Context: Mobile health applications (mHealth apps for short) are being increasingly adopted in the healthcare sector – enabling stakeholders such as governments, health units, medics, and patients – to utilize health services in a pervasive manner. Despite having several known benefits, mHealth apps entail significant security and privacy challenges that can lead to data breaches with serious social, legal, and financial consequences. Objective: This research presents an empirical investigation about security awareness of end-users of mHealth apps that are available on major mobile platforms, including Android and iOS. Method: We collaborated with two mHealth providers in Saudi Arabia to survey 101 end-users, investigating their security awareness about (i) existing and desired security features, (ii) security related issues, and (iii) methods to improve security knowledge. Results: Findings indicate that majority of the end-users are aware of the existing security features provided by the apps (e.g., restricted app permissions); however, they desire usable security (e.g., biometric authentication) and are concerned about privacy of their health information (e.g., data anonymization). End-users suggested that protocols such as Two-factor authentication (2FA) positively impact security but compromise usability of the app. Security-awareness via social media, peer guidance, or training from app providers can increase end-users’ trust in mHealth apps. Conclusion: This research investigates human-centric knowledge based on empirical evidence and provides a set of guidelines to develop secure and usable mHealth apps.
SA1: The app requested my consent to share my health data: (View for iKFMC App, View for Dr. Sulaiman Alhabib app)
Note: Habib Medical Group is referring to both the Website and the App as the "Sites" in the privacy policy.
SA2: The app does not ask for more personal information than what is needed: (N/A for iKFMC App, View for Dr. Sulaiman Alhabib app)
SA3: The app does not collect data without my permission: (N/A for iKFMC App, View for Dr. Sulaiman Alhabib app)
SA4: The app provides the feature of using two-authentication factor: (View for iKFMC App, View for Dr. Sulaiman Alhabib app)
SA5: The app accepts weak password when creating a password: (View for iKFMC App, N/A for Dr. Sulaiman Alhabib app)
SA6: The app has very adjustable security settings and easy-to-use: (View for iKFMC App, View for Dr. Sulaiman Alhabib app)
SA7: The app provides a channel to contact the developer or admin to report an issue: (View for iKFMC App, View for Dr. Sulaiman Alhabib app)
SA8: The app has the feature of wiping all my health data if my phone is lost or stolen: (N/A for both apps)
Approval from the University of Adelaide: View the approval
Approval from King Fahad Medical City: View the approval
Approval from Dr. Sulaiman Al habib Medical Group: View the approval
Mobile platforms. View figure
Type of mobile devices. View figure
Gender classification. View figure
Age groups. View figure
IT knowledge level. View figure
Level of formal education. View figure
Frequency of mHealth apps usage. View figure
Overview of the Developers’ and End-Users’ Perspective for Secure mHealth Apps. View figure
Overview of the Research Methodology. View figure
The Steps to identify data access method. View figure
The Steps of Applying Thematic Analysis on Qualitative Data. View figure
Illustration View of Study Results
End-Users Awareness about Existing Security Features. View figure
Preferred Security Features by our Respondents. View figure
Security Issues with the Examined mHealth Apps by our Respondents. View figure
Methods to Improve End-users’ Security Awareness by App Providers. View figure
Respondents’ Perceived Importance of Securing Private Data within the Apps. View figure
Taxonomical Classification of the Core Findings (Key Results for all RQs). View document
The Full Reports of the Statistical Analysis (Independent-Sample T-Test and Kruskal-Wallis H Test)
Independent-Sample T-test Results for Participants Security Awareness based on Gender. View report
Independent-Sample T-test Results for Participants Security Awareness based on the Used mHealth App. View report
Independent-Sample T-test Results for Participants Security Awareness based on the Used Device. View report
Kruskal-Wallis H test Results for Participants Security Awareness based on Level of IT Knowledge. View report
Kruskal-Wallis H test Results for Participants Security Awareness based on Age Group. View report
Kruskal-Wallis H test Results for Participants Security Awareness based on Formal Education. View report
Kruskal-Wallis H test Results for Participants Security Awareness based on the Frequency of mHealth App Usage. View report