A Generic Process to Identify Vulnerabilities and Design Weaknesses in iOS Healthcare Apps

D’Orazio C and Choo KKR 2015. A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps. In Proceedings of 48th Annual Hawaii International Conference on System Sciences (HICSS 2015), pp. 5175–5184, 5–8 January 2015, IEEE Computer Society Press

10 Pages Posted: 7 Jan 2015

See all articles by Christian D’Orazio

Christian D’Orazio

University of South Australia

Kim-Kwang Raymond Choo

The University of Texas at San Antonio

Date Written: January 6, 2015

Abstract

Due to the capability of mobile applications (or apps, as they are commonly known) to access sensitive data and personally identifiable information (PII) such as medical history and electronic health transactions, they present a genuine security and privacy threat to their users. In this paper, we propose a generic process to identify vulnerabilities and design weaknesses in apps for iOS devices. We validate our process with a widely used Australian Government Healthcare app and revealed previously unknown/unpublished vulnerability that consequently exposes the user’s sensitive data and PII stored on the device. We then propose several recommendations with the hope that similar structural mistakes can be avoided in future app design.

Keywords: iOS healthcare apps, mpbile app security, mpbile security, mobile vulnerabilities and design weaknesses

JEL Classification: C88, C89, K42, K49

Suggested Citation

D’Orazio, Christian and Choo, Kim-Kwang Raymond, A Generic Process to Identify Vulnerabilities and Design Weaknesses in iOS Healthcare Apps (January 6, 2015). D’Orazio C and Choo KKR 2015. A generic process to identify vulnerabilities and design weaknesses in iOS healthcare apps. In Proceedings of 48th Annual Hawaii International Conference on System Sciences (HICSS 2015), pp. 5175–5184, 5–8 January 2015, IEEE Computer Society Press. Available at SSRN: https://ssrn.com/abstract=2545755

Christian D’Orazio

University of South Australia ( email )

37-44 North Terrace, City West Campus
Adelaide, South Australia 5001
Australia

Kim-Kwang Raymond Choo (Contact Author)

The University of Texas at San Antonio ( email )

San Antonio, TX 78249
United States
+12104587867 (Phone)

HOME PAGE: http://https://sites.google.com/site/raymondchooau/

Register to save articles to
your library

Register

Paper statistics

Downloads
62
Abstract Views
504
rank
346,363
PlumX Metrics