Abstract
While the mobile application (app) market, including mobile health (mHealth) apps, is flourishing, communication and assessment of information privacy risks of app use has, in contrast, found only cursory attention. Neither research nor practice offers any useful and widely accepted tools facilitating communication and assessment of information privacy risks. We conduct a feasibility study and develop a prototypical instantiation of an information privacy risk index for mHealth apps. The developed information privacy risk index offers more detailed information than privacy seals without suffering from the information overload and inconsistent structure of privacy policies. In addition, the information privacy risk index allows for seamless comparison of information privacy risk factors between apps. Our research adds to the transparency debate in the information privacy domain by illustrating an alternative approach to communication of information privacy risks and investigating a promising approach to enable users to compare information privacy risks between apps.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
https://www.charlesproxy.com, visited 02/09/2016.
- 2.
The factor weight equation, as we call it, is often also referred to as the weighted sum model. We decided to us the term factor weight equation because our algorithm distinguishes between factor and weight variables.
References
Ackerman, L.: Mobile health and fitness applications and information privacy. In: Privacy Rights Clearinghouse, San Diego, CA (2013)
Adhikari, R., Richards, D., Scott, K.: Security and privacy issues related to the use of mobile health apps. In: Proceedings of the 25th Australasian Conference on Information Systems, 8th–10th December, Auckland, New Zealand. ACIS (2014)
Almuhimedi, H., et al.: Your location has been shared 5,398 Times! A field study on mobile app privacy nudging (CMU-ISR-14-116). In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (2014)
Bal, G., Rannenberg, K., Hong, J.: Styx: design and evaluation of a new privacy risk communication method for smartphones. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Kalam, A.A.E., Sans, T. (eds.) ICT Systems Security and Privacy Protection. IFIP, vol. 428, pp. 113–126. Springer, Heidelberg (2014)
Bal, G., Rannenberg, K., Hong, J.I.: Styx: privacy risk communication for the android smartphone platform based on apps’ data-access behavior patterns. Comput. Secur. 53, 187–202 (2015)
Balebako, R., et al.: Little BrothersWatching you: raising awareness of data leaks on smartphones. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 12. ACM (2013)
Beatty, P., et al.: P3P adoption on E-commerceweb sites: a survey and analysis. IEEE Int. Comput. 11(2), 65–71 (2007). doi:10.1109/MIC.2007.45. ISSN: 1089-7801
EC European Commission. Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). In: COM (2012) 11 final, 2012/0011 (COD), Brussels, 25 (2012), January 2012
de la Vega, R., Miró, J.: mHealth: a strategic field without a solid scientific soul. a systematic review of pain-related apps. PloS One 9(7), e101312 (2014). ISSN: 1932-6203
Dehling, T., Gao, F., Sunyaev, A.: Assessment instrument for privacy policy content: design and evaluation of PPC. In: Proceedings of the Pre-ICIS Workshop on Information Security and Privacy. AIS, December 2014
Dehling, T., et al.: Exploring the far side of mobile health: information security and privacy of mobile health apps on iOS and android. JMIR mHealth uHealth 3(1), e8 (2015)
Germonprez, M., Hovorka, D., Collopy, F.: A theory of tailorable technology design. J. Assoc. Inf. Syst. 8(6), 351–367 (2007). ISSN: 1536-9323
Glasgow, R.E., Riley, W.T.: Pragmatic measures: what they are and why we need them. Am. J. Prev. Med. 45(2), 237–243 (2013). ISSN: 0749-3797
He, D., et al.: Security concerns in android mHealth apps. In: Proceedings of the AMIA 2014 Annual Symposium, 15-19 November. AMIA, Washington, DC (2014)
Hui, K.-L., Teo, H.H., Tom Lee, S.-Y.: An exploratory field experiment. MIS Q. 31, 19–33 (2007)
Gage Kelley, P., et al.: Standardizing privacy notices: an online study of the nutrition label approach. In: SIGCHI Conference on Human Factors in Computing Systems, New York, NY, USA. CHI 2010, pp. 1573–1582. ACM (2010). ISBN: 978-1-60558-929-9. doi:10.1145/1753326.1753561
Kim, J.T., et al.: Security of personal bio data in mobile health applications for the elderly. Int. J. Secur Appl. 9(10), 59–70 (2015). ISSN: 1738-9976
Kotz, D.: A threat taxonomy for mhealth privacy. In: 3rd International Conference on Communication Systems and Networks. IEEE, ISBN: 1-4244-8952-0. doi:10.1109/COMSNETS.2011.5716518, January 2011
Kumar, S., et al.: Mobile health technology evaluation: the mhealth evidence workshop. Am. J. Prev. Med. 45(2), 228–236 (2013). ISSN: 0749-3797
LaRose, R., Rifon, N.: Your privacy is assured of being disturbed: websites with and without privacy seals. New Media Soc. 8(6), 1009–1029 (2006)
McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. J. Law Policy Inf. Soc. 4, 540–565 (2008)
Palmer, J.W.: Web site usability, design, and performance metrics. Inf. Syst. Res. 13(2), 151–167 (2002). ISSN: 1047-7047
Pollach, I.: What’s wrong with online privacy policies? Commun. ACM 50(9), 103–108 (2007)
Rohm, A.J., Milne, G.R.: Just what the doctor ordered: the role of information sensitivity and trust in reducing medical information privacy concern. J. Bus. Res. 57(9), 1000–1011 (2004)
Sunyaev, A., et al.: Availability and quality of mobile health app privacy policies. J. Am. Med. Inf. Assoc. 22, e1 (2015). doi:10.1136/amiajnl-2013-002605. PMID: 25147247, e28–e33. ISSN: 1067-5027
Tavani, H.T.: Philosophical theories of privacy: implications for an adequate online privacy policy. Metaphilosophy 38(1), 1–22 (2007). ISSN: 1467-9973
Triantaphyllou, E., et al.: Multi-citeria decision making: an operations research approach. Encycl. Electr. Electron. Eng. 15, 175–186 (1998)
van Velsen, L., Beaujean, D., van Gemert-Pijnen, J.: Why mobile health app overload drives us crazy, and how to restore the sanity. BMC Med. Inf. Decis. Making 13(1), 1 (2013). ISSN: 1472-6947
Ran Yang, Y., Ng, J., Vishwanath, A.: Do social media privacy policies matter? evaluating the effects of familiarity and privacy seals on cognitive processing. In: Proceedings of the 48th Hawaii International Conference on System Sciences. Washington, DC, USA: IEEE Computer Society (2015), pp. 3463–3472. ISBN: 978-1-4799-7367-5
Zubaydi, F., et al.: Security of mobile health (mHealth) systems. In: Proceedings of the 15th IEEE International Conference on Bioinformatics and Bioengineering (BIBE), pp. 1–5 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Brüggemann, T., Hansen, J., Dehling, T., Sunyaev, A. (2016). An Information Privacy Risk Index for mHealth Apps. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2016. Lecture Notes in Computer Science(), vol 9857. Springer, Cham. https://doi.org/10.1007/978-3-319-44760-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-44760-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44759-9
Online ISBN: 978-3-319-44760-5
eBook Packages: Computer ScienceComputer Science (R0)