1. Introduction
Around 77% of the global elderly population, aged 65 and above, suffer from chronic diseases like stroke, hypertension, asthma, diabetes, and cognitive impairment [
1]. In the United States, 95% of individuals over 60 years old suffer from at least one chronic illness, while 80% grapple with multiple conditions [
2]. Even the elderly population in Sub-Saharan Africa (SSA), comprising 3.06% of the overall population [
3,
4], is vulnerable to health-related issues. At the same time, the provision of basic, high-quality, and affordable healthcare has posed a universal dilemma. The growing elderly population significantly impacts their societies and families [
5,
6], and inadequately staffed healthcare facilities pose challenges in accommodating all patients [
7].
The recent COVID-19 pandemic has accelerated the adoption of home-based care [
8,
9], prompting the integration of the Internet of Medical Things (IoMT) to support healthcare stakeholders both within and outside healthcare settings. The progression of sensor technologies and mobile devices has accelerated the adoption of the IoMT [
10] with smartphones being integrated into the IoMT for telemedicine applications due to their affordability and sensor availability, enabling non-invasive vital parameters monitoring, communication, and healthy behavior encouragement.
However, the implementation of the IoMT faces challenges concerning the privacy and security of patient data [
9,
11,
12]. Generally, Internet of Things (IoT) systems cater to both technical and non-technical users [
13], but most end users, including elderly individuals, lack technological proficiency and are unlikely to implement security measures, making them susceptible to potential attacks [
14]. At the same time, the development of security protocols often fails to account for the health issues prevalent in older populations [
15,
16], but when it comes to authentication, elderly users have their authenticator preferences [
17].
Although smartphones are commonly utilized for authentication purposes, there is little empirical support regarding their effectiveness across various age demographics, including the elderly [
5]. Despite ongoing research on suitable authentication techniques [
1], there is a lack of extensive research on the practicality of authentication technologies for senior citizens and individuals with disabilities [
18]. Most previous research has either focused on device authentication [
19], security without usability and vice versa [
20,
21,
22], physiological authentication [
23], health monitoring and well-being only, and does not consider user age. As a result, there is essentially a dearth of research on IoMT user authentication that takes into account senior users’ capabilities. Since smartphones are widely used devices that people of all ages can use for communication and other purposes, they make good candidates for use in IoMT authentication. Therefore, research on smartphone-based user authentication mechanisms for the elderly is crucial.
This research aimed to improve usable security by developing and implementing an Android-based adaptive authentication system for elderly IoMT users.
The primary objectives were as follows:
- (i)
Develop a Naive Bayes Android-based adaptive authentication model for IoMT hardware and software that considers elderly users’ medical conditions and risk scores for suitable authenticators;
- (ii)
Assess the effectiveness of the proposed model in authenticating elderly users.
The selection of an Android device was predicated on its widespread availability in the SSA region, with a substantial market share of 83.6%, in stark contrast to Apple’s 14.35% [
24]. Our proposed work is novel in that it leverages users’ existing technology to authenticate them, taking into account their age, medical condition, risk score, and available authenticators to ascertain the level of difficulty of their authentication procedure based on their updated trust score. Most previous works have yielded solutions that have not been practically tested. We anticipate that this research will lead to increased user authentication compliance, which will encourage the usage of the IoMT and, in turn, encourage the use of technology to help achieve Sustainable Development Goals (SDG3), which are to improve the health and well-being of all people, regardless of age. In contrast to behavior-based authentication, which primarily entails continual authentication that is difficult and expensive for elderly users, this effort concentrates on physiological-based authentication and initial login. This is because even though there exist hands-free, one-time, continuous authentication schemes [
25,
26,
27,
28,
29,
30,
31], they come with additional hardware and require more movements among the elderly, thereby increasing cost and inconvenience.
The rest of the paper is organized as follows:
Section 2 analyzes the various authenticators available and their strengths and weaknesses. Related work is discussed in
Section 3. The details of our proposed framework are discussed in
Section 4. The results and findings are presented in
Section 5. A discussion of results is presented in
Section 6. Finally,
Section 7 concludes and provides future work.
2. Analysis of Various Authenticators
Despite widespread recognition, there is a lack of proactive measures to address emerging threats on IoMT devices, hindering the implementation of effective mHealth applications. Around 60% of smartphone users do not use security measures, and mobile platforms often use explicit authentication [
32]. Elderly individuals with chronic conditions like arthritis, Parkinson’s, and osteoporosis face challenges in utilizing some authentication systems [
32], making them more susceptible to security breaches [
33]. Authentication is a critical component in maintaining network security [
34], acting as the first line of defense against potential attacks. Multi-factor authentication (MFA) combines knowledge-based, physiological, and behavioral candidate authenticators, requiring attackers to have to break another barrier if one factor is compromised [
35].
Figure 1 shows examples of factors used in MFA.
We now examine the appropriateness of the following authenticators for elderly users.
2.1. Knowledge-Based Authenticators
2.1.1. Personal Identification Number (PIN)
A PIN is an old, secure, maskable, and quick authentication method that uses a combination of four or six numbers [
36]. It is liked by the elderly [
17], can defeat shoulder surfing, but is easily forgotten, making it less suitable for the elderly.
2.1.2. Textual Password
This old authentication mechanism, which can contain special and alphanumeric symbols, is more resistant to brute-force attacks than PINs [
37]. However, elderly individuals often struggle with password input due to arthritis, early-stage dementia [
5], deteriorating vision [
38], frustration [
36], and lack of prior technology exposure [
39].
2.1.3. Graphical Password
Images, instead of alphanumeric characters, are utilized for memory stimulation and are easier to remember than text [
36], making them more accessible to elderly users.
2.1.4. Face Recognition
Faces serve as a verification system for senior citizens, allowing easier memory retention and selection from a set of saved faces.
2.1.5. Pattern Lock
Users draw recognizable patterns on a three-by-three grid, which is usable and less time-consuming than a PIN but may be frustrating for dexterity-deficient adults [
36] and susceptible to side-channel attacks. Fingertips can leave a distinctive trace on the screen.
2.1.6. Musipass
Musipass is easy to remember, allows users to choose their preferred music as their password [
39], but may not be suitable for elderly individuals with typing difficulties.
2.2. Biometric Authenticators
Biometrics identify living individuals by utilizing physiological attributes as well as behavioral traits for accurate individual authentication [
40]. Biometric traits are widely used as authenticators in mobile devices combining the “what you have” and “what you are” dimensions [
9]. Of late, most IoT devices are improving their sensorial abilities, enabling user data collection for authentication [
9], with success significantly influenced by user experience [
41].
2.2.1. Physiological-Based Biometric Authenticators
Machine vision and sensor-based techniques are used in human motion behavior feature extraction; the former is difficult and subject to environmental influences, while the latter is inexpensive and not affected by them [
42].
Fingerprint/Palm
Although older users prefer fingerprint authentication [
32], they are less likely to successfully authenticate using it. Off-the-shelf smart devices now offer scanner capture technology [
43], but factors like aging, moisture, gender, medical, and occupation can hinder its effectiveness [
41].
Ocular/Eye Scanner Scanning
The eye, through the iris or retina can be used for authentication. The scanner is costly and less common, and its authentication process may be impeded by factors like spectacles [
43], age, and environmental light intensity [
41].
Voice Recognition
Most devices come with built-in microphones that can be utilized for voice capture and authentication. The user’s state or age can significantly impact the outcome of voice capture, potentially leading to a denial of service. Despite being user-friendly, they are more susceptible to spoofing attacks than facial recognition systems [
43], so they must be combined with other authenticators to enhance security.
Facial Recognition
This camera-based technique compares a user’s image with the database but requires good lighting and is not suitable for low-cost wearable devices [
32]. Factors like glasses, facial expressions, age, poses, and lighting influence results [
41].
2.2.2. Behavior-Based Authentication
These models use machine learning (ML) to authenticate users by learning their previous access patterns. This authentication mechanism is beneficial for tracking user behavior over a specific period [
43] but requires time to observe, and algorithm design is complex. Older individuals’ use of behavior is difficult to capture due to their limited activities. Examples of authentication mechanisms are explained below.
Gait-Based Authentication
Modern mobile devices can effectively capture gait patterns for authentication [
44], but older adults face more challenges due to walking challenges [
1].
Heart Rate Biometric Identification
Heart rate signals are unique and consistent over time [
45], and while smartphones with integrated sensors offer heart rate biometric authentication, research on its use in elderly individuals is still limited.
2.3. Smartphones and Wearables
Wearables have gained popularity for their use in health monitoring and authentication. However, most health-related signal proposals are based on high-end medical equipment datasets that may not accurately represent widely available devices. Smartphones and tablets are popular portable devices in the IoT [
46], although they are not always considered essential components. They have the expected capabilities of the traditional IoT, and they interact with IoT devices.
2.4. Adaptive Authentication
Adaptive security is a self-monitoring security method that prevents network attacks by altering its behavior and controlling the conditions under observation [
34] reducing the monotonous selection of the same authentication factors and identifying risks more effectively than the one-size-fits-all approach [
47].
Risk-Based Authentication
This is an adaptive authentication method that calculates user activity risk using contextual and historical data, calculating the risk score in real time using specific rules [
48]. There has been a lot of research on adaptive authentication, but not much of it has produced real-world, workable solutions [
49].
2.5. Authentication and Authorization Attacks in the IoMT
Because health data are sensitive and IoT device environments are resource-constrained, authentication and authorization attacks in the Internet of Medical Things (IoMT) present serious security risks, particularly in smart-home applications [
50,
51,
52]. Although security protocol developments are encouraging, continuous research and adaptation to new threats are necessary due to the dynamic nature of the IoMT. As a result, numerous strategies continue to be explored to mitigate these risks. IoMT devices are vulnerable to denial-of-service and man-in-the-middle attacks, which could jeopardize patient data and device functionality [
53]. Physically Unclonable Functions (PUFs) are one type of authentication mechanism that can be cloned by ML-based modeling attacks, granting unauthorized access [
54], but by incorporating ML techniques into authentication and authorization procedures, the unique challenges presented by IoMT networks can be addressed and attack resistance can be increased [
55]. Biometric Authenticated Key Exchange (BAKE), one of the lightweight cryptographic protocols, improves security by offering mutual authentication and protecting against phishing attacks [
56]. At the same time, IEEE 802.1X and 802.11X are playing a significant role in improving wireless network security by providing strong authentication and access control mechanisms. The 802.1x standard addresses vulnerabilities in earlier standards by implementing a centralized authentication server, which helps mitigate denial-of-service attacks. On the other hand, 802.11x introduces two-way authentication to prevent man-in-the-middle attacks, significantly improving the security posture of wireless Local Area Networks (LANs) [
57]. Research is still ongoing to improve these standards, which are incorporated at the hardware level in our proposed work.
5. Results
Following their contact, the adaptive authentication app gathered information on users’ backgrounds, health issues, risk assessments, and authentication status. For each component of the adaptive authentication model, confusion matrices were among the metrics used in the analysis. The study focused on successful or failed authentication and used R Studio to analyze the data to find trends in the ease or difficulty of authentication among older participants using our proposed model. Since different devices were using the same operating system, performance tests at the device level were not carried out.
5.1. Confusion Matrix and Statistics for Overall Authorization
The confusion matrix and statistics for the whole authentication to authorization process are displayed in
Figure 5 where the confusion matrix, the Kappa Score, and Mcnemar’s test are shown in order.
As can be seen, the model accurately classified every instance in the dataset, with a 95% confidence interval indicating a 100% accuracy. The model’s low p-value suggested superior performance compared to the baseline, with a true accuracy of at least 98.44%. The No Information Rate indicated that an estimate about the most prevalent class could be accurate 51.06% of the time. When taken as a whole, these metrics offered strong proof that the model performed extremely well on the given data, correctly classifying each event with no mistakes. Other metrics used included balanced accuracy, prevalence, detection rate, positive predictive value (PPV), negative predictive value (NPV), specificity, and sensitivity. The specificity and sensitivity were both one, indicating that the model correctly detected true negatives and positives. Similar functionality in both groups was indicated by the dataset’s balanced accuracy of one, with equal prevalence, detection rate, and detection prevalence matching the real class distribution. Verifying the model’s performance using untested test data is essential to ensure that it generalizes well and does not overfit the training set.
Our model, which had an Area Under the ROC Curve (AUC) value of one, showed excellent discrimination ability between the positive and negative classes. For randomly chosen positive and negative instances, the model consistently gave positive occurrences a higher score than negative instances.
Figure 6 shows the ROC curve for authentication and authorization with the Area Under the Curve (AUC) of one with control = 0 and cases = 1.
The results of combining the AUC with additional performance indicators derived from
Figure 1 are shown in
Table 2.
The adaptive authentication model, with no false positives or negatives, accurately recognized all positive and negative classifications, predicting data distributions. The model accurately predicted the dataset’s class distributions and consistently ranked positive examples higher than negative ones, demonstrating a flawless AUC. However, since these results may indicate overfitting, we further performed cross-validation. Since perfect performance is uncommon, overfitting is the only explanation for these findings. Normalization and more thorough testing with a wider variety of datasets (real-world data) are needed to make sure the model performs well outside of a controlled environment. However, since there are not many studies that directly connect to our work, real-world deployment was carried out to acquire a dataset, which was evaluated. The results of the calculations for the False Positive Rate (FPR) and False Negative Rate (FNR) were zero for each. The FPR and FNR values of zero for the provided dataset supported the accuracy and reliability of the model.
5.2. Usability Evaluation
False acceptance and rejection rates were employed to gauge the model’s usability.
Table 3 shows the evaluation metrics also derived from
Figure 1.
The authentication paradigm exhibited high security and usability, with zero false acceptance and rejection rates, demonstrating its exceptional performance. The model’s authentication decisions were accurate and consistent, ensuring users’ authenticated state was accurately matched.
5.3. User Health Impact on Authentication
Our assessment of the effect of user health on authentication was aided by post-deployment evaluation, as the majority of users reported that the app considered their health. This had an impact on the selection of authenticators, as previously assumed. Our model accurately predicted 80% of the cases, with an overall accuracy of 80% as evidenced by its high recall and precision. The model’s high specificity suggested that it could recognize class 1 (negative cases) instances with accuracy.
Figure 7 shows the confusion matrix and statistics for health impact on authentication where (a) is the confusion matrix, (b) shows the Kappa test, and (c) shows Mcnemar’s test.
A further analysis and investigation may be necessary to identify the most significant predictor features and their impact on model performance. Cross-validation is also required to validate the model on independent datasets.
5.4. Train–Test Split and Cross-Validation
The model underwent further validation through train–test split and cross-validation, utilizing the confusion matrix and statistics results as shown in the tables.
Train–Test Split
Figure 8 shows the confusion matrix and statistics for the train–test split option and the L1, L2, and Elastic Net normalization where (a) is the confusion matrix, (b) is the Kappa test, and (c) is Mcnemar’s test.
The model successfully predicted every occurrence in the test set with excellent sensitivity and specificity, identifying both positive and negative events. The initial results were confirmed by the Kappa, precision, and negative predictive values, which showed that all forecasts for each class were accurate. The model effectively generalized to the test data, as indicated by the findings. With an accuracy of 98.59%, excellent sensitivity, specificity, and balanced accuracy, the model was operating remarkably well under the Lasso and Elastic Net normalization. The one misclassification was a minor and normal problem, but the model predicted outcomes quite well.
5.5. Cross Validation
To examine access performance metrics and the confusion matrix, the Random Forest classifier was employed for 10-fold cross-validation using 235 samples, 26 predictors, and two classes, “0” and “1”. The greatest number was utilized to determine the best model using accuracy, and mtry = 133 was the final value employed for the model. For an accurate representation of each class and to increase the model’s generalizability, a 10-fold cross-validation method with gender-based stratification was employed. To ensure reproducibility, a random seed was used and it was observed that accuracy and Kappa both considerably rose when mtry rose from 2 to 133 and finally 265, suggesting that for the particular dataset and model, choosing more variables at each split improved performance.
Figure 9 shows the performance metrics.
In both train–test split and cross-validation results, the model demonstrated excellent accuracy and Kappa, demonstrating its effective generalization to unknown data.
5.6. Distance Analysis
We performed a distance analysis to determine the effect of location on authentication. The study underscored the importance of location by calculating the distance a user, presumed to be constantly carrying their smartphone, would have traveled from a predetermined spot. This is shown in
Figure 10.
The linear regression analysis revealed a significant negative correlation between
Dist from epicenter and
authorized. The likelihood of obtaining authorization decreased as the distance from the epicenter increased. The relationship was statistically significant due to the significant variability in the authorized variable.
Figure 11 shows a graphical illustration of the distance analysis where trust ranking decreased with distance from a known location.
According to the results, our model could tolerate a certain radius from a known site, but when the radius was above a certain threshold, it caused suspicion, and it was clear that our model was user-friendly, especially for older users.
5.6.1. Effectiveness
The model’s effectiveness in predicting user access was assessed using a confusion matrix and related metrics. The success ratio was measured to ensure the model’s reliability and usability in real-world scenarios.
Figure 12 shows part of the success-ratio results derived from the total login attempts and the successful attempts.
The snapshot shows a success ratio between 0.4 and 0.8, with successful logins generally exceeding failed logins.
5.6.2. Efficiency
The efficiency of our model was assessed through the FRR and FAR measurements, both of which had zero values indicating efficient classification. The study analyzed various factors such as trust ranking, success rate, completion rate, average success ratio, overall completion rate, and average success ratio. The overall values are shown in
Table 4.
Although the ratios were acceptable, they were not high, which showed that our model’s efficiency needed to be raised. Other mechanisms that could be used to measure it include resource efficiency, risk vs. trust balance, model interpretability, scalability, performance, and the security–usability trade-off, cross-validation, and accuracy-related metrics that we utilized.
5.7. Usability Considerations
We used a post-deployment survey to ask users about their experiences with the app. We used the age category of fifty-one (51) years and older. Most respondents who were asked if the app considered their medical conditions indicated that it did, as seen in
Figure 13.
Most respondents concurred that the app took into account their medical issues. Regarding further usability measures, the responses were compiled as depicted in
Figure 14.
It is clear that most reviews were favorable to the app. On the frequency of issues with the app, users gave responses in
Table 5 below.
As evident, 66% of the respondents responded positively in support of the app.
Figure 15 summarizes user responses to a question about whether they would recommend the app to others.
6. Discussion
We implemented an adaptive user authentication model for IoMT users with a particular focus on improving usable security. The model, which was implemented on Android smartphones, demonstrated promising results in terms of accuracy, precision, recall, and overall performance. The model calculates the initial risk score by utilizing various features like user ID, device ID, network, location, and habits and performed stepwise authentication guided by the hardware of the device. The model demonstrated high accuracy in identifying authorized and unauthorized access attempts during cross-validation, indicating effective risk calculation. These ideal outcomes, however, could not always be practical and might point to possible problems like overfitting, particularly given that the evaluation was mostly focused on training data rather than a distinct test set. To ensure the model maintained its excellent performance in real-world scenarios, it was crucial to determine consistency in its performance on unobserved test data. The Kappa value of one indicated a perfect agreement between the model’s predictions and the actual values after adjusting for chance. The risk calculation mechanism accurately detected anomalies between legitimate and fraudulent access attempts, with a 1.0 sensitivity and specificity, ensuring no false positives or negatives. Combining the AUC with additional performance indicators showed that our model accurately recognized all positive and negative classifications, predicting data distributions. The results suggested that there may have been overfitting, which may necessitate cross-validation. Nevertheless, our accuracy of 98.5% after applying Lasso and Elastic Net normalization provided us with confidence that our model was resistant to overfitting. The authentication paradigm, which had zero false acceptance and rejection rates, exhibited high security and usability. Although these results are ideal, the model’s performance in real-world scenarios and against different user types is crucial for ensuring its robustness and generalizability.
The health impact accuracy rate was 80%, indicating accurate detection of positive situations with high recall and precision. We can infer that physical health conditions have an impact on the success of authenticators like a fingerprint or gait, while mental health conditions affect the success of knowledge-based authenticators that are recall-based, based on our analysis of authenticators and their suitability for elderly users. As a result, we used rule-based selection to allocate authenticators related to health conditions. Nevertheless, the impact of each health condition on the outcome of authentication was not examined in this experiment. Therefore, to strengthen our user authentication model, it is crucial to discover any particular risk factors associated with health issues that are correlated with lower trust ratings or greater failure rates. To ensure equitable treatment for older users with specific medical conditions and appropriate authentication mechanisms, the model was further tested for usability taking health conditions and distance from known locations into consideration. However, this is only applicable to specific smartphone’s hardware.
A further analysis and investigation may be necessary to identify the most significant predictor features and their impact on model performance. When evaluating using the train–test split, the model’s Kappa, precision, and NPV showed accurate forecasts for each class, indicating good generalization to test data. The study found a mix of high- and low-trust users, with a median trust value of 0.5, influenced by contextual factors. Health conditions, age, and location data in that case were significant predictors of trust score. In line with the logic of the model, which holds that a greater distance diminishes confidence, authorization was significantly negatively impacted by distance from the known location. To enhance the validity of the study, it is recommended to incorporate more predictors and examine multicollinearity and non-linear relationships. The confusion matrix demonstrated a 100% accuracy in training; nevertheless, the final authorization decision based on trust score and risk assessment might be improved, as indicated by the 80% cross-validation findings. The high Kappa value indicated a strong agreement between the predicted and actual classes. Average and overall success ratios validated [
32], who asserted that age and illness had a bearing on user authentication success amongst the elderly. Although our method employed risk scores to ascertain authentication challenges, each user’s experience with the process would vary based on factors such as the availability of usable authenticators on their particular device. This is a result of the model’s lack of device specificity and its base in the Android operating system, which works on a range of hardware. Risk-based authentication (RBA) allows our model to successfully comply with data privacy regulations such as GDPR and HIPAA since it protects user data and minimizes unnecessary data exposure. This model makes use of several authenticators and enhances security while abiding by privacy rules by modifying authentication requirements based on risk assessments. It guarantees that all risk assessments and outcomes are carried out, kept secret from the user, and that backend privacy is upheld. Additionally, using several authenticators makes the system more secure against attacks because an attacker may have to compromise multiple authenticators, increasing the likelihood that they will be discovered. According to
Figure 13, which displays the metrics used to measure usability, users were generally satisfied with the app across all evaluated aspects. Overall performance, quality of service, and ease of use all pointed to most users finding the app to be mostly satisfactory. User views varied significantly when it came to hardware compatibility and overall reliability, which suggests that those aspects need to be improved to enhance the entire experience. Look and feel further revealed that some users were not at all happy with the way the app looked and felt, while others thought the design and interface were great. These findings typically point to the need for improvements to make the app more aesthetically pleasing and easier to use to boost user satisfaction.
7. Conclusions and Future Work
The model exhibited exceptional performance in calculating risk, trust, and authorization decisions. The system effectively integrated user behavior, environmental context, and health conditions to provide adaptive and secure user authentication. However, the model’s accuracy difference between training and cross-validation indicated the need for further testing and tuning on diverse data to ensure its generalizability across various scenarios. Low success ratios may also be attributed to several factors like user experience, network, and medical conditions, and to capture more complex user behaviors and environmental changes, future work will require diversifying the training data to cover a wider range of user behaviors and situations. We could use contextual factors such as ambient light, social context, and network speed to estimate the risk of a login attempt. Network quality could be used to identify patterns, proximity to known devices (like Bluetooth), daily habits, and user activity and could be used to identify a particular person when analyzed over time. Contextual elements such as ambient light and the context of device usage could also be utilized to assess the risk of a login attempt. This would also involve exploring additional features and testing performance at the device level. Additionally, it is important to keep track of the users’ health status and modify authentication procedures as needed to accommodate any changes. To ensure optimal performance, we will also frequently adjust the model’s parameters and validate them using fresh data. To effectively address the overfitting issue, other normalization approaches might need to be considered in addition to the cross-validation and real-world data use that Lasso and Elastic Net suggested in this work.
Given that 80% of the participants were senior users in Sub-Saharan Africa (SSA), whose socioeconomic circumstances may differ from those of other continents, some degree of geographic and demographic generalization may be limited. This is due to potential variations in financial status, amount of technological expertise, perceived usability, and overall security awareness. Nonetheless, it is possible that the findings, independent of geography or upbringing, can be applied to other demographic groups. On health conditions, future work needs to investigate if some health conditions have more effects on authentication outcomes than others. Additionally, longitudinal studies need to be conducted in the future to monitor user behavior, and health changes over time would provide deeper insights into improving model accuracy. Regarding scalability, we believe our model can only perform very well with small datasets like the one that we used in our experiment as it has few features, but we believe that since we used the algorithm for risk calculation and not the classification tasks, we can expand it by adding more features to the risk calculation engine without significant performance costs. However, as other authors have noted [
74,
75], the Naive Bayes algorithm performs best on small datasets but not datasets that require intricate feature interactions on classification tasks. Because of its computational efficiency, Naive Bayes can still perform well on simple datasets that only grow in size while the non-existence of large datasets in our specific scenario prevented us from testing its effectiveness on a sizable dataset. If the dataset becomes more complex and has more feature interactions, Random Forest or Gradient Boosting are likely to perform better predictively, though they will demand more computational power. The model can be scaled for real-world deployment, especially in a healthcare setting with thousands of users; however, given that end-user devices are mobile, attention should be kept on the computational resources needed for such scalability so that the technology cost remains low. On usability, future work needs to look at areas that need improvement, which include hardware compatibility, look and feel, as well as overall reliability.