Privacy, Security and Usability for IoT-enabled Weight Loss Apps

s—Obesity is considered as the main health issue worldwide. The obesity rate within Saudi’s citizens is rising alarmingly. The Internet of Things (IoT)-enabled mobile apps can assist obese Saudi users in losing weight via collecting sensitive personal information and then providing accurate and personalized weight loss advice. These data can be collected using embedded IoT devices in a smartphone. However, these IoTenabled apps should be usable and able to provide data security and user privacy protection. This paper aims to continue our usability study for two Arabic weight loss IoT-enabled apps by performing a qualitative analysis for them. It discusses users’ and health professionals’ feedbacks, concerns and suggestions. Based on the analysis, a comprehensive usability guideline for developing a new Arabic weight loss IoT-enabled app for obese Saudi users is provided. Keywords—Internet of things; obesity; usability; data security;


I. INTRODUCTION
Obesity can be defined as an act that stores additional energy within a human body in the form of fat [1]. A recent study states that around 13% of the world population suffers from obesity, and almost 40% of the world population is considered to be overweight [2]. Like other countries, the Kingdom of Saudi Arabia also suffers from the obesity threat as more than 35% of Saudi citizens are experiencing this issue [3]. Obesity is proved to be the main factor for causing several health issues and increasing the chances of diabetes, hypertension and other diseases [4]. However, the researcher states that performing physical activities and improving eating behaviour can help to overcome obesity. Mobile apps, particularly, weight loss IoT-enabled apps, can have unique features that motivate obese users to change their lifestyle and lose weight [5]. Nevertheless, the IoT-enabled apps should be usable, considering the social and cultural norms of the targeted users and providing security and privacy for users' data. It is important to mention here that the third-highest mobile phone usage rate worldwide is found in Saudi Arabia [6] at almost 75% [7]. Therefore, developing an advanced Arabic weight loss IoT-enabled app contributing to treat and stop obesity among Saudi citizens is seen as important. To do that, we identified the most important features which can motivate users to be active to overcome obesity [8]. Then, we identified the expected usability attributes within mobile IoTenabled apps [9]. Lastly, a usability testing for two Arabic weight loss apps (Twazon and Aded Surat) which are used by obese Saudi users was conducted with 26 users to detriment their level of usability which was low based on the quantitative results [10,11]. This paper continues our usability testing by conduction a qualitative analysis to investigate the low level of usability for both apps. It also discusses the feedback, concerns and suggestions made by participants and health professionals. It then concludes with a usability guideline that will be used for developing an IoT-enabled app for obese Saudis in future.

II. METHODOLOGY
Based on the feedback, the quantitative analysis is divided into eight sections. Screenshots and users' and health professionals' quotations are used to explaining the various kinds of function, content and visual designs in both apps.

A. Data Privacy and Security in IoT-enabled Apps
Mobile apps collect privet and sensitive information about users, for example, name, email, gender, age and weight. Such information for persons or even for the device is considered as personal data as it can identify persons or their natural [12,13]. Providing security and privacy for users and mobiles are very crucial to ensure the confidentiality for the information [14,15]. The majority of users within the usability testing had concerns regarding the privacy and security of their data. It is stated that the apps considered in this study did not specify how they will provide privacy and security protection for users' data. A participant said, "Before I start using the IoTenabled apps, how can I be sure that my personal information is secured." Also, another user stated, "The IoT-enabled apps didn't have any kind of information regarding the implemented security procedures to protect my data. Other apps mention such information to their users, for example, WhatsApp." Moreover, Twazon's users stated that the IoTwww.ijacsa.thesai.org enabled app asks them to provide their data, such as gender and weight without explaining to them the purpose of collecting such data. A participant said, "When I was creating an account, the IoT-enabled app asked me for some sensitive personal information, for example, my age and weight, but it doesn't inform me why they need to collect such information." Also, it was criticized that the apps considered in this study do not provide their privacy policy within the app and Twazon app does not have a privacy policy at all such as the trust values metrics [16,17]. Aded Suart's privacy policy indicates that they have the right to share users' personal information with a third party which several users disliked. One of the users stated, "I'll not use the IoT-enabled app as it might share my personal information with other parties." Based on these concerns, several users decided that they will not use either IoT-enabled apps in the future as it is can easily remote monitoring and not enough keep the information privacy [18,19].

B. Sign Up
Several users reported being confused when they started using Twazon as the choice between "new user", and "signin" was unclear to them as it is shown in Fig. 1. Six users selected the top option when asked to create a new account, and then they realize that they selected the wrong option. They recommended that both options should have the same visibility and the option for "new user" should be above the "sign-in" option. It said, "The new user option should be the first option as the majority of other apps that I use." Five users clicked on the wrong button when they were trying to confirm their selection on the option of the circumference of their waist and physical activity status. The reason this occurred is the difference in location and icons for the confirmation function in comparison to the other options.
On the one hand, when users want to confirm their gender, date of birth, weight and height, they select the "", which is located on the top left corner of the screen " Fig. 2 left". However, when users want to confirm the circumference of their waist and their physical activity status, they select the word "Add" which is located on the top right corner of the screen " Fig. 2 right".
However, Aded Suart's users were happy with the overall registration process, its functions and screens design which is presented in Fig. 3. The majority of them liked the feature of signing in to the app via a social media account and they recommended to add other social media platforms to sign with, for example, Twitter, Instagram and Snapchat. A participant said, "I liked the idea of signing in with my Facebook's account." A few users stated that typing the information such as weight and age in Aded Surat app " Fig. 4 left" is much better than the picker function in Twazon app " Fig. 4 right". It said, "I prefer it in this way with Aded Surat. It is much better. I don't need to select my weight and age from the picker and then confirm my selection." Another user said, "It is much easier than Twazon app. I just type my age, and that's it."

C. The Diet
Both apps aim to help users to plan their daily meals and recommend they have four meals in a day, which are breakfast, lunch, dinner and snack. All Twazon's users through the usability testing succeed to locate the "add food" option and selected to start to plan the breakfast meal " Fig. 5 left". Then, the food selection options screen appeared, and it was empty as users need to type which kind of food they want to add in their meal " Fig. 5 right". It was confusing for three users, and they thought there is something wrong with the app, and they gave up for completing the task. It said, "I chose the breakfast meal, but I couldn't add any kind of food on it. The screen was empty." Another user said, "I think the app needs to have an update. There was food in the food selection option. It's weird."   (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 11, No. 4, 2020 260 | P a g e www.ijacsa.thesai.org Moreover, all Aded Suart's users through the usability testing successfully located the "add food" option and selected to start planing the dinner meal " Fig. 6 left". Then, the food selection options screen appeared. This screen has 35 food categories, with a variety of different kinds of food in each category " Fig. 6 right". Users were asked to add "two chicken shawarma with normal bread." Nine users could not locate the requested dish and, after trying, they ended up adding a wrong dish or giving up the task. This is because the food category names were misleading, and there was a vast selection of food. It said, "I spent a long time searching for the chicken shawarma. There are too many kinds of food, and I don't think chicken shawarma is one of them." Also, another user said, "I chose the sandwiches category, and it wasn't there. It's a sandwich, and it should be there.

D. Self-Assessment
Only Twazon app includes a self-assessment feature that allows users to assess themselves regarding their progress. The assessment has eight main sections, which are cereals and bread, milk and dairy products, meat and legumes, fruits, sugar, oils, vegetables and physical activity and each section has related questions with a total of 17 questions " Fig. 7". The assessment is presented as a palm tree, and when users' answers meet the recommended level, the leaves of the tree change to green. All users liked the self-assessment feature, but the design of the screen as well as not including water intake within the assessment was criticized. It said, "For me, it doesn't look like I'm assessing myself. Maybe if they use more professional shapes as graphs, I'll take it seriously." Another user said, "The assessment doesn't ask me about my water consumption. Drinking plenty of water is important, especially in such hot weather."

E. Physical Activities
Both apps aim to encourage users to burn a specific number of calories by providing a variety of exercises which users can choose from. Twazon's users criticized the fact that the app does not provide any kind of information regarding the exercise, such as a description of it or the correct way it should be performed " Fig. 8". It said, "There are some exercises that are new for me, and when I chose one of them, it just asked me to select how many times I want to do it. How I can perform it without knowing what it is?" Also, it said, "Each kind of exercise available in the app should come with information that explains the benefit of doing it and also I'd like to have a video that shows me how to do it." However, Aded Surat's users criticized the fact that there are too many kinds of running exercises that have similar names and the pictures for the classification of exercises are misleading " Fig. 9". Based on this, 14 users were not able to add the requested exercise that is "Running with the slowest speed". It said, "I found more than 10 running exercises, and I'm not sure which one is the correct one among them." Another user reported, "When the groups of exercises screen appeared, I saw a picture of a man running on the treadmill machine, and therefore I thought the running exercise would be in this group, but I couldn't find it."

F. Self-Monitoring, Tracking and Feedback using IoTenabled Apps
The considered apps aim to help users to monitor and track their daily usage. They do this by asking the user to selfmonitor their daily intake of energy, for example, food (kCal), drinks and water consumption (in), the number of burned calories by physical exercise (out) and weight-progress www.ijacsa.thesai.org tracking as it is shown in Fig. 10. However, the way of presenting these kinds of information is different in the two apps. The majority of participants appreciated the four circles that help users to monitor and track their usage of the app. However, one user complained that the circles were small and hard to read. A participant said, "I loved the circle's idea. It is an easy way to track myself. But I found it by the end of the day hard to read as all of the circles are full of information and no option allows me to see each circle individually in a bigger size." However, a few users complained that the app does not allow them to retrieve their previous day's usage of the app. It said, "I wasn't able to retrieve what I did yesterday. I want to have this feature so I can track my progress over time." However, Aded Surat saves users' daily usage of the app and allows them to retrieve all previous activities. From the homepage screen, users can change the date to retrieve a specific day's usage " Fig. 11 left". The majority of users liked the ability to retrieve the previous day's usage information. It said, "It is good that I can see a summary of my previous workouts and diet." In addition, users can also update their weight by from the "Progress" screen which can be reached by clicking on the "Weight" option from the homepage. The screen has a line chart with its horizontal x-axis represented by weight and its vertical y-axis by day. The screen also shows the previous weight, the user's current Body Mass Index (BMI), how many kilograms have been lost and allows users to share their weight loss progress through Facebook and Twitter " Fig. 11 right". The majority of users liked the aspect and the design of the screen. A participant stated, "It is important to have such a feature; I think Twazon doesn't have such one."

G. Icons
Commonly used icons in mobile apps are easily and quickly recognized by users. Weight loss apps should use icons which explain what an icon does so the user can avoid taking a long time thinking before clicking. For example, when users were asked to add an exercise in Twazon. They did not spend much time trying to figure out which icon should they click on as the "plus" icon for positive reply. Similarly, when they were asked to update their weight, they clicked on the "settings" icon as it refers to edit or update. However, several users found the five icons on the tab bar within the homepage are confusing as they do not refer clearly to what they lead to or do " Fig. 12". A user said, "I found a smiley face icon, and every time I clicked on it, nothing happened. Then I realized that it is the option to back to the homepage screen."

H. Language
Interacting with an app's users in language that they understand is one of the main factors which affects its success. In addition to this, the usage of simple language plays an important role in helping users to understand and get the maximum benefits from weight loss apps. Some users criticized both apps' language and highlighted several issues. One of these issues is the use of English. For example, Twazon shows the date of birth in the English language when users create a new profile and Aded Surat uses English to indicate the date. A participant reported, "Everything in the www.ijacsa.thesai.org registration process was written in the Arabic language except for the date of birth. I can't read English, and I thought there was something wrong with the app, so I kept clicking on the date of birth option until I gave up and chose a random month." Moreover, two users did not understand what was meant by the "Daily" option in Aded Surat, which led to them giving up doing one of the tasks.

III. LIMITATIONS
The current study has some limitations. It is address only two Arabic weight loss IoT-enabled apps. This is due to the lack of the availability for such Arabic apps. Beside this, this study does not analysis any non-Arabic weight loss IoTenabled apps. This is because of the language barrier for the participants within the study.

IV. DISCUSSION AND RECOMMENDATION
Based on the results of the usability testing and users' feedback, it is believed that the tested weight loss IoT-enabled apps and future one can be improved in the following ways:  Start the order of the options/buttons within the first screen by "new user", mandatory and optional fields to complete during the sign-up process, ask users to provide less information to make the signing up easier and faster, avoid asking users to retype information, such as password and allow users to sign in by using their social media accounts, for example, Twitter, Facebook and Instagram.
 Avoid having too many options and selections within the homepage.
 Explain to users how the IoT-enabled app determines the recommended daily calories and water intake, the ideal weight and BMI value by providing equations used.
 Allow users to set up a goal to lose either 0.5 or 1 kilogram per week and provide users with the duration (in days or weeks) to reach their ideal weight based on the goal they set up to lose.
 Allow users to plan six meals in a day, which are breakfast, morning snack, lunch, afternoon snack, dinner and bedtime snack, indicate the total number of calories for each meal and provide users with the recommended time for each meal.
 Divide the foods items based on their groups, such as vegetables, fruits, milk, grains, protein and oil, determine the food portions for each meal from each group of food and prevent users from exceeding the determined food portion from food groups and the total number of calories for each meal.
 Provide a variety of Saudi Arabian food varieties, allow users to suggest new food items to be added in the IoTenabled app and avoid providing users with unhealthy food items and drinks.
 Use more common traditional measurement units such as spoons, cups or hands instead of grams to make it easier for users to determine the quantity of food ingredients and use the common sizes of water bottles, for example, '350ml' and '600ml' as a serving size for reporting water intake.
 Provide a weekly self-assessment for users to assess their progress, send a notification to users to remind them about the self-assessment and address the selfassessment results by sending notification that contain customized advices contains customized advice to users who results do not meet the suggested level.
 Provide users with a written instruction or a video that show them the correct way to do an exercise, state the benefit from each kind of exercises, suggest different workout plans, motivate users to walk daily, count steps for the daily walking, allow users to adjust the daily walking goal and allow them to convert the number of walking steps to meter or kilometer.
 Do not group all the tracking information in one screen, allow users to monitor and track their weight loss progress by providing a line chart that shows their weight loss over time, provide users with a daily summary for their usage and save users daily usage and allow them to retrieve previous usage information.
 Provide users with a built-in chat feature, design the chat's screens like the one in the popular messaging apps, for example, WhatsApp or Facebook Messengers, allow users to share their weight loss development via social media platforms, for example, Facebook and Twitter and enable users to have a one-to-one conversation with a qualified physical activity professionals and dieticians via the IoT-enabled app.
 Allow users to set up a reminder, allow users to specify ringtones, give users the flexibility to determine the repetition pattern and design reminder's screens similar to the one included in the mobile phone.
 Provide an option that helps users to understand and read labels on food products, provide a portion control guide to help users determining food serving size, provide users with an educational tool that shows users' example how to improve nutritionally poor meals and send the daily notification that includes general health advice.
 Avoid advertisement within IoT-enabled apps, but if IoT-enabled apps have an advertisement, avoid providing clickable advertisement boxes navigating users to websites.
 Avoid using only one colour or too many colours, instead use traditional colours scheme, allow users to customise it and provide users with several themes.
 Use common icons that users can identify easily and if uncommon icons are used, provide an information screen explaining what each icon refers to and does.
 Use only simple Arabic language that easily can be understood by users, avoid using jargon and present www.ijacsa.thesai.org Arabic text from the right to the left-hand side of a screen.
 Avoid using small font size and complex font type.
 Avoid using small size buttons and give enough amount of space between buttons.
 Provide a detailed privacy policy outlining the purposes behind the data collected in a simple Arabic language.
 Inform users with the security procedure that are implemented in order to protect their personal data.