Skip to main content

Advertisement

SpringerLink
Log in

Security Recommendations for mHealth Apps: Elaboration of a Developer’s Guide

  • Mobile Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Being the third fastest-growing app category behind games and utilities, mHealth apps are changing the healthcare model, as medicine today involves the data they compile and analyse, information known as Big Data. However, the majority of apps are lacking in security when gathering and dealing with the information, which becomes a serious problem. This article presents a guide regarding security solution, intended to be of great use for developers of mHealth apps. In August 2015 current mobile health apps were sought out in virtual stores such as Android Google Play, Apple iTunes App Store etc., in order to classify them in terms of usefulness. After this search, the most widespread weaknesses in the field of security in the development of these mobile apps were examined, based on sources such as the “OWASP Mobile Security Project, the initiative recently launched by the Office of Civil Rights (OCR), and other articles of scientific interest. An informative, elemental guide has been created for the development of mHealth apps. It includes information about elements of security and its implementation on different levels for all types of mobile health apps based on the data that each app manipulates, the associated calculated risk as a result of the likelihood of occurrence and the threat level resulting from its vulnerabilities - high level (apps for monitoring, diagnosis, treatment and care) from 6 ≤ 9, medium level (calculator, localizer and alarm) from 3 ≤ 6 and low level (informative and educational apps) from 0 ≤ 3. The guide aims to guarantee and facilitate security measures in the development of mobile health applications by programmers unconnected to the ITC and professional health areas.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. KPBC. Internet Trends 2015 – Code Conference. Available from: http://www.kpcb.com/internet-trends (last accessed 22 Feb 2016), 2015.

  2. Google. Google Play. Available from: http://play.google.com/store (last accessed 22 Feb 2016), 2016.

  3. Apple. iTunes. Available from: http://www.apple.com/itunes (last accessed 22 Feb 2016), 2016.

  4. Gartner. Gartner Says Emerging Markets Drove Worldwide Smartphone Sales to 15.5 Percent Growth in Third Quarter of 2015. Available from: http://www.gartner.com/newsroom/id/3169417 (last accessed 23 Feb 2016), 2015.

  5. GSMA, GSM Association. The Mobile Economy 2015. 2015. Available from: http://www.gsmamobileeconomy.com/GSMA_Global_Mobile_Economy_Report_2015.pdf (last accessed 24 Feb 2016).

  6. Cisco. VNI Mobile Forecast Hightlights, 2015–2020. Available from: http://www.cisco.com/assets/sol/sp/vni/forecast_highlights_mobile/index.html (last accessed 24 Feb 2016), 2015.

  7. MGI, McKinsey Global Institute. The Internet of Things: Mapping the Value Beyond the Hype. Available from: http://www.mckinsey.com/insights/business_technology/the_internet_of_things_the_value_of_digitizing_the_physical_world (last accessed 25 Feb 2016), 2015.

  8. ITU, International Telecommunication Union. ICT Facts and Figures – The World in 2015. Available from: http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2015.pdf (last accessed 25 Feb 2016), 2015.

  9. World Health Organization. mHealth: New horizons for health through mobile technologies: Based on the Findings of the Second Global Survey on eHealth (Global Observatory for eHealth Series, Volume 3). Available from: http://www.who.int/goe/publications/goe_mhealth_web.pdf?ua=1 (last accessed 25 Feb 2016), 2011.

  10. Research2guidance. mHealth App Developer Economics 2015: The Current Status and Trends of the mHealth App Market (5th Annual Study on mHealth App Publishing based on 5000 plus respondents). Available from: http://research2guidance.com/r2g/r2g-mHealth-App-Developer-Economics-2015.pdf (last accessed 25 Feb 2016), 2015.

  11. IOT Solutions World Congress. The Future of Healthcare Wearables - Innovation - IOTSWC15. Available from: https://www.youtube.com/watch?v=VR7LPXYYaC0 (last accessed 25 Feb 2016), 2015.

  12. Telefónica. Trend Report 2015: The Year of Information leaks. Available from: https://www.elevenpaths.com/wp-content/uploads/2015/12/2015_the_year_of_information_leaks_EN.pdf (last accessed 25 Feb 2016), 2015.

  13. Bitglass. Healthcare Breach Report 2016: What a Difference a Year makes. Available from: http://pages.bitglass.com/rs/418-ZAL-815/images/BR_Healthcare_Breach_Report_2016.pdf (last accessed 25 Mar 2016), 2016.

  14. Ponemon Institute. 2015 Cost of Data Breach Study: Global Analysis (Benchmark Research Sponsored by IBM). Available from: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03053WWEN&attachment=SEW03053WWEN.PDF (last accessed 27 Feb 2016), 2015.

  15. HIMMS Analytics. 2015 Mobile Technology Survey | Executive summary. Available from: http://www.himss.org/ResourceLibrary/genResourceDetailPDF.aspx?ItemNumber=41510 (last accessed 27 Feb 2016), 2015.

  16. HIMMS. Marrying the BYOD phenomenon to HIPAA compliance. Available from: http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=18909 (last accessed 27 Feb 2016), 2013.

  17. Gartner. Gartner Says Worldwide Smartphone Sales Recorded Slowest Growth Rates Since 2013. Available from: http://www.gartner.com/newsroom/id/3115517. (last accessed 29 Feb 2016), 2015.

  18. IDC. Smartphone OS Market Share, 2015 Q2. Available from: http://www.idc.com/prodserv/smartphone-os-market-share.jsp (last accessed 29 Feb 2016), 2015.

  19. Microsoft. Windows Phone Apps+Games. Available from: http://www.windowsphone.com/es-es/store (last accessed 1 Mar 2016), 2016.

  20. BlackBerry. BlackBerry World. Available from: http://www.appworld.blackberry.com/webstore/product/1/ (last accessed 1 Mar 2016), 2016.

  21. Nokia. Ovi Store. Available from: http://store.ovi.com/ (last accessed 1 Mar 2016), 2016.

  22. IMS Institute for Healthcare Informatics. Patient Adoption of mHealth. Available from: http://www.imshealth.com (last accessed 3 Mar 2016), 2015.

  23. World Health Organization. Disease and injury regional estimates, cause-specific mortality: regional estimates for 2012. Available from: http://www.who.int/mediacentre/factsheets/fs310/es/ (last accessed 3 Mar 2016), 2012.

  24. World Health Organization. Global Burden of Disease: 2004 Update 2008. Available from: http://www.who.int/healthinfo/global_burden_disease/2004_report_update/en/ (last accessed 3 Mar 2016), 2008.

  25. Calvo-González, D., De la Torre-Díez, I., and López-Coronado, M., Análisis y evolución de aplicaciones móviles en el campo de la salud. I+S Informatica Salud: Sociedad Española Informática Salud 108:63–70, 2014.

    Google Scholar 

  26. IDC. Worldwide Tablet Shipments Expected to Decline −8.0% in 2015 While 2 – in – 1f Devices Pick Up Momentum, Growing 86.5%, According to IDC. Available from: http://www.idc.com/getdoc.jsp?containerId=prUS25867215 (last accessed 3 Mar 2016), 2015.

  27. IDC. Smartphone OS Market Share, 2015 Q2. Available from: http://www.idc.com/prodserv/smartphone-os-market-share.jsp (last accessed 8 Mar 2016), 2015.

  28. ISO. ISO/IEC 27001:2013 Information technology - Security techniques - Information security management Systems – Requirements. Available from: http://www.iso27001security.com/html/27001.html (last accessed 8 Mar 2016), 2013.

  29. OWASP. OWASP Mobile Security Project. Available from: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Home (last accessed 8 Mar 2016), 2015.

  30. Martinez-Pérez, B., de la Torre-Díez, I., and Lopez-Coronado, M., Privacy and security in mobile health apps: a review and recommendations. J. Med. Syst. 39:181, 2015.

    Article  PubMed  Google Scholar 

  31. HealthIt. Your Mobile Device and Health Information Privacy and Security. Available from: http://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security (last accessed 8 Mar 2016), 2014.

  32. Senft, D. J., Mobile devices: technology aid - security risk. Geriatr. Nurs. 34:149–150, 2013.

    Article  PubMed  Google Scholar 

  33. Chiou, S. Y., Ying, Z., and Liu, J., Improvement of a privacy authentication scheme based on cloud for medical environment. J. Med. Syst. 40(4):101, 2016.

    Article  PubMed  Google Scholar 

  34. Chen, Y. L., Liau, R. H., and Chang, L. Y., Applications of multi-channel safety authentication protocols in wireless networks. J. Med. Syst. 40(1):26, 2016.

    Article  PubMed  Google Scholar 

  35. Guo, P., Wang, J., Ji, S., Geng, S. H., and Xiong, N. N., A lightweight encryption scheme combined with trust management for privacy-preserving in body sensor networks. J. Med. Syst. 39(12):190, 2015.

    Article  PubMed  Google Scholar 

  36. Cho, H., Lim, J., Kim, H., and Yi, J. H., Anti-debugging scheme for protecting mobile apps on android platform. J. Med. Syst. 72(1):232–246, 2016.

    Google Scholar 

  37. MITRE Corporation. The MITRE Corporation. Available from: http://www.mitre.org (last accessed 10 Mar 2016), 2016.

  38. PCI Security Standards Council. Official PCI Security Standards Council Site. Available from: https://es.pcisecuritystandards.org/pci_security (last accessed 10 Mar 2016), 2016.

  39. DISA. Defense Information Systems Agency. Available from: http://www.disa.mil (last accessed 14 Mar 2016), 2016.

  40. FTC. Federal Trade Commision | Protecting America’s Consumers. Available from: https://www.ftc.gov (last accessed 14 Mar 2016), 2016.

  41. OWASP. OWASP Risk Rating Methodology. Available from: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology (last accessed 14 Mar 2016), 2016.

  42. Office of the Privacy Commissioner of Canada. Results of the 2014 Global Privacy Enforcement Network Sweep. Available from: https://www.priv.gc.ca/media/nr-c/2014/bg_140910_e.asp (last accessed 14 Mar 2016), 2014.

  43. Mobile Connect. Mobile Connect. Available from: https://mobileconnect.io (last accessed 18 Mar 2016), 2016.

  44. Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG (last accessed 18 Mar 2016).

  45. Amazon. Amazon.com. Available from: http://www.amazon.com (last accessed 18 Mar 2016), 2016.

Download references

Acknowledgments

This research has been partially supported by the European Commission and the Ministry of Industry, Energy and Tourism under the project AAL-20125036 named “WetakeCare: ICT- based Solution for (Self-) Management of Daily Living”.

Author information

Authors and Affiliations

  1. Department of Signal Theory and Communications, and Telematics Engineering, University of Valladolid, Paseo de Belén, 15, 47011, Valladolid, Spain

    Enrique Pérez Morera, Isabel de la Torre Díez & Miguel López-Coronado

  2. University of Deusto, Avenida de las Universidades 24, 48007, Bilbao, Spain

    Begoña Garcia-Zapirain

  3. VirtualWare Labs Foundation, C/ Usausuaga, 7, 48970, Basauri, Vizcaya, Spain

    Jon Arambarri

Authors
  1. Enrique Pérez Morera
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Isabel de la Torre Díez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Begoña Garcia-Zapirain
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Miguel López-Coronado
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jon Arambarri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Isabel de la Torre Díez.

Ethics declarations

Conflicts of interest

The authors declare that they have no competing interests.

Additional information

This article is part of the Topical Collection on Mobile Systems

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Morera, E.P., de la Torre Díez, I., Garcia-Zapirain, B. et al. Security Recommendations for mHealth Apps: Elaboration of a Developer’s Guide. J Med Syst 40, 152 (2016). https://doi.org/10.1007/s10916-016-0513-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0513-6

Keywords

Search

Navigation