No Risk, More Fun! Automating Breach of Confidentiality Risk Assessment for Android Mobile Health Applications

Proceedings of the 52nd Hawaii International Conference on System Sciences (HICSS 2019), Forthcoming

10 Pages Posted: 13 Oct 2018

See all articles by Thomas Brüggemann

Thomas Brüggemann

University of Cologne

Tobias Dehling

Karlsruhe Institute of Technology

Ali Sunyaev

University of Cologne; Karlsruhe Institute of Technology

Date Written: 2018

Abstract

With the rapidly rising number of mobile health (mHealth) applications (apps), it is unfeasible to manually review mHealth apps for information privacy risks. One salient information privacy risk of mHealth apps are confidentiality breaches. We explore whether and how static code analysis is a feasible technology for app review automation. Evaluation of our research prototype shows that, on average, our prototype detected one breach of confidentiality risk more than human reviewers. Contributions are the demonstration that static code analysis is a feasible technology for detection of confidentiality breaches in mHealth apps, the derivation of eight generic design patterns for confidentiality breach risk assessments, and the identification of architectural challenges that need to be resolved for widespread dissemination of breach of confidentiality risk assessment tools. In terms of effectiveness, humans still outperform computers. However, we build a foundation for leveraging computation power to scale up breach of confidentiality risk assessments.

Keywords: information privacy, mHealth, static code analysis, breach of confidentiality, mobile health

JEL Classification: L86

Suggested Citation

Brüggemann, Thomas and Dehling, Tobias and Sunyaev, Ali, No Risk, More Fun! Automating Breach of Confidentiality Risk Assessment for Android Mobile Health Applications (2018). Proceedings of the 52nd Hawaii International Conference on System Sciences (HICSS 2019), Forthcoming. Available at SSRN: https://ssrn.com/abstract=3252646

Thomas Brüggemann

University of Cologne ( email )

Albertus-Magnus-Platz
Cologne, 50923
Germany

Tobias Dehling (Contact Author)

Karlsruhe Institute of Technology ( email )

Kaiserstraße 12
Karlsruhe, Baden Württemberg 76131
Germany

Ali Sunyaev

University of Cologne ( email )

Albertus-Magnus-Platz
Cologne, 50923
Germany

HOME PAGE: http://www.isq.uni-koeln.de

Karlsruhe Institute of Technology ( email )

Kaiserstraße 12
Karlsruhe, Baden Württemberg 76131
Germany

Register to save articles to
your library

Register

Paper statistics

Downloads
14
Abstract Views
110
PlumX Metrics