Using the Metadata-Based App-PI Ecosystem to Assess the Privacy Impact of Health Apps

Abstract

Mobile applications (apps) facilitate the management of devices and sensors from mobile devices in IoE environments. However, their use carries risks for the privacy of their users: many of them manage personal data. The App-PI (App Privacy Impact) ecosystem analyzes the impact of apps on privacy, addressing the challenge of knowing, under- standing and mitigating these risks. In App-PI, a metadata warehouse, a set of analysis tools that calcu- late indicators, a visualization platform, and verification processes, col- laborate. Data flows between these components to provide persons using the visualization platform with accurate, reliable, and understandable information. The warehouse hosts metadata related to the privacy and security of mobile apps. The data flow starts with the collection and integration of data hosted in the warehouse. The analysis tools use these data to calculate indicators that provide objective measures of the risk associated with each app. These values are the input for a verification process based on static analysis, which provides confidence. To make it easier for end users to understand these indicators, they are displayed on the visualization platform with easy-to-understand charts. The flows and usefulness of this ecosystem are shown for health and wellness apps, characteristic of IoE environments.