Get More from the Cloud: Health apps

With over 350,000 health apps available in major app stores, tracking fitness activity and logging health data has never been easier.

According to a Pew Research Center study, 62% of smartphone users have used their devices to gather health-related information, while only 57% of users have utilized their devices for online banking and 42% for job searching.

In 2020, over 87 million people in the U.S. used a health or fitness app, while  over 60% of Chinese and Indian mobile device users also use health apps.,

 

Data Collected by Health Apps

A lot more mobile device users have pre-installed health apps like Apple Health or Samsung Health, which is collecting data unknown to the user.

If a mobile user owns a fitness watch or bracelet, the data will be synchronized with health apps and allow for extensive activity reporting. The devices are often recording the data autonomously, without user intervention.

Thus, providing investigators with valuable evidence.

 

Health Data Helping Solve Crimes

Oftentimes, data from fitness trackers and fitness apps provide authorities and digital forensic investigators with valid evidence, in turn, helping solve crimes.

Extracted health data has the potential to determine whether the suspect is lying or a crime scene was staged.

Cases Solved with Health App Data

Collecting Life Insurance

UK

In the UK in 2018, a man murdered his wife and attempted to make it look like a burglary, in an attempt to collect his wife’s life insurance. The automatically recorded data in the health app helped solve the case: it recorded frantic activity on the man’s phone as he was trying to stage the burglary, whereas the phone of his wife recorded only the 14 steps taken after her death.

 

Missing Piece

Germany

A health app recorded, and documented in 2018, “climbing stairs” during a missing chunk of surveillance video as the criminal dragged his victim down the river embankment, and then climbed back up.

Mob Hitman

UK

Additionally, data from fitness trackers can prove important as well. In 2019, data from a fitness tracker led to the conviction of a mob hitman in the UK. At the same time, smart wearables can also provide their owners with an alibi.

Investigators should be aware that much of this data is recorded without the suspect or victim’s knowledge.

Besides, data from health apps can often aid the investigation by restoring behavioral habits and daily routines, including physical and sleeping activity, and dietary habits (when logged). Using this type of information, and often the deviation from normal habits, an investigator can paint a picture of what might have occurred.

Most of the health apps and fitness trackers automatically synchronize with the Cloud,  helping aid in the investigation.

 

Health App Forensics

Health Apps Supported in Oxygen Forensic® Cloud Extractor

Over 100 cloud services are supported in Oxygen Forensic® Cloud Extractor, making Oxygen Forensics an industry leader when it comes to cloud forensics.

Six Health & Fitness cloud services are supported in Oxygen Forensic® Cloud Extractor.

 

Health Apps Supported in Oxygen Forensic® Cloud Extractor:

 

To filter the list of all available cloud services by Health apps, click on the heart icon below the list of all supported cloud services.

Credentials from every service can be entered manually or imported from an extraction’s Accounts and passwords page in Oxygen Forensic® Detective.

The investigator can manually uncheck the cloud services of no interest. Click “Next” to overview the full list of services and fill in credentials to extract data from missing cloud services. Click “Next” once again and wait until the verification completes.

As soon as the verification has been completed, the data will be extracted.

 

Apple Health

Apple Health is the health informatics mobile app included with iPhones and iPod Touch that run iOS8 or later, and the Apple Watch starting with watch OS 1. It gathers health data from iPhone, and Apple Watch. All this data is synchronized with the cloud.

What do I need to extract data?

Apple login credentials are required for successful data extraction. Investigators can either import them from an existing extraction or enter them manually.

Authorizing via token is also supported. However, please note that every token has a limited lifespan and might not be valid after some time. If the 2FA is on, investigators can pass it by entering a code sent to a trusted device or generated on it.

Investigators can also log in via OxyAgent installed on the device in order to bypass the 2FA.

What will be extracted?

    • General account information
    • Data sources
    • Connected devices
    • Activity
    • Nutrition
    • Mindfulness
    • Sleep
    • Body measurements
    • Heart data
    • Reproductive health
    • Clinical documents (blood glucose, alcohol consumption, VO max, etc.)
    • General information
    • Workouts overview

 

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Samsung Health

This application is installed by default on Samsung smartphones but is not limited to them as it is available to Android and Apple users.

Samsung Health is a free application developed by Samsung that serves to track various aspects of daily life contributing to well-being such as physical activity, diet, and sleep. There is more data automatically recorded when paired with the Galaxy watch.

What do I need to extract data?

User credentials or a token are required for successful data extraction. Investigators can either import them from an existing extraction or enter them manually. If the 2FA is on, investigators will be asked to pass it in order to access the data.

What will be extracted?

Once the credentials or token is verified, the following data can be extracted from the cloud:

    • User account information
    • List of data sources
    • List of workouts
    • Workouts geodata
    • Pictures of workouts
    • Nutrition
    • Meals with photos
    • Water consumption
    • Caffeine consumption
    • Health information
    • Sleep
    • Steps
    • Pulse
    • VO2 max
    • Stress level
    • Glucose and insulin
    • Blood pressure
    • Body measurements

 

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Google Fit

Google Fit is a health-tracking platform developed by Google for the Android operating system, Wear OS and Apple iOS. It is a single set of APIs that blends data from multiple apps and devices.

What do I need to extract data?

User credentials or a token are required for successful data extraction. Investigators can either import them from an existing extraction or enter them manually. If the 2FA is on, investigators will be asked to pass it in order to access the data.

What will be extracted?

Once logged in the cloud, the following can be extracted.

    • User account information
    • Devices
    • Sessions
    • Health information
    • Steps
    • Blood pressure
    • Heartbeat
    • Body measurements
    • Nutrition
    • Activity log

 

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Fitbit

The Fitbit app is designed mostly for users of Fitbit wearables. When used without a wearable, it automatically tracks the number of steps, distance, and the calories burned. All other data, including workouts, weight, and nutrition must be manually logged. The app also provides its users access to Fitbit Community, thus being a fitness social network as well.

What do I need to extract data?

User credentials or a token are required for successful data extraction. Investigators can either import them from an existing extraction or enter them manually. There is no 2FA.

What will be extracted?

Once the credentials or token is verified, the following data can be extracted from the cloud:

    • User account information
    • List of connected devices
    • List of friends
    • Workouts
    • Workouts geodata
    • Health information
    • Sleep
    • Steps
    • Floors
    • Pulse
    • Incoming messages from other Fitbit users
    • Community data
    • Last 50 notifications
    • Groups
    • User’s posts
    • Comments to user’s posts

 

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Mi Fit

Mi Fit is an app that pairs with the fitness trackers from the Xiaomi Mi Band series. Mi Fit can track exercises as well as analyze sleep and activity data, displaying calories burned, steps walked, and heart rate.

The app has over 100 million installs on Google Play and is included in the top 10 most used health and fitness apps in France and Germany.

What do I need to extract data?

Investigators can get authorization in Mi Fit cloud with the user’s Mi Fit, Google, Facebook, or Mi account credentials.

Another way to authorization is to use a token from an iOS or Android device, or the one that was generated when logging in with their credentials. Proxy extraction is supported for Mi Fit cloud.

It is possible to import the Mi Fit credentials or a token from the Accounts and Passwords section of an examined device that has been used to log into Mi Fit. When authorizing by token, note that the token is only valid till a new authorization in Mi Fit occurs.

What will be extracted?  

Once authorized in the cloud, Oxygen Forensic® Cloud Extractor proceeds to acquire data from it. The process may take some time, depending on the volume of available data.

Investigators can get access to the following information from the Mi Fit cloud:

    • Data about the account owner
    • Linked and family accounts
    • Contacts
    • Goals
    • Alarms
    • Reminders
    • Connected devices
    • Behavior tags
    • Menstrual cycles
    • Body measurements
    • Chats
    • Workouts
    • Mi Fit Band Data

 

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Runkeeper

Runkeeper is a GPS fitness-tracking app launched in 2008, and used by over 50 million people worldwide. Runkeeper tracks fitness activities such as walking, running, and cycling using the device’s GPS sensor.

Users can set goals for themselves, track their progress, overview taken routes, and see key data about their activity, like distance, speed, calories burnt, and time it took to complete the workout.

What do I need to extract data?

To get access to the cloud, investigators need one of the following:

    • Username and password
    • Username and Google password
    • Token formed by authorization via username and password
    • Token from an iOS device
    • Token from an Android device

Please note that credentials and tokens may be imported into Oxygen Forensic® Cloud Extractor from the “Accounts and passwords” sections of an analyzed device that was previously used to access the Runkeeper app.

What will be extracted?

As soon as credentials are checked and verified, the data extraction process begins. When it is completed, the data that was extracted from the cloud can be reviewed from Oxygen Forensic® Detective.

With our solution, investigators can get access to the following information:

    • General account information
    • Runkeeper challenges
    • Contacts
    • User’s shoes
    • Events
    • Routes
    • Workouts

 

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Conclusion

Health apps can provide evidence to law enforcement and help aid in solving a case. This is the reason why Oxygen Forensics continues to work on new features in our solution, making sure we provide investigators with the most innovative tools to help make the world a safer place.

Interested in trying this feature? Contact us  for a free trial.

Leave a Reply

Your email address will not be published.