A Generic Process to Identify Vulnerabilities and Design Weaknesses in iOS Healthcare Apps
D’Orazio C and Choo KKR 2015. A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps. In Proceedings of 48th Annual Hawaii International Conference on System Sciences (HICSS 2015), pp. 5175–5184, 5–8 January 2015, IEEE Computer Society Press
10 Pages Posted: 7 Jan 2015
Date Written: January 6, 2015
Due to the capability of mobile applications (or apps, as they are commonly known) to access sensitive data and personally identifiable information (PII) such as medical history and electronic health transactions, they present a genuine security and privacy threat to their users. In this paper, we propose a generic process to identify vulnerabilities and design weaknesses in apps for iOS devices. We validate our process with a widely used Australian Government Healthcare app and revealed previously unknown/unpublished vulnerability that consequently exposes the user’s sensitive data and PII stored on the device. We then propose several recommendations with the hope that similar structural mistakes can be avoided in future app design.
Keywords: iOS healthcare apps, mpbile app security, mpbile security, mobile vulnerabilities and design weaknesses
JEL Classification: C88, C89, K42, K49
Suggested Citation: Suggested Citation