technikum Wien 18
www
Encrypted tunnelEncrypted tunnel
Encrypted tunnel
Proxy generated certificate Server
certificate
Proxy
Mobile health Apps evaluation
80% of the analyzed free mobile applications contact third-party websites for advertising and analytics
– e.g. admob.com, appsflyer.com, flurry.com, fiksu.com, google-analytics.com, localytics.com, kiip.me, rubiconproject.com, crashlytics.com, newrelic.com, …
– Data is sent during startup, in background mode, during operation, …
– One application even sends health data unencrypted to third party
© FH Technikum Wien 19
Data sent
Device IDs / linked to user ID
Contact information
User data / location data to third party
© FH Technikum Wien 20
Discussion
© FH Technikum Wien 21
Third party websites … … data is the new gold
„ … is the market leader in mobile advertising attribution & analytics, helping marketers to pinpoint their targeting, optimize their ad spend and boost their ROI”
“Big Data Means Big Insights”
„ Integrate Analytics in five minutes to get basic insights into your users and app performance, or set up advanced analysis of complex events to get a deep understanding of everything your users are doing …
“Understand Demographics (Even if you Don't Track Them)”
© FH Technikum Wien 22
Use of device ID
Tracking users and data correlation
© FH Technikum Wien 23
analytics
App 1
App 2
App n
User 1
App 1
App 2
App n
User 2
Device ID + Application ID +data
IDs + data
IDs + data Device ID + Application ID +data
Data server location
Most of the servers are located in the US (i.e. outside Europe)
– appsflyer .com – US, google-analytics.com – US, kiip.me – US, rubiconproject.com – US, …
© FH Technikum Wien 24
(localytics.com)
Privacy Policies
Huckvale et al did similar work and also evaluated the privacy policies of the apps
There are apps that even do not have privacy policies
Most apps do not handle data according to their privacy policy
Policies are often quite large and complex documents and users mostly care for them as little as for the rights an app asks for
Most people do not know what happens with their data
© FH Technikum Wien 25
Future Work
Refining automatic analysis of transmitted data
Continue work on client & server side (often cloud)
Development of a risk model
Development of a “trust” indicator regarding security and privacy of health apps
“Best practise” rules
© FH Technikum Wien 26
“If you’re not paying for the product, you are the product.”
© FH Technikum Wien 27