Operating system concerns for medical apps

The use of mobile medical apps has become increasingly prevalent in the past decade as smartphones have become a ubiquitous part of everyday life. These apps range from prescription medicine intake trackers to programs for diagnosing skin conditions or providing therapy for anxiety disorders.

The benefits of mobile apps from a developer perspective are clear – the power of the consumer’s phone can be leveraged to avoid the costly and time consuming process of manufacturing host devices. However, it is still important that medical app developers are aware of the potential security issues that could arise as a result of the underlying system on which their app runs. In this post we discuss some of the main operating system-related security concerns for medical apps.

Operating system updates

One of the most significant challenges that developers face is compatibility issues arising from operating system updates. Manufacturers of mobile phones frequently publish updates to operating systems, for both security and other reasons. Some updates may be voluntarily installed by the user, but other updates are automatic and/or mandatory. These operating system updates may temporarily or permanently affect the function of mobile apps.

The Australian Therapeutic Goods Administration (TGA) recently published a safety alert concerning Abbott’s FreeStyle LibreLink app. The alert describes a fault arising in the app as a result of the recent Android 13 update. Devices running this version of the Android OS could experience extended periods of signal loss which could prevent users from receiving critical information about their blood sugar levels.

Thankfully no injuries have been reported as a result of the fault, and Abbott is acting quickly to roll out an update that should rectify the issue. However, the incident does underscore the need for developers to monitor the compatibility of their medical apps with the operating systems on which they run. As operating systems evolve, medical apps should be continuously tested and updated to ensure they continue to function as intended on the new version. Both Apple and Google offer Beta versions of their new operating systems to developers to facilitate early compatibility checks. 

Legacy operating systems

On the other side of things, it is equally important for medical app developers to monitor older operating systems. As new updates roll out, it is not uncommon for IT service providers to retire older versions of their operating systems. For example, back in January, Microsoft ended its support of Windows 8.1 meaning it will no longer provide patches or updates for this version of its OS. Support for Windows 10 is also expected to end in October 2025.

Medical apps which continue to run on outdated ‘legacy’ operating systems are increasingly vulnerable to cybersecurity threats. While there are no specific rules in the medical device regulations against running medical apps on legacy OS, manufacturers do have a general duty to ensure that their devices remain safe and effective throughout their lifecycle. As part of this, software developers should consider whether any risk mitigation measures are necessary in relation to the legacy OS. For example, developers may need to provide more regular security updates or discontinue support for their app running on the legacy system altogether.

Ultimately, as the mobile medical app market continues to grow, developers must remain vigilant to threats arising not only from their apps themselves, but also in relation to their compatibility with different operating systems. By monitoring and managing the risks posed by new OS updates and the continued use of legacy OS, developers can ensure that their apps remain safe and effective throughout their lifecycle.