Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2021 Jun 21;9(6):e15654.
doi: 10.2196/15654.

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Bakheet Aljedaani  1   2 M Ali Babar  1   3
Affiliations

Challenges With Developing Secure Mobile Health Applications: Systematic Review

Bakheet Aljedaani et al. JMIR Mhealth Uhealth. .

Abstract

Background: Mobile health (mHealth) apps have gained significant popularity over the last few years due to their tremendous benefits, such as lowering health care costs and increasing patient awareness. However, the sensitivity of health care data makes the security of mHealth apps a serious concern. Poor security practices and lack of security knowledge on the developers' side can cause several vulnerabilities in mHealth apps.

Objective: In this review paper, we aimed to identify and analyze the reported challenges concerning security that developers of mHealth apps face. Additionally, our study aimed to develop a conceptual framework with the challenges for developing secure apps faced by mHealth app development organizations. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps.

Methods: We followed the systematic literature review method for this review. We selected studies that were published between January 2008 and October 2020 since the major app stores launched in 2008. We selected 32 primary studies using predefined criteria and used a thematic analysis method for analyzing the extracted data.

Results: Of the 1867 articles obtained, 32 were included in this review based on the predefined criteria. We identified 9 challenges that can affect the development of secure mHealth apps. These challenges include lack of security guidelines and regulations for developing secure mHealth apps (20/32, 63%), developers' lack of knowledge and expertise for secure mHealth app development (18/32, 56%), lack of stakeholders' involvement during mHealth app development (6/32, 19%), no/little developer attention towards the security of mHealth apps (5/32, 16%), lack of resources for developing a secure mHealth app (4/32, 13%), project constraints during the mHealth app development process (4/32, 13%), lack of security testing during mHealth app development (4/32, 13%), developers' lack of motivation and ethical considerations (3/32, 9%), and lack of security experts' engagement during mHealth app development (2/32, 6%). Based on our analysis, we have presented a conceptual framework that highlights the correlation between the identified challenges.

Conclusions: While mHealth app development organizations might overlook security, we conclude that our findings can help them to identify the weaknesses and improve their security practices. Similarly, mHealth app developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth app development.

Keywords: developers; mHealth apps; secure apps; security knowledge; systematic literature review.

PubMed Disclaimer

Conflict of interest statement

Conflicts of Interest: None declared.

Figures

Figure 1
Figure 1
Flow diagram for the selection of articles. IoT: Internet of Things; mHealth: mobile health; WSN: wireless sensor network.
Figure 2
Figure 2
Example of the steps of applying the thematic analysis to the qualitative data. mHealth: mobile health.
Figure 3
Figure 3
A conceptual framework for correlating the challenges in developing secure mHealth apps.
See this image and copyright information in PMC

References

    1. Hussain M, Zaidan A, Zidan B, Iqbal S, Ahmed M, Albahri O, Albahri A. Conceptual framework for the security of mobile health applications on Android platform. Telematics and Informatics. 2018 Aug;35(5):1335–1354. doi: 10.1016/j.tele.2018.03.005. - DOI
    1. Müthing J, Jäschke T, Friedrich CM. Client-Focused Security Assessment of mHealth Apps and Recommended Practices to Prevent or Mitigate Transport Security Issues. JMIR Mhealth Uhealth. 2017 Oct 18;5(10):e147. doi: 10.2196/mhealth.7791. https://mhealth.jmir.org/2017/10/e147/ - DOI - PMC - PubMed
    1. Varshney U. Mobile health: Four emerging themes of research. Decision Support Systems. 2014 Oct;66:20–35. doi: 10.1016/j.dss.2014.06.001. - DOI
    1. Aljedaani AA, Zahedi M, Babar MA. An Empirical Study on Developing Secure Mobile Health Apps: The Developers' Perspective. 27th Asia-Pacific Software Engineering Conference (APSEC); December 1-4, 2020; Singapore. 2020. - DOI
    1. Knorr K, Aspinall D. Security testing for Android mHealth apps. IEEE:pp. 2015:1–8. doi: 10.1109/icstw.2015.7107459. - DOI

Publication types