Security Awareness of End-Users of Mobile Health Applications: An Empirical Study

TL;DR

This empirical study investigates end-user security awareness in mobile health applications, revealing knowledge-behavior gaps that threaten health data security and emphasizing the need for targeted training and best practices.

Contribution

It provides empirical evidence and guidelines on end-user security awareness in mHealth apps, highlighting behavioral gaps despite knowledge.

Findings

End-users lack appropriate security behaviors despite knowledge.

Reluctance or misunderstanding hampers security practice adoption.

Training and best practices can improve security awareness.

Abstract

Mobile systems offer portable and interactive computing, empowering users, to exploit a multitude of context-sensitive services, including mobile healthcare. Mobile health applications (i.e., mHealth apps) are revolutionizing the healthcare sector by enabling stakeholders to produce and consume healthcare services. A widespread adoption of mHealth technologies and rapid increase in mHealth apps entail a critical challenge, i.e., lack of security awareness by end-users regarding health-critical data. This paper presents an empirical study aimed at exploring the security awareness of end-users of mHealth apps. We collaborated with two mHealth providers in Saudi Arabia to gather data from 101 end-users. The results reveal that despite having the required knowledge, end-users lack appropriate behaviour , i.e., reluctance or lack of understanding to adopt security practices, compromising health-critical data with social, legal, and financial consequences. The results emphasize that mHealth providers should ensure security training of end-users (e.g., threat analysis workshops), promote best practices to enforce security (e.g., multi-step authentication), and adopt suitable mHealth apps (e.g., trade-offs for security vs usability). The study provides empirical evidence and a set of guidelines about security awareness of mHealth apps.