At the National Conference on Cibersecurity Research (JNIC 2025) held in Zaragoza at the beginning of June, Alejandro Pérez de la Fuente, researcher of the IngPriv Group of the School of Computer Engineering of the University of Valladolid, presented the paper titled:
Is Health Connect the best guarantee of Security and Privacy for health data? focused on the analysis of Health Connect, the new Android 14 solution for health data management.
The paper proposes an analysis methodology structured in two complementary phases that allow to evaluate the real impact of Health Connect on the security and privacy of personal information.
🔹 First phase:
The technical functionalities of Health Connect within the Android 14 ecosystem are studied in depth. Storage, encryption and permissions management mechanisms are analysed, with a particular focus on how access to sensitive health data is protected.
🔹 Second phase:
A systematic evaluation guided by regulatory and technical security and privacy requirements is performed, comparing the results of Health Connect with previous solutions, such as Google Fit and the Android Sensors API.
In terms of the results presented by Alejandro, the study reveals that Health Connect introduces significant advances in the protection of health data, especially in key aspects such as confidentiality, integrity and availability of information. In addition, important improvements have been detected in terms of privacy, although there are still aspects that require greater transparency, such as the lack of clarity in the technical documentation of Health Connect, especially with regard to encryption. This lack of transparency could negatively affect the trust of users and developers.