Skip to main content
SpringerLink
Log in

Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2022)

Abstract

Like other segments of the population, elderly people are also rapidly adopting the use of various mobile apps, and numerous apps are also being developed exclusively focusing on their specific needs. Mobile apps help the elderly to improve their daily lives and connectivity, and their caregivers or family members to monitor the loved ones’ well-being and health-related activities. While very useful, these apps also deal with a lot of sensitive private data such as healthcare reports, live location, and Personally Identifiable Information (PII) of the elderly and caregivers. While the privacy and security issues in mobile applications for the general population have been widely analyzed, there is limited work that focuses on elderly apps. We shed light on the privacy and security issues in mobile apps intended for elderly users, using a combination of dynamic and static analysis on 146 popular Android apps from Google Play Store. To better understand some of these apps, we also test their corresponding IoT devices. Our analysis uncovers numerous security and privacy issues, leading to the leakage of private information and allowing adversaries to access user data. We find that 95/146 apps fail to adequately preserve the security and privacy of their users in one or more ways; specifically, 15 apps allow full account takeover, and 9 apps have an improper input validation check, where some of them allow an attacker to dump the database containing elderly and caregivers’ sensitive information. We hope our study will raise awareness about the security and privacy risks introduced by these apps, and direct the attention of developers to strengthen their defensive measures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The term “vulnerable user” means a person “at-risk” due to his/her particular circumstances, and not to be confused with an app having a security “vulnerability”.

  2. 2.

    The keywords include: “elderly”, “old”, “senior”, “dementia”, “Alzheimer’s”, “retirement”, “senior dating”, “pension”, “seniority”, “caregiver”, “memory”, “maturity”, “retiree”, “Electronic Visit Verification”, “EVV”, “senior health”, “memory games”.

  3. 3.

    https://portswigger.net/burp/releases/professional-community-2021-12-1.

  4. 4.

    https://github.com/graphql/graphiql.

  5. 5.

    https://github.com/pkumza/LibRadar/blob/master/docs/QuickStart.md.

  6. 6.

    http://opensecurity.in/mobilesecurity-framework/.

  7. 7.

    A domain is considered to be a third-party domain if an app from a developer connects to it to enable third-party functions. Thus, the domain certificate owner is not the same as the developer of the app.

  8. 8.

    Enables communication between multiple apps of the same developer. Only granted if the requesting app is signed with the same certificate.

References

  1. Arghire, I.: Thousands of mobile apps leak data from firebase databases (2018). https://www.securityweek.com/thousands-mobile-apps-leak-data-firebase-databases

  2. Bengfort, J.: Senior care and mobility: why smartphones and tablets make sense. (2019). https://healthtechmagazine.net/article/2019/11/senior-care-and-mobility-why-smartphones-and-tablets-make-sense

  3. Choi, H., Kim, Y.: Large-scale analysis of remote code injection attacks in Android apps. Secur. Commun. Netw. 2018, 1–17 (2018). https://doi.org/10.1155/2018/2489214

  4. CNBC.com: Here’s how online scammers prey on older Americans, and what they should know to fight back, November 2019. https://www.cnbc.com/2019/11/23/new-research-pinpoints-how-elderly-people-are-targeted-in-online-scams.html

  5. Columbus, L.: Roundup of internet of things forecasts (2017). https://www.forbes.com/sites/louiscolumbus/2017/12/10/2017-roundup-of-internet-of-things-forecasts/?sh=4f00f1d11480

  6. CVE.mitre.org: Cve-2022-30083, May 2022. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30083

  7. Davidson, J., Schimmele, C.: Evolving internet use among Canadian seniors. statistics Canada research paper series (2019). https://www150.statcan.gc.ca/n1/pub/11f0019m/11f0019m2019015-eng.htm

  8. Easylist.to: Easylist (2022). https://easylist.to/

  9. Frik, A., Nurgalieva, L., Bernd, J., Lee, J.S., Schaub, F., Egelman, S.: Privacy and security threat models and mitigation strategies of older adults. In: Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security, SOUPS 2019, pp. 21–40. USENIX Association, USA (2019)

    Google Scholar 

  10. Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30921-2_17

    Chapter  Google Scholar 

  11. Github.com: graphiql, January 2022. https://github.com/graphql/graphiql

  12. Hoyt, J.: Senior citizen apps (2020). https://www.seniorliving.org/cell-phone/apps/

  13. Huckvale, K., Prieto, J.T., Tilney, M., Benghozi, P.J., Car, J.: Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment. BMC Med. 13(1), 1–13 (2015)

    Article  Google Scholar 

  14. Jindal, A., Madden, S.: Graphiql: a graph intuitive query language for relational databases. In: 2014 IEEE International Conference on Big Data (Big Data), pp. 441–450. IEEE (2014)

    Google Scholar 

  15. Kakulla, B.N.: Older adults keep pace on tech usage. AARP Research (2020). https://www.aarp.org/research/topics/technology/info-2019/2020-technology-trends-older-americans.html

  16. Maaß, W.: The Elderly and the internet: how senior citizens deal with online privacy. In: Trepte, S., Reinecke, L. (eds.) Privacy Online, pp. 235–249. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-21521-6_17

  17. Medium.com: Exploiting apps vulnerable to janus (cve-2017–13156), 26 March 2021. https://medium.com/mobis3c/exploiting-apps-vulnerable-to-janus-cve-2017-13156-8d52c983b4e0

  18. Morrison, B., Coventry, L., Briggs, P.: How do older adults feel about engaging with cyber-security? Hum. Behav. Emerg. Technol. 3(5), 1033–1049 (2021)

    Article  Google Scholar 

  19. Muscat, I.: What are injection attacks, April 2019. https://www.acunetix.com/blog/articles/injection-attacks

  20. Oliveira, D., et al.: Dissecting spear phishing emails for older vs young adults: on the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In: Proceedings of the 2017 Chi Conference on Human Factors in Computing Systems, pp. 6412–6424 (2017)

    Google Scholar 

  21. Razaghpanah, A., et al.: Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem. In: The 25th Annual Network and Distributed System Security Symposium (NDSS 2018) (2018)

    Google Scholar 

  22. Ren, J., Lindorfer, M., Dubois, D.J., Rao, A., Choffnes, D., Vallina-Rodriguez, N., et al.: Bug fixes, improvements,... and privacy leaks. In: The 25th Annual Network and Distributed System Security Symposium (NDSS 2018) (2018)

    Google Scholar 

  23. Sahni, S.: Firebase scanner, 28 February 2018. https://github.com/shivsahni/FireBaseScanner

  24. Shirke, K.: Mobile security framework (mobsf) static analysis, January 2019. https://medium.com/@kshitishirke/mobile-security-framework-mobsf-static-analysis-df22fcdae46e

  25. Slane, A., Pedersen, I., Hung, P.C.K.: Involving seniors in developing privacy best practices: towards the development of social support technologies for seniors. in: office of the privacy commissioner of Canada (2020). https://www.priv.gc.ca/en/opc-actions-and-decisions/research/funding-for-privacy-research-and-knowledge-translation/completed-contributions-program-projects/2019-2020/p_2019-20_03/

  26. XDA-developers.com: android permissions & security explained. https://forum.xda-developers.com/t/android-permissions-security-explained.2312066/

Download references

Acknowledgements

This work was partly supported by a grant from the Office of the Privacy Commissioner of Canada (OPC) Contributions Program.

Author information

Authors and Affiliations

  1. Concordia University, Montreal, QC, Canada

    Pranay Kapoor, Rohan Pagey, Mohammad Mannan & Amr Youssef

Authors
  1. Pranay Kapoor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rohan Pagey
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad Mannan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amr Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pranay Kapoor .

Editor information

Editors and Affiliations

  1. University of Kansas, Lawrence, KS, USA

    Fengjun Li

  2. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  3. The Ohio State University, Columbus, OH, USA

    Zhiqiang Lin

  4. Norwegian University of Science and Tech, Gjøvik, Norway

    Sokratis K. Katsikas

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kapoor, P., Pagey, R., Mannan, M., Youssef, A. (2023). Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly. In: Li, F., Liang, K., Lin, Z., Katsikas, S.K. (eds) Security and Privacy in Communication Networks. SecureComm 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 462. Springer, Cham. https://doi.org/10.1007/978-3-031-25538-0_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25538-0_35

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25537-3

  • Online ISBN: 978-3-031-25538-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation