The download number of health-promotion apps from App Stores is increasing every year. These so-called eHealth-Apps are for users a great chance to encourage their health status proactively but also to monitor this continuously. However, the resulting positive properties also entail risks. In particular, when users disclose (in addition to their personally identifiable information) some of their health-related data. Nowadays, general apps are more and more criticized in the media, especially the aspects of privacy and data security of user data are in focus [24,25]. The aim of this study is to analyze what risks may arise through the daily use of Android eHealth-Apps to user data. The security investigation focuses on three basic security relevant aspects.One topic here is the evaluation of required permissions by the providers as well as the transparency towards the users. Furthermore, the data storage of user data will be analyzed, in particular the readability of the stored data in the database and in generated text files. The third critical focus of this study is the monitoring of the data traffic. The background traffic will be checked, i.e. on possible hidden advertising companies, on encrypted or unencrypted communication protocols and on responding provider server.
Jenny Knackmuss, Eric Clausing, Reiner Creutzburg, "Investigation of security relevant aspects of Android eHealthApps: permissions, storage properties and data transmission" in Proc. IS&T Int’l. Symp. on Electronic Imaging: Mobile Devices and Multimedia: Enabling Technologies, Algorithms, and Applications, 2017, pp 65 - 75, https://doi.org/10.2352/ISSN.2470-1173.2017.6.MOBMU-301