Forensic Taxonomy of Popular Android mHealth Apps

TL;DR

This paper analyzes 40 popular Android mHealth apps to develop a forensic taxonomy that aids digital investigations by identifying recoverable evidentiary artifacts such as user details, location history, and credentials.

Contribution

It introduces a novel forensic taxonomy for Android mHealth apps, enabling efficient collection and analysis of digital evidence from these applications.

Findings

Recovered user credentials including passwords and PINs

Located user profile pictures and location timestamps

Identified artifacts like user details, location history, and food habits

Abstract

Mobile health applications (or mHealth apps, as they are commonly known) are increasingly popular with both individual end users and user groups such as physicians. Due to their ability to access, store and transmit personally identifiable and sensitive information (e.g. geolocation information and personal details), they are potentially an important source of evidentiary materials in digital investigations. In this paper, we examine 40 popular Android mHealth apps. Based on our findings, we propose a taxonomy incorporating artefacts of forensic interest to facilitate the timely collection and analysis of evidentiary materials from mobile devices involving the use of such apps. Artefacts of forensic interest recovered include user details and email addresses, chronology of user locations and food habits. We are also able to recover user credentials (e.g. user password and four-digit app login PIN number), locate user profile pictures and identify timestamp associated with the location of a user.