Security key to mHealth success

Thu 23 July 2020 By David Stewart

Category: Mobile App Authentication, Repackaged Apps, MitM Attack, Certificate Pinning, API Security, Healthcare

 

 
In 2016, mHealth apps were the third fastest-growing category of apps behind games and utilities. In 2017, the number of healthcare applications available for smartphone users doubled from that of 2015 to 325,000, from 84,000 different publishers, with an estimated 3.7 billion downloads that year. By 2018, nearly a third of all patients were using their mobile phone for health-related searches and for booking appointments, an overwhelming 99% of consumers believed that mHealth apps improved their quality of life and 70% of millennials were interested in a mobile app that would help them actively manage their well-being. By 2027, mHealth app usage among patients is projected to grow at a 10-year CAGR of 40%.
Read More

Scanshake: Meeting the Need for Decentralised Contact Tracing

Thu 25 June 2020 By Richard Taylor

Category: Business, Threats, Healthcare

As we discussed in our previous blog, there is a strong argument to be made that Bluetooth Contact tracing is too Blue Sky. The technology has been overhyped, over promised and, in the UK at least , the delivery so bungled that public confidence has been completely undermined. In the meantime we are stepping back to manual contact tracing efforts, with privacy characteristics that don’t come anywhere close to the lofty aspirations of decentralised contact tracing apps.

Read More

Is Bluetooth Contact Tracing Too Blue-Sky?

Wed 24 June 2020 By Richard Taylor

Category: Threats, Mobile App Development, API Security, Healthcare

Contact tracing has been in the news a lot in recent months. No wonder. It’s widely seen as playing a key role in opening our societies up again after lockdown, and an important part of the strategy for countries that have already done well in suppressing transmissions. As technologists we, and many like us, immediately jumped onto the possibilities of Bluetooth. A ready made technology available on just about every smartphone designed for ubiquitous short range radio communication. Perfect. We just need to throw an app together and we can map all the contacts people are having day to day, so if anyone gets sick we can automatically alert anyone else that might have been exposed. Cool. Should be ready in a couple of weeks, right?

Read More

Preventing Faked Proximity

Fri 15 May 2020 By Richard Taylor

Category: Threats, MitM Attack, API Abuse, API Security, Healthcare

We’ve been thinking a lot about contact tracing apps in recent weeks. There are ongoing debates about whether a centralised or decentralised model is superior, and how the ensuing discussions around privacy will impact their takeup. 

Read More

UK Contact Tracing App Privacy Risks

Tue 05 May 2020 By Richard Taylor

Category: Threats, Mobile App Development, API Security, Healthcare

More details of the UK's controversial NHSX contact tracing app are being released as the app starts a wider scale trial on the Isle of Wight this week. NHSX is a digital transformation group associated with the UK National Health Service.

Why controversial? There are many reasons, some to do with how the app development was initially procured, but also specifically from a technical perspective as the UK has opted for a centralised contact tracing approach rather than the decentralised model being championed by Apple and Google amongst others (including ourselves).

Read More

Protecting Personal Information & Sensitive Data In Mobile Health Apps

Mon 20 April 2020 By David Stewart

Category: Account Hijacking, Mobile App Authentication, Scrapers, Bots, API Security, Healthcare

Recent years have seen a move towards cloud platforms and mobile health apps for citizens -- applications and data processing systems that enable ordinary people to interact with their health providers, make appointments with medical professionals, order prescriptions, and gain on-demand access to their medical records. The ongoing COVID-19 pandemic is putting greater emphasis on this trend, as citizens clamour for the latest news, advice, and best practices, while government and health organisations look to digital technologies to help them develop treatment protocols, track the progress of the virus spread, and monitor the condition of all those affected.

Read More

Contact Tracing Apps: Privacy vs. Security?

Thu 16 April 2020 By Richard Taylor

Category: Mobile App Authentication, Threats, API, API Abuse, API Security, Healthcare

Photo by Fusion Medical Animation on Unsplash

Last Friday, there was an unusual joint announcement from Apple and Google providing details of a new phone API for Covid-19 contact tracing via Bluetooth. The protocol allows mobile phones to continually transmit Bluetooth advertisements to one another. This includes a proximity identifier derived from randomly generated keys that can be held secretly on each device. If a phone user is later diagnosed with Covid-19, they are able to upload the daily tracing keys for those days when they might have been infectious. 

Read More

Page 1 of 1