The use of apps to improve health and wellbeing outcomes is increasing considerably.  There are  over 400,000 health apps available worldwide, so identifying those that have clinical and technical merits, are safe to use, and are secure and private, is challenging.  There are numerous Health App Assessment Frameworks such as DTAC to aid the selection process.  However, security and privacy is only ‘somewhat addressed’.

In addition to general development challenges, other factors complicate the security and privacy of mApps including:

  • external drivers;  e.g. operating system changes
  • a multitude of standards / baselines.
  • regulatory requirements;  mHealth Apps needing to meet higher regulatory approvals, and provide evidence as often as changes dictate

Reviewing a company’s processes and credentials, coupled with the traditional though variable penetration testing approach is not necessarily the most beneficial and cost effective way to provide a sufficient and sustainable level of app security and privacy.

Kryptowire kindly participated in the webinar as one of the world experts in mobile security.  They demonstrated their cloud based aMAST solution, which assesses the security and privacy of medical apps to stringent standards delivering actionable results in less than 2hrs (average 40mins).  The high-quality, speed and cost effectiveness is disruptive and is transforming the security and privacy aspects of mobile app vetting and development.

Do note though that reports require expert review and interpretation after receipt – they will identify all potential vulnerabilities although these may include features of the app, such as camera use, that are features and not issues. It is also worth bearing in mind is that use of the Kryptowire tool is carefully controlled so as not to allow bad guys to find those vulnerabilities before they have been eliminated.

Kryptowire’s is the app security and privacy technology of choice for many US Government Agencies and Fortune 2000 companies.  In the UK, Kryptowire’s customers include DWP, DfE, Police, BSi, and a major bank is rolling Kryptowire out worldwide.  In the Health Sector, Kryptowire’s customers include the US Food and Drugs Administration (FDA) and NHS Digital.

Kryptowire is offering two DHACA member organisations a Kryptowire PDF Report of one of their mApps.  The c60 page report will indicate, and provide evidence of what vulnerabilities there are, where they are (line of code), why its important and will advise on remediation, thereby enabling the member to quickly review and rectify any issues. Please contact me (charles.lowe@dhaca.org.uk) if you are interested.

A copy of the recording is here.