Health data is considered one of the most sensitive information types. In recent years, with the growth of the “app economy” and popularity of “quantified self” cultural phenomenon, many mobile applications that support medical services, monitor physical activity, eating habits, sleeping patterns, and medication adherence, and even operate medical have arisen on the market. Many of those apps market themselves in the wellness, not necessarily medical, category, and therefore, often avoid the rigor of compliance with the regulation protecting health information, such as Health Insurance Portability and Accountability Act (HIPAA). However, the information those apps handle, its granularity and volume, pose serious privacy and security concerns.

Research goal: In this study we aim at leveraging the existing mobile app testing/analysis infrastructure, AppCensus, created by our research group, to analyze the network traffic of mobile applications in health and wellness category to understand what information they collect, share, and use, how, with whom, and for what purposes, and to discover potential privacy and security vulnerabilities. We also plan to complement the research with the analysis of privacy policies of these apps, their adherence to HIPAA requirements and standards, survey of users’ expectations, and app developers’ opinions.

Potential studies:

• Identify health-related apps, run them through AppCensus, and then determine whether any of their observed behaviors may be violating health data regulations.