Many health and medical apps handle sensitive protective health information. And several are providing functionality that could harm the patient if the app doesn’t function as it should. For these reasons, researchers at Arizona State University (ASU) have developed some exciting tools to help ensure that the apps we recommend to our patients are safe and reliable.

The team at ASU is led by Dr. Sandeep Gupta, a professor in the Computer Science and Engineering Department. His team has created Health-Dev, a platform to facilitate the development of safe and reliable apps. They have also developed ECG and photoplethysmography (PPG) based biometric “passwords” to improve app security.

Health-Dev is a platform that allows developers to “design, create, and test medical apps against a credible benchmark that ensures the code will be devoid of terminal software errors and operate through secure transmission channels.” In other words, developers can build their apps within Health-Dev using tools and code that have been tested against strict security and reliability standards. By integrated these already-tested components into their app, the developer can then tell everyone from potential users to the FDA that they’ve met these industry standards.

Dr. Gupta points out that this is a very different approach than taken by some others previously in this space, such as Happtique. According to Dr. Gupta, “You’re not going to be able to take a generic application and validate it…that’s an unsolvable problem.” That’s because there are simply too many moving parts to be confident that you can apply some standard validation scheme to any application thrown at you and say whether its safe or not.

The approach taken by Health-Dev is to focus on specific components of the app’s design, like the sending and receiving of data. At the risk of oversimplifying the platform, the general idea is to use “off the shelf” code that you know meets strict standards for security and reliability. That way, you can attest to the final product actually meeting those standards. Internally, Dr. Gupta and ASU have developed the bHealthy app using Health-Dev, something of a test case to show the platform in action.


Another really interesting tool developed by Dr. Gupta’s team focuses on user identification. Basically, they’ve developed a method to use ECG and PPG signals to generate user-specific keys to access a specific app. Currently this requires the use of a peripheral device to capture either of those signals and that the device be securely in the possession of the intended user. Dr. Gupta points out that this tool was developed initially for patients with devices that are not readily lost or stolen – namely implanted devices. A particularly interesting use of this type of user validation would be for apps that pair with defibrillators, insulin pumps, and so on.

Developed by Dr. Gupta’s research team at ASU, they are now exploring various licensing opportunities for commercialization of this platform and its associated tools. And as interest in applying to to clinical scenarios with increasingly higher stakes, platforms like this could really go a long way in helping ensure that the apps we use are safe and reliable.