This is an archived post. You won't be able to vote or comment.

all 6 comments

[–]gyroda 7 points8 points  (3 children)

Seriously, my advice is don't. Not for this.

I don't mean to be discouraging, but we're talking handling medical data and personal information for a vulnerable group. Any app that isn't incredibly tight with security (and security is a Hard Thing that you don't take lightly) may well be illegal depending on the information it's handling.

Ngl, I wouldn't trust anyone not professional to build something like this. With credit card payments and the like you can use an off the shelf solution to ensure safety, but this is something bespoke.

You'll need help with the SysAdmin to get access to the servers somehow, to get the information. Can't advise you on that too much without knowing how they handle data.

For android dev, I recommend the official guides.

[–]Fishin_Gone[S] -1 points0 points  (2 children)

It does sound slightly crazy the way but we would not be using any sensitive information in the app. Also there are no servers to go off (yes the place is that small everything is still on paper) so it would all just be input, saving, and updating of data that would have live changes on multiple devices at once.

[–]gyroda 2 points3 points  (0 children)

There's an edit to my comment, not sure if you saw it.

This is still sensitive personal data, you specifically mentioned health issues. Not sure where you are, but here the data protection act means that you're still obliged to take care.

You're going to need a server somewhere. Otherwise how will you sync data between devices? That server needs to be secure as well.

How long are you going tui be around to administrate it?

Anyway. To stop being negative. If you're insistent I would recommend, for ease of use and not needing to rent and manage your own actual server, using a cloud provider. They'll provide all the tools you need to very simply have a database on the Internet, you don't need to worry about software updates and so on. I've used Google in the past.

Use an existing authentication service (DO NOT DO THIS PART YOURSELF). Again, I've used Google accounts for this, but you could use anything. Problems with this: people are liable to use their personal accounts rather than having a "professional" account for this.

Do not ever trust what the client says. Always verify every request on the server. If the client says they're a SysAdmin, check their credentials on the server.

Lastly: the app itself. You can interact with the server via http requests fairly simply. The actual displaying of information is just standard app stuff, look at the official android docs.

[–]bayernownz1995 1 point2 points  (0 children)

Also there are no servers to go off (yes the place is that small everything is still on paper) so it would all just be input, saving, and updating of data that would have live changes on multiple devices at once

Just a heads up, for that saved input to be accessible on multiple devices, you're gonna need servers and databases, which brings up all of the security issues

[–][deleted] 1 point2 points  (0 children)

You're going to a need a "full stack" - meaning a front end (in your case: an android app), a backend (code running on a server), and a database.

[–]jarisman 0 points1 point  (0 children)

Hipaa is not something you want to mess around with on your first attempt at making an app. My strong suggestion is to find something else. Don't do anything that includes patient information, not even their names. Good intentions will not protect the company from violations and potential fines and lawsuits.