Skip to main content
SpringerLink
Log in

An Information Privacy Risk Index for mHealth Apps

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9857))

Included in the following conference series:

Abstract

While the mobile application (app) market, including mobile health (mHealth) apps, is flourishing, communication and assessment of information privacy risks of app use has, in contrast, found only cursory attention. Neither research nor practice offers any useful and widely accepted tools facilitating communication and assessment of information privacy risks. We conduct a feasibility study and develop a prototypical instantiation of an information privacy risk index for mHealth apps. The developed information privacy risk index offers more detailed information than privacy seals without suffering from the information overload and inconsistent structure of privacy policies. In addition, the information privacy risk index allows for seamless comparison of information privacy risk factors between apps. Our research adds to the transparency debate in the information privacy domain by illustrating an alternative approach to communication of information privacy risks and investigating a promising approach to enable users to compare information privacy risks between apps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.charlesproxy.com, visited 02/09/2016.

  2. 2.

    The factor weight equation, as we call it, is often also referred to as the weighted sum model. We decided to us the term factor weight equation because our algorithm distinguishes between factor and weight variables.

References

  1. Ackerman, L.: Mobile health and fitness applications and information privacy. In: Privacy Rights Clearinghouse, San Diego, CA (2013)

    Google Scholar 

  2. Adhikari, R., Richards, D., Scott, K.: Security and privacy issues related to the use of mobile health apps. In: Proceedings of the 25th Australasian Conference on Information Systems, 8th–10th December, Auckland, New Zealand. ACIS (2014)

    Google Scholar 

  3. Almuhimedi, H., et al.: Your location has been shared 5,398 Times! A field study on mobile app privacy nudging (CMU-ISR-14-116). In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (2014)

    Google Scholar 

  4. Bal, G., Rannenberg, K., Hong, J.: Styx: design and evaluation of a new privacy risk communication method for smartphones. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Kalam, A.A.E., Sans, T. (eds.) ICT Systems Security and Privacy Protection. IFIP, vol. 428, pp. 113–126. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  5. Bal, G., Rannenberg, K., Hong, J.I.: Styx: privacy risk communication for the android smartphone platform based on apps’ data-access behavior patterns. Comput. Secur. 53, 187–202 (2015)

    Article  Google Scholar 

  6. Balebako, R., et al.: Little BrothersWatching you: raising awareness of data leaks on smartphones. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 12. ACM (2013)

    Google Scholar 

  7. Beatty, P., et al.: P3P adoption on E-commerceweb sites: a survey and analysis. IEEE Int. Comput. 11(2), 65–71 (2007). doi:10.1109/MIC.2007.45. ISSN: 1089-7801

    Article  Google Scholar 

  8. EC European Commission. Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). In: COM (2012) 11 final, 2012/0011 (COD), Brussels, 25 (2012), January 2012

    Google Scholar 

  9. de la Vega, R., Miró, J.: mHealth: a strategic field without a solid scientific soul. a systematic review of pain-related apps. PloS One 9(7), e101312 (2014). ISSN: 1932-6203

    Article  Google Scholar 

  10. Dehling, T., Gao, F., Sunyaev, A.: Assessment instrument for privacy policy content: design and evaluation of PPC. In: Proceedings of the Pre-ICIS Workshop on Information Security and Privacy. AIS, December 2014

    Google Scholar 

  11. Dehling, T., et al.: Exploring the far side of mobile health: information security and privacy of mobile health apps on iOS and android. JMIR mHealth uHealth 3(1), e8 (2015)

    Article  Google Scholar 

  12. Germonprez, M., Hovorka, D., Collopy, F.: A theory of tailorable technology design. J. Assoc. Inf. Syst. 8(6), 351–367 (2007). ISSN: 1536-9323

    Google Scholar 

  13. Glasgow, R.E., Riley, W.T.: Pragmatic measures: what they are and why we need them. Am. J. Prev. Med. 45(2), 237–243 (2013). ISSN: 0749-3797

    Article  Google Scholar 

  14. He, D., et al.: Security concerns in android mHealth apps. In: Proceedings of the AMIA 2014 Annual Symposium, 15-19 November. AMIA, Washington, DC (2014)

    Google Scholar 

  15. Hui, K.-L., Teo, H.H., Tom Lee, S.-Y.: An exploratory field experiment. MIS Q. 31, 19–33 (2007)

    Google Scholar 

  16. Gage Kelley, P., et al.: Standardizing privacy notices: an online study of the nutrition label approach. In: SIGCHI Conference on Human Factors in Computing Systems, New York, NY, USA. CHI 2010, pp. 1573–1582. ACM (2010). ISBN: 978-1-60558-929-9. doi:10.1145/1753326.1753561

  17. Kim, J.T., et al.: Security of personal bio data in mobile health applications for the elderly. Int. J. Secur Appl. 9(10), 59–70 (2015). ISSN: 1738-9976

    Google Scholar 

  18. Kotz, D.: A threat taxonomy for mhealth privacy. In: 3rd International Conference on Communication Systems and Networks. IEEE, ISBN: 1-4244-8952-0. doi:10.1109/COMSNETS.2011.5716518, January 2011

  19. Kumar, S., et al.: Mobile health technology evaluation: the mhealth evidence workshop. Am. J. Prev. Med. 45(2), 228–236 (2013). ISSN: 0749-3797

    Article  Google Scholar 

  20. LaRose, R., Rifon, N.: Your privacy is assured of being disturbed: websites with and without privacy seals. New Media Soc. 8(6), 1009–1029 (2006)

    Article  Google Scholar 

  21. McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. J. Law Policy Inf. Soc. 4, 540–565 (2008)

    Google Scholar 

  22. Palmer, J.W.: Web site usability, design, and performance metrics. Inf. Syst. Res. 13(2), 151–167 (2002). ISSN: 1047-7047

    Article  Google Scholar 

  23. Pollach, I.: What’s wrong with online privacy policies? Commun. ACM 50(9), 103–108 (2007)

    Article  Google Scholar 

  24. Rohm, A.J., Milne, G.R.: Just what the doctor ordered: the role of information sensitivity and trust in reducing medical information privacy concern. J. Bus. Res. 57(9), 1000–1011 (2004)

    Article  Google Scholar 

  25. Sunyaev, A., et al.: Availability and quality of mobile health app privacy policies. J. Am. Med. Inf. Assoc. 22, e1 (2015). doi:10.1136/amiajnl-2013-002605. PMID: 25147247, e28–e33. ISSN: 1067-5027

    Article  Google Scholar 

  26. Tavani, H.T.: Philosophical theories of privacy: implications for an adequate online privacy policy. Metaphilosophy 38(1), 1–22 (2007). ISSN: 1467-9973

    Article  Google Scholar 

  27. Triantaphyllou, E., et al.: Multi-citeria decision making: an operations research approach. Encycl. Electr. Electron. Eng. 15, 175–186 (1998)

    Google Scholar 

  28. van Velsen, L., Beaujean, D., van Gemert-Pijnen, J.: Why mobile health app overload drives us crazy, and how to restore the sanity. BMC Med. Inf. Decis. Making 13(1), 1 (2013). ISSN: 1472-6947

    Article  Google Scholar 

  29. Ran Yang, Y., Ng, J., Vishwanath, A.: Do social media privacy policies matter? evaluating the effects of familiarity and privacy seals on cognitive processing. In: Proceedings of the 48th Hawaii International Conference on System Sciences. Washington, DC, USA: IEEE Computer Society (2015), pp. 3463–3472. ISBN: 978-1-4799-7367-5

    Google Scholar 

  30. Zubaydi, F., et al.: Security of mobile health (mHealth) systems. In: Proceedings of the 15th IEEE International Conference on Bioinformatics and Bioengineering (BIBE), pp. 1–5 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Cologne, Albertus-Magnus-Platz 1, 50931, Köln, Germany

    Thomas Brüggemann & Joel Hansen

  2. University of Kassel, Mönchebergstraße 19, 34109, Kassel, Germany

    Tobias Dehling & Ali Sunyaev

Authors
  1. Thomas Brüggemann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joel Hansen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tobias Dehling
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ali Sunyaev
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Sunyaev .

Editor information

Editors and Affiliations

  1. ENISA , Athens, Greece

    Stefan Schiffner

  2. Goethe University Frankfurt am Main , Frankfurt, Germany

    Jetzabel Serna

  3. ENISA , Athens, Greece

    Demosthenes Ikonomou

  4. Goethe University Frankfurt am Main , Frankfurt, Germany

    Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Brüggemann, T., Hansen, J., Dehling, T., Sunyaev, A. (2016). An Information Privacy Risk Index for mHealth Apps. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2016. Lecture Notes in Computer Science(), vol 9857. Springer, Cham. https://doi.org/10.1007/978-3-319-44760-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44760-5_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44759-9

  • Online ISBN: 978-3-319-44760-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation