research paper on mobile device security

Handbook of Computer Networks and Cyber Security pp 585–608 Cite as

A Systematic Review on Security and Privacy Issues in Mobile Devices and Systems

• Mohamed Alloghani 5 ,
• Thar Baker 5 ,
• Dhiya Al-Jumeily 5 ,
• Abir Hussain 5 ,
• Jamila Mustafina 6 &
• Ahmed J. Aljaaf 5  
• First Online: 01 January 2020

3980 Accesses

4 Citations

The number of mobile devices that are getting connected to the Internet is on the rise and interconnectivity has brought together billions of devices in the cyber-sphere. The chapter focuses on security and privacy of mobile devices and systems for identifying security and privacy issues as well as the current measures of detecting and preventing such issues. The systematic review methodology will rely on the PRISMA checklist and flowchart to include and exclude papers in the review process. However, given the nature and debates around privacy and security in mobile systems, the search will be conducted in several databases which Digital library IEEE Xplore, Digital Library ACM, and the DBLP Computer Science Bibliography besides ProQuest Central and EBSCO. Given the number of databases that will be used to search for the articles, PICO will be used to prepare search strings and queries implemented in the databases. The results of the search will include descriptive statistics including distribution of articles per journal and year of publication as well as qualitative analysis of thematic areas emerging from the search string results. Finally, the findings and discussions will illuminate the problems identified, measures, and development in the provision of security and privacy in mobile systems. Probable research gaps and considerations for future studies will also be included in the conclusion section.

• Mobile systems
• Mobile systems security
• Mobile systems privacy
• Security in smart devices
• Privacy in smart devices
• Mobile health (mHealth) systems
• Mobile cloud
• Mobile networks
• Digital forensics
• Mobile applications and platforms
• Smartphone devices
• Big data cloud storage

This is a preview of subscription content, log in via an institution .

Buying options

• Available as PDF
• Read on any device
• Instant download
• Own it forever
• Available as EPUB and PDF
• Compact, lightweight edition
• Dispatched in 3 to 5 business days
• Free shipping worldwide - see info
• Durable hardcover edition

Tax calculation will be finalised at checkout

Purchases are for personal use only

Au, M. H., & Choo, K.-K. R. (2017). Chapter 1 – Mobile security and privacy. In M. H. Au & K.-K. R. Choo (Eds.), Mobile security and privacy: Advances, challenges and future research directions (pp. 1–4). Boston: Syngress. https://doi.org/10.1016/B978-0-12-804629- 6.00001-8 .

Chapter   Google Scholar  

Raggo, M. T., & Raggo, M. T. (2016). Chapter 3 – Mobile security countermeasures. In Mobile data loss (pp. 17–28). Boston: Syngress. https://doi.org/10.1016/B978-0- 12-802864-3.00003-9 .

Tully, S., & Mohanraj, Y. (2017). Chapter 2 – Mobile security: A practitioner’s perspective. In Mobile security and privacy (pp. 5–55). Boston: Syngress. https://doi.org/10.1016/B978- 0-12-804629-6.00002-X .

Rawat, D. B. (2013). Security, privacy, trust, and resource management in mobile and wireless communications . Hershey: IGI Global.

Google Scholar  

Huang, K., & Zhou, X. (2015). Cutting the last wires for mobile communications by microwave power transfer. IEEE Communications Magazine, 53 (6), 86–93.

Article   MathSciNet   Google Scholar  

Gupta, B. B., Agrawal, D., & Yamaguchi, S. (2016). Handbook of research on modern cryptographic solutions for computer and cyber security . Hershey: IGI Publishing. https://doi.org/10.4018/978-1-5225-0105-3 .

Book   Google Scholar  

Gupta, B. B., & Wang, H. (2018). Computer and cyber security: Principles, algorithm, applications, and perspectives . Boca Raton: Auerbach Publishers. Retrieved from https://books.google.co.ke/books?id=rXBRuQEACAAJ .

Akram, R. N., Chen, H. H., Lopez, J., Sauveron, D., & Yang, L. T. (2018). Security, privacy and trust of user-centric solutions. Future Generation Computer Systems, 80 , 417–420. https://doi.org/10.1016/j.future.2017.11.026 .

Article   Google Scholar  

Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76 , 146–164. https://doi.org/10.1016/j.comnet.2014.11.008 .

Sha, K., Wei, W., Andrew Yang, T., Wang, Z., & Shi, W. (2018). On security challenges and open issues in Internet of Things. Future Generation Computer Systems, 83 , 326–337. https://doi.org/10.1016/j.future.2018.01.059 .

Ferrari, R. (2015). Writing narrative style literature reviews. Medical Writing, 24 , 230–235. https://doi.org/10.1179/2047480615Z.000000000329 .

Nie, Y., & Ma, K.-K. (2002). Adaptive rood pattern search for fast block-matching motion estimation. IEEE Transactions on Image Processing, 11 (12), 1442–1449.

Moher, D., Liberati, A., & Tetzlaff, J. (2009). PRISMA 2009 flow diagram. The PRISMA Statement . https://doi.org/10.1371/journal.pmed1000097 .

Moher, D., Liberati, A., Tetzlaff, J., Altman, D. G., Altman, D., Antes, G., et al. (2009). Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. PLoS Medicine, 6 (7), e1000097. https://doi.org/10.1371/journal.pmed.1000097 .

Kitchenham, B., & Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering. Engineering, 2 , 1051. https://doi.org/10.1145/1134285.1134500 .

Kitchenham, B., Pearl Brereton, O., Budgen, D., Turner, M., Bailey, J., & Linkman, S. (2009). Systematic literature reviews in software engineering – A systematic literature review. Information and Software Technology, 51 (1), 7–15. https://doi.org/10.1016/j.infsof.2008.09.009 .

Brereton, P., Kitchenham, B. A., Budgen, D., Turner, M., & Khalil, M. (2007). Lessons from applying the systematic literature review process within the software engineering domain. Journal of Systems and Software . https://doi.org/10.1016/j.jss.2006.07.009 .

Budgen, D., & Brereton, P. (2006). Performing systematic literature reviews in software engineering. In Proceeding of the 28th International Conference on Software Engineering – ICSE’06 . https://doi.org/10.1145/1134285.1134500 .

Tarhan, A., Turetken, O., & Reijers, H. A. (2016). Business process maturity models: A systematic literature review. Information and Software Technology. https://doi.org/10.1016/j.infsof.2016.01.010 .

Biolchini, J., Mian, P. G., Candida, A., & Natali, C. (2005). Systematic review in software engineering. Engineering, 679 , 45. https://doi.org/10.1007/978-3-540-70621-2 .

Cerchione, R., & Esposito, E. (2016). A systematic review of supply chain knowledge management research: State of the art and research opportunities. International Journal of Production Economics . https://doi.org/10.1016/j.ijpe.2016.09.006 .

Pearson, F. (2014). Systematic approaches to a successful literature review. Educational Psychology in Practice . https://doi.org/10.1080/02667363.2014.900913 .

Selby, A., & Smith-Osborne, A. (2013). A systematic review of effectiveness of complementary and adjunct therapies and interventions involving equines. Health Psychology . https://doi.org/10.1037/a0029188 .

Wallace, B. C., Kuiper, J., Sharma, A., Zhu, M., Marshall, I. J., & Kuiper, J. (2016). Extracting PICO sentences from clinical trial reports using supervised distant supervision. Journal of Machine Learning Research, 17 , 132.

MathSciNet   Google Scholar  

Aslam, S., & Emmanuel, P. (2010). Formulating a researchable question: A critical step for facilitating good clinical research. Indian Journal of Sexually Transmitted Diseases and AIDS, 31 (1), 47–50. https://doi.org/10.4103/0253-7184.69003 .

Cooke, A., Smith, D., & Booth, A. (2012). Beyond PICO: The SPIDER tool for qualitative evidence synthesis. Qualitative Health Research . https://doi.org/10.1177/1049732312452938 .

O’Sullivan, D., Wilk, S., Michalowski, W., & Farion, K. (2013). Using PICO to align medical evidence with MDs decision making models. In Studies in health technology and informatics . https://doi.org/10.3233/978-1-61499-289-9-1057 .

Santos, C. M. d. C., Pimenta, C. A. d. M., & Nobre, M. R. C. (2007). The PICO strategy for the research question construction and evidence search. Revista Latino-Americana de Enfermagem . https://doi.org/10.1590/S0104-11692007000300023 .

Rivas-Ruiz, R., & Talavera, J. O. (2012). VII. Systematic search: how to look for medical documents . Ciudad de México: Revista Médica Del Instituto Mexicano Del Seguro Social.

Shetty, S., Pitti, V., Babu, C. L. S., Kumar, G. P. S., & Deepthi, B. C. (2010). Bruxism: A literature review. Journal of Indian Prosthodontist Society . https://doi.org/10.1007/s13191-011-0041-5 .

Timmins, F., & McCabe, C. (2005). How to conduct an effective literature search. Nursing Standard . https://doi.org/10.7748/ns2005.11.20.11.41.c4010 .

Çoğaltay, N., & Karadağ, E. (2015). Introduction to meta-analysis. In Leadership and organizational outcomes: Meta-analysis of empirical studies . https://doi.org/10.1007/978- 3-319-14908-0_2 .

Khoury, B., Lecomte, T., Fortin, G., Masse, M., Therien, P., Bouchard, V., et al. (2013). Mindfulness-based therapy: A comprehensive meta-analysis. Clinical Psychology Review . https://doi.org/10.1016/j.cpr.2013.05.005 .

Smith, B. R., & Blumstein, D. T. (2008). Fitness consequences of personality: A meta-analysis. Behavioral Ecology . https://doi.org/10.1093/beheco/arm144 .

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Ullah Khan, S. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems . https://doi.org/10.1016/j.is.2014.07.006 .

Hashem, I. A. T., Yaqoob, I., Badrul Anuar, N., Mokhtar, S., Gani, A., & Ullah Khan, S. (2014). The rise of “Big Data” on cloud computing: Review and open research issues. Information Systems . https://doi.org/10.1016/j.is.2014.07.006 .

Ammar, M., Russello, G., & Crispo, B. (2018). Internet of Things: A survey on the security of IoT frameworks. Journal of Information Security and Applications, 38 , 8–27. https://doi.org/10.1016/j.jisa.2017.11.002 .

Kumar, P. R., Raj, P. H., & Jelciana, P. (2018). Exploring data security issues and solutions in cloud computing. Procedia Computer Science, 125 , 691–697. https://doi.org/10.1016/j.procs.2017.12.089 .

Stergiou, C., Psannis, K. E., Kim, B.-G., & Gupta, B. (2018). Secure integration of IoT and Cloud Computing. Future Generation Computer Systems, 78 , 964–975. https://doi.org/10.1016/J.FUTURE.2016.11.031 .

Khelifi, H., Luo, S., Nour, B., & Shah, S. C. (2018). Security and privacy issues in vehicular named data networks: An overview. Mobile Information Systems, 2018 , 5672154:1–5672154:11. https://doi.org/10.1155/2018/5672154 .

Rauniyar, A., Hagos, D. H., & Shrestha, M. (2018, 2018). A crowd-based intelligence approach for measurable security, privacy, and dependability in internet of automated vehicles with vehicular fog. Mobile Information Systems , 7905960. https://doi.org/10.1155/2018/7905960 .

Volk, M., Sterle, J., & Sedlar, U. (2015). Safety and privacy considerations for mobile application design in digital healthcare. International Journal of Distributed Sensor Networks. https://doi.org/10.1155/2015/549420 .

Adat, V., & Gupta, B. B. (2017). Security in Internet of Things: Issues, challenges, taxonomy, and architecture. Telecommunication Systems, 67 , 1–19. https://doi.org/10.1007/s11235-017-0345-9 .

Chen, K., Zhang, S., Li, Z., Zhang, Y., Deng, Q., Ray, S., & Jin, Y. (2018). Internet-of-Things security and vulnerabilities: Taxonomy, challenges, and practice. Journal of Hardware and Systems Security, 2 (2), 97–110. https://doi.org/10.1007/s41635-017-0029-7 .

Chen, X. M., & Zou, S. H. (2014). A secure mobile payments protocol based on ECC. Applied Mechanics and Materials, 519–520 , 151–154. https://doi.org/10.4028/www.scientific.net/AMM.519-520.151 .

Das, A., & Khan, H. U. (2016). Security behaviors of smartphone users. Information and Computer Security, 24 (1), 116–134. https://doi.org/10.1108/ICS-04-2015-0018 .

Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in smart cities: Safety, security and privacy. Journal of Advanced Research . https://doi.org/10.1016/j.jare.2014.02.006 .

Kotz, D., Gunter, C. A., Kumar, S., Weiner, J. P., Arora, S., Yttri, J., et al. (2014). Privacy and security in mobile health (mHealth) research. Alcohol Research: Current Reviews . https://doi.org/10.1177/1357633X13487100 .

Chin, E., Felt, A. P., Sekar, V., & Wagner, D. (2012). Measuring user confidence in smartphone security and privacy. In Proceedings of the Eighth Symposium on Usable Privacy and Security – SOUPS’12 . https://doi.org/10.1145/2335356.2335358 .

Kang, S., Kim, J., & Hong, M. (2013). Go anywhere: User-verifiable authentication over distance-free channel for mobile devices. Personal and Ubiquitous Computing, 17 (5), 933–943. https://doi.org/10.1007/s00779-012-0531-4 .

Martínez-Pérez, B., de la Torre-Díez, I., & López-Coronado, M. (2015). Privacy and security in mobile health apps: A review and recommendations. Journal of Medical Systems . https://doi.org/10.1007/s10916-014-0181-3 .

Arora, S., Yttri, J., & Nilsen, W. (2014). Privacy and security in mobile health (mHealth) research. Alcohol Research, 36 (1), 143–150. Retrieved from https://search.proquest.com/docview/1685862596?accountid=145382 .

Garg, S. K., Lyles, C. R., Ackerman, S., Handley, M. A., Schillinger, D., Gourley, G., et al. (2016). Qualitative analysis of programmatic initiatives to text patients with mobile devices in resource-limited health systems. BMC Medical Informatics and Decision Making, 16 , 16. https://doi.org/10.1186/s12911-016-0258-7 .

Jiang, Y., & Liu, J. (2017). Health monitoring system for nursing homes with lightweight security and privacy protection. Journal of Electrical and Computer Engineering, 2017 , 1360289. https://doi.org/10.1155/2017/1360289 .

Mohit, P., Amin, R., Karati, A., Biswas, G. P., & Khan, M. K. (2017). A standard mutual authentication protocol for cloud computing based health care system. Journal of Medical Systems, 41 (4), 1–13. https://doi.org/10.1007/s10916-017-0699-2 .

Rakshitha, P., & Immanuel, A. (2017). A survey on context awareness security in healthcare. International Journal of Advanced Research in Computer Science, 8 (3). Retrieved from https://search.proquest.com/docview/1901458446?accountid=145382 .

Wazid, M., Zeadally, S., Das, A. K., & Odelu, V. (2016). Analysis of security protocols for mobile healthcare. Journal of Medical Systems, 40 (11), 1–10. https://doi.org/10.1007/s10916-016-0596-0 .

Yeh, K.-H. (2016). BSNCare+: A robust IoT-oriented healthcare system with non-repudiation transactions. Applied Sciences, 6 (12), 418. https://doi.org/10.3390/app6120418 .

Baig, M. M., Gholamhosseini, H., & Connolly, M. J. (2015). Mobile healthcare applications: System design review, critical issues and challenges. Australasian Physical & Engineering Sciences in Medicine, 38 (1), 23–38. https://doi.org/10.1007/s13246-014-0315-4 .

Chin-I, L., & Hung-Yu, C. (2015). An elliptic curve cryptography-based RFID authentication securing e-health system. International Journal of Distributed Sensor Networks . https://doi.org/10.1155/2015/642425 .

Dong, Q., Guan, Z., Gao, K., & Chen, Z. (2015). SCRHM: A secure continuous remote health monitoring system. International Journal of Distributed Sensor Networks . https://doi.org/10.1155/2015/392439 .

Jiang, S., Zhu, X., & Wang, L. (2015). EPPS: Efficient and privacy-preserving personal health information sharing in mobile healthcare social networks. Sensors, 15 (9), 22419–22438. https://doi.org/10.3390/s150922419 .

Watson, L., Pathiraja, F., Depala, A., O’Brien, B., & Beyzade, S. (2016). Ensuring safe communication in health care: A response to Johnston et al on their paper “Smartphones let surgeons know WhatsApp: An analysis of communication in emergency surgical teams”. The American Journal of Surgery, 211 (1), 302–303. https://doi.org/10.1016/j.amjsurg.2015.04.017 .

Yang, H., Kim, H., & Mtonga, K. (2015). An efficient privacy-preserving authentication scheme with adaptive key evolution in remote health monitoring system. Peer-To-Peer Networking and Applications, 8 (6), 1059–1069. https://doi.org/10.1007/s12083-014-0299-6 .

Bloem, C. M., & Miller, A. C. (2013). Disasters and women’s health: Reflections from the 2010 earthquake in Haiti. Prehospital and Disaster Medicine, 28 (2), 150–154. https://doi.org/10.1017/S1049023X12001677 .

Bloem, C., & Miller, A. (2011). (P1-20) disasters and women’s health: The 2010 earthquake in Haiti. Prehospital and Disaster Medicine, 26 (S1), s113. https://doi.org/10.1017/S1049023X11003529 .

Lee, C., Hsu, C., Lai, Y., & Vasilakos, A. (2013). An enhanced mobile-healthcare emergency system based on extended chaotic maps. Journal of Medical Systems, 37 (5), 1–9973. https://doi.org/10.1007/s10916-013-9973-0 .

Safavi, S., & Shukur, Z. (2014). Conceptual privacy framework for health information on wearable device. PLoS One, 9 (12). https://doi.org/10.1371/journal.pone.0114306 .

Shin, M. S., Jeon, H. S., Ju, Y. W., Lee, B. J., & Jeong, S.-P. (2015). Constructing RBAC based security model in u-healthcare service platform. The Scientific World Journal . https://doi.org/10.1155/2015/937914 .

Gupta, S., & Gupta, B. B. (2017). Detection, avoidance, and attack pattern mechanisms in modern web application vulnerabilities: Present and future challenges. International Journal of Cloud Applications and Computing (IJCAC), 7 (3), 1–43.

Mendez, I., & VandenHof, M. C. (2013). Mobile remote-presence devices for point-of-care health care delivery. Canadian Medical Association Journal, 185 (17), 1512–1516. Retrieved from https://search.proquest.com/docview/1476500625?accountid=145382 .

Hauk, L. (2018). Benefits and challenges of remote video auditing in the OR. AORN Journal, 107 (2), P7–P10. https://doi.org/10.1002/aorn.12078 .

Belsis, P., & Pantziou, G. (2014). A k-anonymity privacy-preserving approach in wireless medical monitoring environments. Personal and Ubiquitous Computing, 18 (1), 61–74. https://doi.org/10.1007/s00779-012-0618-y .

Chen, T., Chung, Y., & Lin, F. Y. S. (2012). A study on agent-based secure scheme for electronic medical record system. Journal of Medical Systems, 36 (3), 1345–1357. https://doi.org/10.1007/s10916-010-9595-8 .

Moorman, B. A., & Cockle, R. A. (2013). Medical device integration using mobile telecommunications infrastructure. Biomedical Instrumentation & Technology, 47 (3), 224–232. Retrieved from https://search.proquest.com/docview/1366370612?accountid=145382 .

Mulvaney, D., Woodward, B., Datta, S., Harvey, P., Vyas, A., Thakker, B., et al. (2012). Monitoring heart disease and diabetes with mobile internet communications. International Journal of Telemedicine and Applications, 2012 , 12. https://doi.org/10.1155/2012/195970 .

Lou, W., Liu, W., Zhang, Y., & Fang, Y. (2009). SPREAD: Improving network security by multipath routing in mobile ad hoc networks. Wireless Networks, 15 (3), 279–294. https://doi.org/10.1007/s11276-007-0039-4 .

Enenkel, M., See, L., Karner, M., Álvarez, M., Rogenhofer, E., Baraldès-Vallverdú, C., et al. (2015). Food security monitoring via mobile data collection and remote sensing: Results from the Central African Republic. PLoS One, 10 (11). https://doi.org/10.1371/journal.pone.0142030 .

Gheorghe, M. (2014). Mobile cloud computing for telemedicine solutions. Informatica Economica, 18 (4), 50–61. Retrieved from https://search.proquest.com/docview/1649081693?accountid=145382 .

Langovic, Z., Pazun, B., & Grujcic, Z. (2018). Processor systems security impact on business systems. In Economic and social development: Book of proceedings (pp. 443–449). Varazdin: Varazdin Development and Entrepreneurship Agency (VADEA). Retrieved from https://search.proquest.com/docview/2058257359?accountid=145382 .

Sengupta, S., & Sarkar, P. (2015). An augmented level of security for Bluetooth devices controlled by smart phones and ubiquitous handheld gadgets. International Journal of Information Engineering and Electronic Business, 7 (4), 58–75. https://doi.org/10.5815/ijieeb.2015.04.08 .

Taylor, E. (2016). Mobile payment technologies in retail: A review of potential benefits and risks. International Journal of Retail and Distribution Management, 44 (2), 159–177. Retrieved from https://search.proquest.com/docview/1767676353?accountid=145382 .

Chen, H., Lo, J., & Yeh, C. (2012). An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 36 (6), 3907–3915. https://doi.org/10.1007/s10916-012-9862-y .

Chen, Y., & Chou, J. (2015). ECC-based untraceable authentication for large-scale active-tag RFID systems. Electronic Commerce Research, 15 (1), 97–120. https://doi.org/10.1007/s10660-014-9165-0 .

Gupta, A., Kalra, A., Boston, D., & Borcea, C. (2009). MobiSoC: A middleware for mobile social computing applications. Mobile Networks and Applications, 14 (1), 35–52. https://doi.org/10.1007/s11036-008-0114-9 .

Kokemüller, J., & Roßnagel, H. (2012). Secure mobile sales force automation: The case of independent sales agencies. Information Systems and e-Business Management, 10 (1), 117–133. https://doi.org/10.1007/s10257-010-0157-x .

Yazji, S., Scheuermann, P., Dick, R. P., Trajcevski, G., & Jin, R. (2014). Efficient location aware intrusion detection to protect mobile devices. Personal and Ubiquitous Computing, 18 (1), 143–162. https://doi.org/10.1007/s00779-012-0628-9 .

Youn, T., Kim, J., & Lim, M. (2014). Study on two privacy-oriented protocols for information communication systems. Journal of Intelligent Manufacturing, 25 (2), 339–345. https://doi.org/10.1007/s10845-012-0654-5 .

Al-fayoumi, M. A., & Shilbayeh, N. F. (2014). Cloning SIM cards usability reduction in mobile networks. Journal of Network and Systems Management, 22 (2), 259–279. https://doi.org/10.1007/s10922-013-9299-8 .

Moon, S., & Yoon, C. (2015). Information retrieval system using the keyword concept net of the P2P service-based in the mobile cloud environment. Peer-To-Peer Networking and Applications, 8 (4), 596–609. https://doi.org/10.1007/s12083-014-0265-3 .

Spreitzenbarth, M., Schreck, T., Echtler, F., Arp, D., & Hoffmann, J. (2015). Mobile-sandbox: Combining static and dynamic analysis with machine-learning techniques. International Journal of Information Security, 14 (2), 141–153. https://doi.org/10.1007/s10207-014-0250-0 .

Wang, J., Floerkemeier, C., & Sarma, S. E. (2014). Session-based security enhancement of RFID systems for emerging open-loop applications. Personal and Ubiquitous Computing, 18 (8), 1881–1891. https://doi.org/10.1007/s00779-014-0788-x .

Hennig, N. (2018). Assessing your security and privacy needs. Library Technology Reports, 54 (3), 5. Retrieved from https://search.proquest.com/docview/2020766935?accountid=145382 .

Wang, M., Yan, Z., & Niemi, V. (2017). UAKA-D2D: Universal authentication and key agreement protocol in D2D communications. Mobile Networks and Applications, 22 (3), 510–525. https://doi.org/10.1007/s11036-017-0870-5 .

Kaur, K., & Chuchra, R. (2017). Proposing enhanced Na Gaun Technique (Engt) for resource block allocation in Lte(long term evolution) systems for improving quality of service. International Journal of Advanced Research in Computer Science, 8 (7). Retrieved from https://search.proquest.com/docview/1931114880?accountid=145382 .

Caballero-Gil, C., Caballero-Gil, P., Molina-Gil, J., Martín-Fernández, F., & Loia, V. (2017). Trust-based cooperative social system applied to a carpooling platform for smartphones. Sensors, 17 (2), 245. https://doi.org/10.3390/s17020245 .

Militano, L., Orsino, A., Araniti, G., & Iera, A. (2017). NB-IoT for D2D-enhanced content uploading with social trustworthiness in 5G systems. Future Internet, 9 (3), 31. https://doi.org/10.3390/fi9030031 .

Sherkar, R. M. (2015). An extension to android security framework. International Journal of Advanced Research in Computer Science, 6 (1). Retrieved from https://search.proquest.com/docview/1674900061?accountid=145382 .

Su-Wan, P., Lim, J., & Kim, J. N. (2015). A secure storage system for sensitive data protection based on mobile virtualization. International Journal of Distributed Sensor Networks . https://doi.org/10.1155/2015/929380 .

Dmitrienko, A., Liebchen, C., Rossow, C., & Sadeghi, A. R. (2014). On the (in)security of mobile two-factor authentication. In Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics) . https://doi.org/10.1007/978-3-662-45472-5_24 .

Školc, G., & Markelj, B. (2018). Smart cars and information security TT – Pametni avtomobili in informacijska varnost. Varstvoslovje, 20 (2), 218–236. Retrieved from https://search.proquest.com/docview/2095680841?accountid=145382 .

Hossain, M. S., Muhammad, G., Abdul, W., Song, B., & Gupta, B. B. (2018). Cloud-assisted secure video transmission and sharing framework for smart cities. Future Generation Computer Systems . https://doi.org/10.1016/j.future.2017.03.029 .

Plageras, A. P., Psannis, K. E., Stergiou, C., Wang, H., & Gupta, B. B. (2018). Efficient IoT-based sensor BIG data collection–processing and analysis in smart buildings. Future Generation Computer Systems . https://doi.org/10.1016/j.future.2017.09.082 .

Wang, L., Li, L., Li, J., Li, J., Gupta, B. B., & Liu, X. (2018). Compressive sensing of medical images with confidentially homomorphic aggregations. IEEE Internet of Things Journal . https://doi.org/10.1109/JIOT.2018.2844727 .

Bowen, K., & Pistilli, M. D. (2012). Student preferences for mobile app usage. Research Bulletin . https://doi.org/10.1002/pros.20492 .

Homscheid, D., Kilian, T., & Schaarschmidt, M. (2015). Offen versus geschlossen-Welchen Zusammenhang gibt es zwischen Apple iOS-und Android-App-Entwicklern? In Wirtschaftsinformatik (pp. 1191–1205).

Hu, H., Bezemer, C. P., & Hassan, A. E. (2018). Studying the consistency of star ratings and the complaints in 1 & 2-star user reviews for top free cross-platform Android and iOS apps. Empirical Software Engineering . https://doi.org/10.1007/s10664-018-9604-y .

Saltaformaggio, B., Choi, H., Johnson, K., Kwon, Y., Zhang, Q., Zhang, X., et al. (2016). Eavesdropping on fine-grained user activities within smartphone apps over encrypted network traffic. In Proceedings of the 10th USENIX Workshop on Offensive Technologies (WOOT 2016) . https://doi.org/10.1101/lm.529807 .

Ubhi, H. K., Kotz, D., Michie, S., van Schayck, O. C. P., & West, R. (2017). A comparison of the characteristics of iOS and Android users of a smoking cessation app. Translational Behavioral Medicine . https://doi.org/10.1007/s13142-016-0455-z .

Barrera, D., & Van Oorschot, P. (2011). Secure software installation on smartphones. IEEE Security and Privacy, 9 , 42–48. https://doi.org/10.1109/MSP.2010.202 .

Han, J., Yan, Q., Gao, D., Zhou, J., & Deng, R. H. (2013). Comparing mobile privacy protection through cross-platform applications. In Proceedings of the network and distributed system security symposium .

Kodali, R. K., Jain, V., Bose, S., & Boppana, L. (2017). IoT based smart security and home automation system. In Proceeding – IEEE International Conference on Computing, Communication and Automation, ICCCA 2016 . https://doi.org/10.1109/CCAA.2016.7813916 .

Michalevsky, Y., Boneh, D., & Nakibly, G. (2014). Gyrophone: Recognizing speech from gyroscope signals. In 23rd USENIX Security Symposium (USENIX Security 14) . https://doi.org/10.1109/IEMBS.2009.5333489.Active .

Sivaraman, V., Chan, D., Earl, D., & Boreli, R. (2016). Smart-phones attacking smart-homes. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks – WiSec’16 . https://doi.org/10.1145/2939918.2939925 .

Yoon, H. S., & Occeña, L. (2014). Impacts of customers’ perceptions on internet banking use with a smart phone. Journal of Computer Information Systems . https://doi.org/10.1080/08874417.2014.11645699 .

Shukla, D., Kumar, R., Serwadda, A., & Phoha, V. V. (2014). Beware, your hands reveal your secrets! In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security – CCS’14 . https://doi.org/10.1145/2660267.2660360 .

Younis, A. A., Malaiya, Y. K., & Ray, I. (2014). Using attack surface entry points and reachability analysis to assess the risk of software vulnerability exploitability. In Proceedings – 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering, HASE 2014 . https://doi.org/10.1109/HASE.2014.10 .

Loukas, G. (2015). Cyber-physical attack steps. In Cyber-physical attacks . Oxford: Butterworth-Heinemann. https://doi.org/10.1016/B978-0-12-801290-1.00005-9 .

Weber, J., Azad, M., Riggs, W., & Cherry, C. R. (2018). The convergence of smartphone apps, gamification and competition to increase cycling. Transportation Research Part F: Traffic Psychology and Behaviour. https://doi.org/10.1016/j.trf.2018.04.025 .

Wang, X., Shi, J., & Guo, L. (2013). Towards analyzing and improving service accessibility under resource enumeration attack. Procedia Computer Science, 17 , 836–843. https://doi.org/10.1016/j.procs.2013.05.107 .

Download references

Author information

Authors and affiliations.

Applied Computing Research Group, Liverpool John Moores University, Liverpool, UK

Mohamed Alloghani, Thar Baker, Dhiya Al-Jumeily, Abir Hussain & Ahmed J. Aljaaf

Kazan Federal University, Kazan, Russia

Jamila Mustafina

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Mohamed Alloghani .

Editor information

Editors and affiliations.

Department of Computer Engineering, National Institute of Technology Kurukshetra, Kurukshetra, India

Brij B. Gupta

Department of Computer Science, University of Murcia, Catedrático de Universidad, Murcia, Spain

Gregorio Martinez Perez

Department of Electrical Engineering and Computer Science, University of Cincinnati, Cincinnati, USA

Dharma P. Agrawal

LoginRadius Inc., Vancouver, BC, Canada

Deepak Gupta

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Cite this chapter.

Alloghani, M., Baker, T., Al-Jumeily, D., Hussain, A., Mustafina, J., Aljaaf, A.J. (2020). A Systematic Review on Security and Privacy Issues in Mobile Devices and Systems. In: Gupta, B., Perez, G., Agrawal, D., Gupta, D. (eds) Handbook of Computer Networks and Cyber Security. Springer, Cham. https://doi.org/10.1007/978-3-030-22277-2_23

Download citation

DOI : https://doi.org/10.1007/978-3-030-22277-2_23

Published : 01 January 2020

Publisher Name : Springer, Cham

Print ISBN : 978-3-030-22276-5

Online ISBN : 978-3-030-22277-2

eBook Packages : Computer Science Computer Science (R0)

Share this chapter

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Publish with us

Policies and ethics

• Find a journal
• Track your research

Help | Advanced Search

Computer Science > Cryptography and Security

Title: data security on mobile devices: current state of the art, open problems, and proposed solutions.

Abstract: In this work we present definitive evidence, analysis, and (where needed) speculation to answer the questions, (1) Which concrete security measures in mobile devices meaningfully prevent unauthorized access to user data? (2) In what ways are modern mobile devices accessed by unauthorized parties? (3) How can we improve modern mobile devices to prevent unauthorized access? We examine the two major platforms in the mobile space, iOS and Android, and for each we provide a thorough investigation of existing and historical security features, evidence-based discussion of known security bypass techniques, and concrete recommendations for remediation. We then aggregate and analyze public records, documentation, articles, and blog postings to categorize and discuss unauthorized bypass of security features by hackers and law enforcement alike. We provide in-depth analysis of the data potentially accessed via law enforcement methodologies from both mobile devices and associated cloud services. Our fact-gathering and analysis allow us to make a number of recommendations for improving data security on these devices. The mitigations we propose can be largely summarized as increasing coverage of sensitive data via strong encryption, but we detail various challenges and approaches towards this goal and others. It is our hope that this work stimulates mobile device development and research towards security and privacy, provides a unique reference of information, and acts as an evidence-based argument for the importance of reliable encryption to privacy, which we believe is both a human right and integral to a functioning democracy.

Submission history

Access paper:.

• Download PDF
• Other Formats

References & Citations

• Google Scholar
• Semantic Scholar

DBLP - CS Bibliography

Bibtex formatted citation.

Bibliographic and Citation Tools

Code, data and media associated with this article, recommenders and search tools.

• Institution

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs .

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• Perspect Health Inf Manag
• v.14(Winter); Winter 2017

Mobile Device Security: Perspectives of Future Healthcare Workers

Barbara hewitt.

Department of Health Information Management at Texas State University in San Marcos, TX

Diane Dolezel

Alexander mcleod, jr..

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients’ protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students’ perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants’ perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority.

Introduction

Healthcare professionals are responsible for protecting the privacy, security, and confidentiality of electronic health information. 1 Although the use of mobile devices by healthcare professionals increases connectivity and enables remote logins to electronic health records, it also introduces many significant new security risks. 2 , 3 Because more than 48 percent of all healthcare data breaches since 2010 involved laptops, desktops, or mobile devices, 4 it is not surprising that 168 of the 1,419 healthcare data breaches affecting more than 500 individuals involved the theft or loss of vulnerable mobile devices. 5 , 6

Despite the increase in healthcare data breaches involving mobile devices, the healthcare industry has not adopted standards for mobile devices, indicating a need for strong mobile device security policies. 7 , 8 The National Institute of Standards and Technology recommends increasing end users’ awareness of mobile device security measures, such as encrypting sensitive files, reporting loss or theft of the devices, and following procedures to correctly secure mobile devices or ensure that sensitive information cannot be stored on such devices. 9 A report by the Healthcare Information and Management Systems Society (HIMSS) Mobile Security Work Group rates the threat levels for breaches involving access, control, encryption, inappropriate or insecure storage, backups, and mobile device issues as high, and malware threats as moderate. 10

In light of the industry's emphasis on securing these devices, the central issue examined in this study is the need to understand the perceptions of future healthcare professionals regarding mobile device security. This topic is important because data breaches on healthcare mobile devices disrupt access to vital patient care information and may result in unauthorized disclosure of protected health information. 11 By exploring the perception of security and vulnerability, this study will help to determine if organizations need to increase security awareness among healthcare professionals through training and other programs.

Although healthcare practitioners face many challenges related to understanding mobile device security, evidence regarding their perceptions of mobile device security is lacking. 12 , 13 , 14 , 15 Specifically, very few studies have examined the perceptions of healthcare students or professionals on the severity of mobile device security threats, or the level of adoption of preventative mobile security measures. 16 , 17

According to the annual breach report of the US Department of Health and Human Services, 710 reported breaches have affected 22.5 million individuals from September 2009 to December 2012. 18 This report noted that 54 percent of all breaches occurring between 2011 and 2012 were hacking/information technology (IT) incidents and unauthorized access/disclosure. Subsequently, in 2012, healthcare organizations experienced fewer hacking/IT incidents (9 percent), and unauthorized access/disclosure decreased by 18 percent, but these two causes together still accounted for more than 44 percent of all individuals affected by a data breach. The types of devices used in 2012 were similar to those used in 2011, with desktop computers (12 percent), laptops (27 percent), and other portable electronic devices (9 percent) accounting for the majority of the breaches. 19

A 2015 report by the Department of Health and Human Services showed that the number of security breaches is increasing. 20 Table ​ Table1 1 lists the top 10 healthcare data breaches that occurred in 2015. In summary, the data in this report and the federal focus on mobile device security issues signal the necessity of adoption of better healthcare security practices to safeguard patients’ protected health information.

Top Ten Healthcare Data Breaches in 2015

Source: US Department of Health and Human Services. “Breaches Affecting 500 or More Individuals.” Available at https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf .

A study conducted by the Ponemon Institute 21 showed that more than 88 percent of healthcare organizations allow employees and medical staff to use personal mobile devices, including tablets and smartphones. These organizations have control over whether they will adopt security features, such as anti-malware software, spyware protection, and firewalls, on corporate-owned devices. However, these organizations have less control over whether these mobile device users adopt anti-malware software (23 percent), scan the devices before connecting to sources of confidential data (22 percent), or remove vulnerable mobile applications before accessing the system (14 percent).

Given the large number of healthcare-related mobile data breaches and the lack of regulations governing security, the aim of this study is to examine the perceptions of future health professionals concerning security threats, system susceptibility, threat severity, costs of providing safeguards, and the effectiveness of those safeguards in preventing mobile device security breaches in the healthcare environment.

Theoretical Framework

A review of security literature provided a theoretical framework for the examination of these issues. Liang and Xue's Technology Threat Avoidance Theory (TTAT) 22 explores whether individuals create a mental threat perception when they feel a danger is likely to cause undesirable consequences. This perception is important because undesirable consequences may deter practitioners from adopting security safeguards. TTAT also includes the effectiveness of safeguards and self-efficacy because an individual's perception of these variables influences their motivation to avoid security breaches. This theory is also useful in examining how healthcare professionals are employing avoidance mechanisms to ensure that their mobile devices are safeguarded from security breaches. The TTAT model is shown in Figure ​ Figure1 1 .

Technology Threat Avoidance Model

Note: Adapted from Liang, H., and Y. Xue. “Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective.” Journal of the Association for Information Systems 11, no. 7 (2010): 394–413. This diagram was generated by the researchers using Visio and was adapted to show only the significant paths identified by Liang and Xue.

In addition to TTAT constructs, the researchers wanted to explore if the respondents were aware of various security interventions for ameliorating loss and facilitating recovery from security breaches. Researchers included survey questions about awareness of specific security interventions that were adapted from general security awareness questions used by Bulgurcu et al. 23

Research Questions

Using validated survey items from these two prior research studies, the authors examined the following research questions:

• How do healthcare professionals perceive the susceptibility and severity of security threats on personal mobile devices?
• Are healthcare professionals aware of ways to reduce security threats on personal mobile devices?
• Do healthcare professionals know how to adopt and use effective mechanisms to reduce security threats on personal mobile devices?

The purpose of this exploratory survey study was to analyze the perceptions of mobile device security from the viewpoint of future healthcare professionals. The study site was the College of Health Professions at a large state university in the southern United States. Data were collected using a survey designed by the researchers that contained closed-ended questions. Microsoft Excel was used to generate descriptive statistics for respondents’ survey data.

Participants

The participants chosen for this study were campus-based and online students ( n = 443) enrolled in a College of Health Professions course. Participants were selected using convenience sampling. The participants are future healthcare professionals and thus potential future mobile device users. Examples of participants’ majors include health information management, physical therapy, and communication disorders.

Study Variables

This work used study variables incorporated from previously validated works. Definitions of Susceptibility, Severity, Threat, Effectiveness, Costs, Self-Efficacy, Motivation, Behavior, and Awareness were drawn from Liang and Xue 24 and Bulgurcu et al. 25 See Table ​ Table2 2 for a mapping of research questions to variables.

Data were collected from a survey adapted by the researchers from two prior studies. The majority of the questions were taken from a survey that was used to test the TTAT model, which focused on measures of security behaviors used to avoid security breaches. The questions examined whether individual security behaviors were motivated by knowledge of security threats, safeguards, susceptibility, severity, and awareness. Using these measures, this study aimed to determine how future healthcare professionals perceived threats to their mobile devices and what interventions they considered when responding to those threats. In addition to the constructs in the TTAT model (see Figure ​ Figure1), 1 ), this study aimed to explore whether the individuals were aware of intervention mechanisms for mobile device security, such as anti-malware software, passwords or biometrics, encryption, anti-theft apps, and backing up the mobile device. These questions were adapted from the study completed by Bulgurcu et al. 26

The survey was distributed in paper form to many of the campus-based students and through a SurveyMonkey web link for the remaining campus-based students and the online students. The survey consisted of 47 questions on a seven-point Likert scale (1 = strongly disagree, 7 = strongly agree) and invited respondents to rate their perceptions of the security of their mobile device, their awareness of security issues, and their behaviors toward protecting their mobile devices from security breaches. Typical questions asked participants to rate the chances of a breach on their mobile device or their awareness of mobile device features such as encryption or passwords. Demographic questions asked about the participant's classification (e.g., freshman, sophomore), educational level, college major, gender, age, and ethnicity.

Specifically, the scale used for this study measured whether individuals felt they were susceptible to security breaches (perceived susceptibility), whether they perceived a threat that their device could be compromised (perceived threat), and how severe the outcome from the breach would be (perceived severity). Safeguard cost and effectiveness are important considerations, and the survey asked participants about these aspects (safeguard cost and safeguard effectiveness). The study also measured whether students felt capable of installing and using security mechanisms that prevent security breaches (self-efficacy), whether they were motivated to secure their mobile device (motivation), and whether they actually secured their mobile device (behavior).

During the fall 2015 semester, the researchers obtained Institutional Review Board (IRB) approval and permission from the department chair to distribute the survey to students in the college. Next, individual department heads were contacted to make them aware of the study and get permission to survey their students. Then one or more instructors in the departments that agreed to participate were contacted to obtain permission to distribute surveys to the students in their classes.

Students enrolled in campus-based classes completed either paper surveys or the online version of the survey. All online students were e-mailed a link to the web-based survey. The first page of the survey included a consent form that all students were required to check before completing the survey. All survey responses were collected anonymously. Data were abstracted manually from the paper surveys and exported from the online survey tool. Data were then analyzed to understand whether respondents agreed or disagreed with the items on the survey.

Data Analysis

Descriptive statistical analysis was conducted to generate frequencies and percentages to describe the sample population. Similarly, data from the survey's Likert rating scale was consolidated and analyzed. Figure ​ Figure2 2 shows composite percentages for the constructs in the TTAT model to summarize the survey responses for technology threat avoidance.

Summary of Composite Percentages of Responses Related to Technology Threat Avoidance

Demographics

Four hundred forty-three students were invited to participate, and 335 students completed the survey, resulting in a response rate of 76 percent. The majority of the participants were female (75 percent). Ages ranged from 18 to 59 years, and 66 percent of the participants were 20 to 29 years of age. Forty-three percent were white, 38 percent were Hispanic or Latino, 12 percent were black or African American, 4 percent were other, 3 percent were Asian, and less than 1 percent were American Indian, Alaska Native, Native Hawaiian, or Pacific Islander. Table ​ Table3 3 shows the participants’ demographic data.

Participants’ Demographic Characteristics ( N = 335)

The participants’ student classifications included freshman (1 percent), sophomore (37 percent), junior (44 percent), senior (14 percent), master's (3 percent), PhD (1 percent), and other (less than 1 percent). Sixty-seven percent had some previous college, and 17 percent had an associate's degree. Thirty-five percent of the participants were physical therapy (35 percent), respiratory care (19 percent), or health information management (16 percent) majors. Table ​ Table4 4 shows the participants’ educational demographics.

Participants’ Educational Demographics ( N = 335)

Mobile Device Survey Analysis

This analysis presents the mobile device survey results by research question. First, to explore healthcare professionals’ perceptions of susceptibility and severity of security threats on personal mobile devices, data on perceptions about susceptibility, severity, threat, safeguard effectiveness, safeguard costs, self-efficacy, motivation, behavior, and awareness were analyzed. The results indicated that 44 percent of the respondents did not believe that their mobile device would be susceptible to a security breach; however, 76 percent perceived a severe danger to their personal information. Individuals perceived the severity of threats to their mobile devices; thus it was no surprise that 71 percent of the respondents indicated that their mobile device could be compromised when threatened by a security breach.

Less than half of the participants (48 percent) felt that they were extremely likely to experience a security breach on their mobile device, indicating that they do not feel susceptible to a breach. Privacy was important to the participants, with 87 percent conveying that a security breach on their mobile device would invade their privacy. Interestingly, 79 percent felt that it was risky to use their mobile device after a security breach because of perceived threat. Even though these individuals did not perceive that they were susceptible to a security breach, they recognized the threat that a security breach poses as well as the severity of those threats.

Second, to investigate if healthcare professionals were aware of ways to reduce security threats on personal mobile devices, the perceptions of safeguard effectiveness were examined. Eighty-two percent of the respondents believed that safeguards are effective, but only 36 percent reported knowing how to obtain security safeguards. Most respondents (67 percent) believed that they were capable of installing safeguards and managing safeguard configurations using help tools. Clearly, these respondents deem safeguards effective and are confident in their ability to use these tools.

Third, the study examined whether respondents were aware of threats, were motivated to prevent them, and behaved in secure ways to protect their mobile devices. Students were motivated to adopt security mechanisms, with 57 percent predicting they would use interventions to reduce security threats in the future. Conversely, only 42 percent reported that they were currently using security safeguards to protect their devices. This finding is concerning because the best way for individuals to reduce security threats is to apply safeguards to protect their mobile devices against security breaches.

Respondents were asked several questions related to awareness. When asked if they were aware that they could back up and recover the information on their device, 70 percent recognized that backup mechanisms could prevent loss of information. Although 61 percent were knowledgeable about passwords or biometric access control, only 29 percent knew that they could protect their mobile devices from malware, and 27 percent understood that encryption would improve security. Additionally, 33 percent indicated that they were knowledgeable about anti-theft apps for their mobile device.

The results of this work provide interesting insights into the perceptions of mobile device security among future healthcare professionals. This work considered three research questions. First, respondents were asked about their perceived susceptibility to and severity of security threats on personal mobile devices. Students did not believe their devices to be susceptible to security breaches; however, responses were overwhelmingly affirmative for perceived severity, indicating that the respondents perceived severe threats to their personal information in a security breach. These results are not encouraging because perceptions of susceptibility are low while perceptions of severity are high. This finding raises a question: why?

Second, the study aimed to determine if healthcare professionals were aware of ways to reduce security threats on personal mobile devices. Overall, the respondents reported that they were knowledgeable of some safeguards, such as the ability to back up their device and use passwords or other authentication mechanisms, the costs of safeguards, and the availability of safeguards to reduce threats and security breaches. This awareness included knowing that safeguards could determine whether a breach had occurred, could improve the ability to protect against a security breach, and could enhance effectiveness in preventing future breaches. Being aware of these types of products is important in the mobile device environment because hackers and thieves ply their trade in mobile settings. Fewer individuals were aware of safeguards such as anti-malware software, encryption, and anti-theft apps. Thus, increasing future healthcare professionals’ awareness of these safeguards is essential to protect health information.

The third research question asked if respondents were adopting security measures for their personal mobile devices. The respondents reported their willingness to adopt security measures in the future, but few reported that they were already engaging in accepted security behaviors. Respondents reported that they knew how to obtain security safeguards but expressed concerns that security safeguards can cause problems with other apps or are too much trouble to install. Less than 29 percent reported that they update their devices on a regular basis. In summary, responses were mixed on the necessity of buying security software, and respondents were concerned about problems that may occur during and after installation of security software. Again, more training on mobile device security could help increase the security awareness and behaviors of these future healthcare professionals.

Increasingly, healthcare organizations are turning to mobile devices to improve usability of electronic systems, increase ease of use for practitioners, and untether devices from physical locations. In doing so, healthcare system security is directly affected, and thus health information management professionals shoulder responsibility for protecting against security breaches and preventing access by those that would do harm. Our results indicate that students who are future healthcare professionals realize the severity of security threats but do not feel that their mobile devices are susceptible. In addition, they feel that they are capable of using safeguards and that those safeguards are effective in preventing security breaches. Although they are not adopting many mobile security safeguards, they are aware of most mechanisms used to support mobile security. These findings indicate that increasing security awareness among healthcare professionals should be a priority as one pathway to increase the rate of adoption of mobile device security mechanisms.

This study is limited in a number of ways. First, respondents from a single institution were surveyed, and this group may not be reflective of the population. Second, the items incorporated in the survey were taken from a single theory and publication. While this work shows strong results, other theories may provide implications that are more meaningful. Finally, the study was limited to a single method, and we could not control for common method variance.

Future mobile security research should explore healthcare settings to see if the perceptions found in this work hold true in hospitals, physicians’ offices, pharmacies, and other environments. It would also be interesting to survey a variety of healthcare professionals and examine how their perceptions vary from those noted in this work.

The role of future health professionals in securing mobile devices requires substantial consideration because of the increasing number of data breaches in the healthcare industry. Because they will be responsible for the personal health information of others, it is important to understand their knowledge and perceptions of privacy, security, and protective interventions. The results of this survey clearly demonstrate that much needs to be done to increase the security awareness of health professionals.

Contributor Information

Barbara Hewitt, Department of Health Information Management at Texas State University in San Marcos, TX.

Diane Dolezel, Department of Health Information Management at Texas State University in San Marcos, TX.

Alexander McLeod, Jr., Department of Health Information Management at Texas State University in San Marcos, TX.

Mobile security technology for smart devices

Ieee account.

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Misuse of a Mobile Driver’s License (mDL) Investigative Aid

Mobile driver’s licenses are gaining traction in the United States, though implementation varies across the nation. A mobile driver’s license (mDL) is a digital representation of a state-issued driver’s license that is stored on a mobile device. Cases of identity fraud associated with digital identities will likely increase as mDL usage becomes more widespread. As a result, investigators will need to be prepared for this new technology and know what type of evidence may support investigations. 

• Science and Technology