Security Concerns in Android mHealth Apps

gunterCarl Gunter

Department of Computer Science
University of Illinois at Urbana-Champaign

Mobile Health (mHealth) applications lie outside of regulatory protection such as HIPAA, which requires a baseline of privacy and security protections appropriate to sensitive medical data. However, mHealth apps, particularly those in the app stores for iOS and Android, are increasingly handling sensitive data for both professionals and patients. I will present a series of three studies of the mHealth apps in Google Play, showing that mHealth apps make widespread use of unsecured Internet communications and third-party servers. Both of those practices would be considered problematic under HIPAA, suggesting that increased use of mHealth apps could lead to less secure treatment of health data unless mHealth vendors make improvements in the way they communicate and store data.



Carl A. Gunter received his B.A. from the University of Chicago in 1979 and his Ph.D. from the University of Wisconsin at Madison in 1985. He worked as a postdoctoral researcher at Carnegie-Mellon University and the University of Cambridge in England before joining the faculty of the University of Pennsylvania in 1987. In 2004, he came to the University of Illinois at Urbana-Champaign, where he is now a professor in the Computer Science Department and the College of Medicine. He serves as the director of the Illinois Security Lab, the Health Information Technology Center (HITC), and the Strategic Advanced Research Projects on Security (SHARPS).

Professor Gunter has made research contributions in the semantics of programming languages, formal analysis of networks and security, and privacy. His contributions to the semantics of programming languages include the interpretation of subtypes using implicit coercions, type inference for continuations and prompts, the use of Grothendieck fibrations as a model of parametric polymorphism, the mixed powerdomain, and the use of Petri nets as a model of linear logic. His 1992 textbook and his chapter in the Handbook of Theoretical Computer Science are standard references on the semantics of programming languages. He has also served extensively as a research consultant and expert witness on programming languages and software. Professor Gunter’s contributions to the formal analysis of networks and security include the Packet Language for Active Networks (PLAN), the WRSPM reference model for requirements and specifications, the first formal analyses of Internet and ad hoc routing protocols, the Verisim system for analyzing network simulations, and exploitation of bandwidth contention as a DoS countermeasure. His work on privacy includes the first research on certificate retrieval for trust management and the formal analysis of regulatory privacy rules. Professor Gunter founded Probaris Technologies, a company in the Philadelphia area that provides credentials for employees of government agencies such as the Social Security Administration and the Patent and Trade Office.

His recent research focuses on security and privacy issues for the electric power grid and healthcare information technologies.