A security framework for mHealth apps on Android platform

Muzammil Hussain, Ahmed Mubarak Ahmed Al-Haiqi, A. A. Zaidan, B. B. Zaidan, M. Kiah, Salman Iqbal, S. Iqbal, Mohamed Abdulnabi

Research output: Contribution to journalArticle

18 Citations (Scopus)

Abstract

Mobile Health (mHealth) applications are readily accessible to the average users of mobile devices, and despite the potential of mHealth applications to improve the availability, affordability and effectiveness of delivering healthcare services, they handle sensitive medical data, and as such, have also the potential to carry substantial risks to the security and privacy of their users. Developers of applications are usually unknown, and users are unaware of how their data are being managed and used. This is combined with the emergence of new threats due to the deficiency in mobile applications development or the design ambiguities of the current mobile operating systems. A number of mobile operating systems are available in the market, but the Android platform has gained the topmost popularity. However, Android security model is short of completely ensuring the privacy and security of users’ data, including the data of mHealth applications. Despite the security mechanisms provided by Android such as permissions and sandboxing, mHealth applications are still plagued by serious privacy and security issues. These security issues need to be addressed in order to improve the acceptance of mHealth applications among users and the efficacy of mHealth applications in the healthcare systems. The focus of this research is on the security of mHealth applications, and the main objective is to propose a coherent, practical and efficient framework to improve the security of medical data associated with Android mHealth applications, as well as to protect the privacy of their users. The proposed framework provides its intended protection mainly through a set of security checks and policies that ensure protection against traditional as well as recently published threats to mHealth applications. The design of the framework comprises two layers: a Security Module Layer (SML) that implements the security-check modules, and a System Interface Layer (SIL) that interfaces SML to the Android OS. SML enforces security and privacy policies at different levels of Android platform through SIL. The proposed framework is validated via a prototypic implementation on actual Android devices to show its practicality and evaluate its performance. The framework is evaluated in terms of effectiveness and efficiency. Effectiveness is evaluated by demonstrating the performance of the framework against a selected set of attacks, while efficiency is evaluated by comparing the performance overhead in terms of energy consumption, memory and CPU utilization, with the performance of a mainline, stock version of Android. Results of the experimental evaluations showed that the proposed framework can successfully protect mHealth applications against a wide range of attacks with negligible overhead, so it is both effective and practical.

Original languageEnglish
Pages (from-to)191-217
Number of pages27
JournalComputers and Security
Volume75
DOIs
Publication statusPublished - 01 Jun 2018

Fingerprint

Application programs
health
privacy
Android (operating system)
mHealth
performance
threat
efficiency
Mobile devices
Program processors
energy consumption
Energy utilization
popularity
Availability
acceptance
Data storage equipment
utilization

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law

Cite this

Hussain, M., Ahmed Al-Haiqi, A. M., Zaidan, A. A., Zaidan, B. B., Kiah, M., Iqbal, S., ... Abdulnabi, M. (2018). A security framework for mHealth apps on Android platform. Computers and Security, 75, 191-217. https://doi.org/10.1016/j.cose.2018.02.003
Hussain, Muzammil ; Ahmed Al-Haiqi, Ahmed Mubarak ; Zaidan, A. A. ; Zaidan, B. B. ; Kiah, M. ; Iqbal, Salman ; Iqbal, S. ; Abdulnabi, Mohamed. / A security framework for mHealth apps on Android platform. In: Computers and Security. 2018 ; Vol. 75. pp. 191-217.
@article{8c061a7833bd43a286f740acd2a2be0c,
title = "A security framework for mHealth apps on Android platform",
abstract = "Mobile Health (mHealth) applications are readily accessible to the average users of mobile devices, and despite the potential of mHealth applications to improve the availability, affordability and effectiveness of delivering healthcare services, they handle sensitive medical data, and as such, have also the potential to carry substantial risks to the security and privacy of their users. Developers of applications are usually unknown, and users are unaware of how their data are being managed and used. This is combined with the emergence of new threats due to the deficiency in mobile applications development or the design ambiguities of the current mobile operating systems. A number of mobile operating systems are available in the market, but the Android platform has gained the topmost popularity. However, Android security model is short of completely ensuring the privacy and security of users’ data, including the data of mHealth applications. Despite the security mechanisms provided by Android such as permissions and sandboxing, mHealth applications are still plagued by serious privacy and security issues. These security issues need to be addressed in order to improve the acceptance of mHealth applications among users and the efficacy of mHealth applications in the healthcare systems. The focus of this research is on the security of mHealth applications, and the main objective is to propose a coherent, practical and efficient framework to improve the security of medical data associated with Android mHealth applications, as well as to protect the privacy of their users. The proposed framework provides its intended protection mainly through a set of security checks and policies that ensure protection against traditional as well as recently published threats to mHealth applications. The design of the framework comprises two layers: a Security Module Layer (SML) that implements the security-check modules, and a System Interface Layer (SIL) that interfaces SML to the Android OS. SML enforces security and privacy policies at different levels of Android platform through SIL. The proposed framework is validated via a prototypic implementation on actual Android devices to show its practicality and evaluate its performance. The framework is evaluated in terms of effectiveness and efficiency. Effectiveness is evaluated by demonstrating the performance of the framework against a selected set of attacks, while efficiency is evaluated by comparing the performance overhead in terms of energy consumption, memory and CPU utilization, with the performance of a mainline, stock version of Android. Results of the experimental evaluations showed that the proposed framework can successfully protect mHealth applications against a wide range of attacks with negligible overhead, so it is both effective and practical.",
author = "Muzammil Hussain and {Ahmed Al-Haiqi}, {Ahmed Mubarak} and Zaidan, {A. A.} and Zaidan, {B. B.} and M. Kiah and Salman Iqbal and S. Iqbal and Mohamed Abdulnabi",
year = "2018",
month = "6",
day = "1",
doi = "10.1016/j.cose.2018.02.003",
language = "English",
volume = "75",
pages = "191--217",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

Hussain, M, Ahmed Al-Haiqi, AM, Zaidan, AA, Zaidan, BB, Kiah, M, Iqbal, S, Iqbal, S & Abdulnabi, M 2018, 'A security framework for mHealth apps on Android platform', Computers and Security, vol. 75, pp. 191-217. https://doi.org/10.1016/j.cose.2018.02.003

A security framework for mHealth apps on Android platform. / Hussain, Muzammil; Ahmed Al-Haiqi, Ahmed Mubarak; Zaidan, A. A.; Zaidan, B. B.; Kiah, M.; Iqbal, Salman; Iqbal, S.; Abdulnabi, Mohamed.

In: Computers and Security, Vol. 75, 01.06.2018, p. 191-217.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A security framework for mHealth apps on Android platform

AU - Hussain, Muzammil

AU - Ahmed Al-Haiqi, Ahmed Mubarak

AU - Zaidan, A. A.

AU - Zaidan, B. B.

AU - Kiah, M.

AU - Iqbal, Salman

AU - Iqbal, S.

AU - Abdulnabi, Mohamed

PY - 2018/6/1

Y1 - 2018/6/1

N2 - Mobile Health (mHealth) applications are readily accessible to the average users of mobile devices, and despite the potential of mHealth applications to improve the availability, affordability and effectiveness of delivering healthcare services, they handle sensitive medical data, and as such, have also the potential to carry substantial risks to the security and privacy of their users. Developers of applications are usually unknown, and users are unaware of how their data are being managed and used. This is combined with the emergence of new threats due to the deficiency in mobile applications development or the design ambiguities of the current mobile operating systems. A number of mobile operating systems are available in the market, but the Android platform has gained the topmost popularity. However, Android security model is short of completely ensuring the privacy and security of users’ data, including the data of mHealth applications. Despite the security mechanisms provided by Android such as permissions and sandboxing, mHealth applications are still plagued by serious privacy and security issues. These security issues need to be addressed in order to improve the acceptance of mHealth applications among users and the efficacy of mHealth applications in the healthcare systems. The focus of this research is on the security of mHealth applications, and the main objective is to propose a coherent, practical and efficient framework to improve the security of medical data associated with Android mHealth applications, as well as to protect the privacy of their users. The proposed framework provides its intended protection mainly through a set of security checks and policies that ensure protection against traditional as well as recently published threats to mHealth applications. The design of the framework comprises two layers: a Security Module Layer (SML) that implements the security-check modules, and a System Interface Layer (SIL) that interfaces SML to the Android OS. SML enforces security and privacy policies at different levels of Android platform through SIL. The proposed framework is validated via a prototypic implementation on actual Android devices to show its practicality and evaluate its performance. The framework is evaluated in terms of effectiveness and efficiency. Effectiveness is evaluated by demonstrating the performance of the framework against a selected set of attacks, while efficiency is evaluated by comparing the performance overhead in terms of energy consumption, memory and CPU utilization, with the performance of a mainline, stock version of Android. Results of the experimental evaluations showed that the proposed framework can successfully protect mHealth applications against a wide range of attacks with negligible overhead, so it is both effective and practical.

AB - Mobile Health (mHealth) applications are readily accessible to the average users of mobile devices, and despite the potential of mHealth applications to improve the availability, affordability and effectiveness of delivering healthcare services, they handle sensitive medical data, and as such, have also the potential to carry substantial risks to the security and privacy of their users. Developers of applications are usually unknown, and users are unaware of how their data are being managed and used. This is combined with the emergence of new threats due to the deficiency in mobile applications development or the design ambiguities of the current mobile operating systems. A number of mobile operating systems are available in the market, but the Android platform has gained the topmost popularity. However, Android security model is short of completely ensuring the privacy and security of users’ data, including the data of mHealth applications. Despite the security mechanisms provided by Android such as permissions and sandboxing, mHealth applications are still plagued by serious privacy and security issues. These security issues need to be addressed in order to improve the acceptance of mHealth applications among users and the efficacy of mHealth applications in the healthcare systems. The focus of this research is on the security of mHealth applications, and the main objective is to propose a coherent, practical and efficient framework to improve the security of medical data associated with Android mHealth applications, as well as to protect the privacy of their users. The proposed framework provides its intended protection mainly through a set of security checks and policies that ensure protection against traditional as well as recently published threats to mHealth applications. The design of the framework comprises two layers: a Security Module Layer (SML) that implements the security-check modules, and a System Interface Layer (SIL) that interfaces SML to the Android OS. SML enforces security and privacy policies at different levels of Android platform through SIL. The proposed framework is validated via a prototypic implementation on actual Android devices to show its practicality and evaluate its performance. The framework is evaluated in terms of effectiveness and efficiency. Effectiveness is evaluated by demonstrating the performance of the framework against a selected set of attacks, while efficiency is evaluated by comparing the performance overhead in terms of energy consumption, memory and CPU utilization, with the performance of a mainline, stock version of Android. Results of the experimental evaluations showed that the proposed framework can successfully protect mHealth applications against a wide range of attacks with negligible overhead, so it is both effective and practical.

UR - http://www.scopus.com/inward/record.url?scp=85044595076&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85044595076&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2018.02.003

DO - 10.1016/j.cose.2018.02.003

M3 - Article

AN - SCOPUS:85044595076

VL - 75

SP - 191

EP - 217

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -