Accepted for/Published in: JMIR mHealth and uHealth
Date Submitted: Jul 26, 2019
Date Accepted: Apr 16, 2021
Challenges in Developing Secure Mobile Health Applications: Systematic Review
ABSTRACT
Background:
Mobile health (mHealth) applications (apps) have gained significant popularity over the last few years due to their tremendous benefits, such as lowering healthcare cost and increasing patient awareness. However, the sensitivity of healthcare data makes the security of mHealth apps a serious concern. Poor security practices and lack of security knowledge on developers’ side can cause several vulnerabilities in mHealth apps.
Objective:
In this review paper, we aim to identify and analyse the reported challenges that the developers of mHealth apps face concerning security. Additionally, our study aim to develop a conceptual framework with the challenges faced by mHealth apps development organisation for developing secure apps. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps.
Methods:
We followed the Systematic Literature Review (SLR) method for this review. We selected studies that have been published between January 2008 and October 2020 since the major app stores launched in 2008. We selected 32 primary studies using predefined criteria and used thematic analysis method for analysing the extracted data.
Results:
Of the 1867 articles obtained, 32 were included in this review based on the predefined criteria. We identified nine challenges that can affect the development of secure mHealth apps. These challenges include lack of security guidelines and regulations for developing secure mHealth apps (20/32, 62.5%), developers’ lack of knowledge and expertise for secure mHealth app development (18/32, 56.3%), lack of stakeholders’ involvement during mHealth app development (6/32, 18.8%), no/little developers’ attention towards the security of mHealth app (5/32, 15.6%), lack of resources for developing secure mHealth app (4/32, 12.5%), project constraints during mHealth app development process (4/32, 12.5%), lack of security testing during mHealth app development (4/32, 12.5%), developers’ lack of motivation and ethical considerations (3/32, 9.4%), and lack of security experts’ engagement during mHealth app development (2/32, 6.3%). Based on our analysis, we have presented a conceptual framework that highlights the correlation between the identified challenges.
Conclusions:
While mHealth apps development organisations might overlook security, we conclude that our findings can help them to identify the weaknesses and improve their security practices. Similarly, mHealth apps developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth apps development.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.