A Case Study of Mobile Health Applications: The OWASP Risk of Insufficient Cryptography

A Case Study of Mobile Health Applications: The OWASP Risk of Insufficient Cryptography


Abstract


Mobile devices are being deployed rapidly for both private and professional reasons. One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management. These applications help individuals track their own biorhythms and contain sensitive information. This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks. We first develop and justify a mobile OWASP Cryptographic knowledgegraph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography. We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications. Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications. As humans adopt healthcare applications for managing their health routines, it is essential that they consider the privacy and security risks they are accepting when sharing their data. Furthermore, many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations. In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded, the article suggests awareness and training modules for developers prior to marketplace software release.


Keywords


OWASP mobile threats; Cryptography; Mobile application; mHealth; Healthcare; Android

Full Text:

PDF


Comments

Popular posts from this blog

𝐉𝐨𝐮𝐫𝐧𝐚𝐥 𝐨𝐟 𝐀𝐭𝐦𝐨𝐬𝐩𝐡𝐞𝐫𝐢𝐜 𝐒𝐜𝐢𝐞𝐧𝐜𝐞 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡 | 𝐕𝐨𝐥𝐮𝐦𝐞 𝟎𝟔 | 𝐈𝐬𝐬𝐮𝐞 𝟎𝟑 | 𝐉𝐮𝐥𝐲 𝟐𝟎𝟐𝟑

𝐉𝐨𝐮𝐫𝐧𝐚𝐥 𝐨𝐟 𝐀𝐭𝐦𝐨𝐬𝐩𝐡𝐞𝐫𝐢𝐜 𝐒𝐜𝐢𝐞𝐧𝐜𝐞 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡 | 𝐕𝐨𝐥𝐮𝐦𝐞 𝟎𝟔 | 𝐈𝐬𝐬𝐮𝐞 𝟎𝟐 | 𝐀𝐩𝐫𝐢𝐥 𝟐𝟎𝟐𝟑

𝗝𝗼𝘂𝗿𝗻𝗮𝗹 𝗼𝗳 𝗘𝗻𝘃𝗶𝗿𝗼𝗻𝗺𝗲𝗻𝘁𝗮𝗹 & 𝗘𝗮𝗿𝘁𝗵 𝗦𝗰𝗶𝗲𝗻𝗰𝗲𝘀 | 𝗩𝗼𝗹𝘂𝗺𝗲 𝟬𝟰 | 𝗜𝘀𝘀𝘂𝗲 𝟬𝟮 | 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟮