A team from the University of West Florida has developed groundbreaking software that could revolutionize how we evaluate app security. Dr. Hossain Shahriar, associate director and professor for UWF’s Center for Cybersecurity, along with his graduate students, has created a platform that analyzes the security and privacy compliance of mobile applications.
- Background: The project’s genesis stems from a growing concern in healthcare technology. As Dr. Shahriar explains, “Many times now, before a doctor’s appointment, you will be told to go fill out your information on the apps. That’s fine, but that is protected health information; so what we are doing is researching whether these apps are secure and compliant with HIPAA, the federal law restricting the release of medical information, when storing your data.”
Why this matters: The convenience of pre-appointment digital forms has streamlined medical processes but has also created potential security risks that many users and even healthcare providers may not fully understand.
How the Platform Works
The software employs a user-friendly risk assessment system that rates applications on a scale from low to critical risk levels. The platform provides detailed vulnerability and risk breakdowns, giving users clear insights into potential security threats.
“For example, if the meter shows 87% risk factor, then the user knows they should not be using that app,” Shahriar said. “Why? Because if they put their social security number in there, it is probably being disclosed as plain text and the encryption is not there.”
This straightforward approach makes cybersecurity accessible to everyday users who may lack technical expertise but need to make informed decisions about their digital privacy.
Substantial Research Investment
The cybersecurity research received a two-year $545,000 National Institutes of Health Small Business Technology Transfer grant that Shahriar received in partnership with Ubitrix, Inc. in 2023.
- What makes this platform particularly noteworthy is its uniqueness in the marketplace. When the project began, Shahriar noted that he “could not find anything similar in the market that would analyze apps and give a score based on their compliance with privacy laws.”
Student Leadership and Technical Excellence
The project showcases the exceptional talent within UWF’s graduate programs. Abdul Barek, a graduate research assistant in UWF’s intelligent systems and robotics doctoral program, has served as the lead student developer since the project’s inception. His team includes fellow researchers Md Bajlur Rashid, Md Mostafizur Rahman, ABM Kamrul Riad, and Md Abdur Rahman.
- The technical achievements of these students are impressive. As Barek noted, “We saw some vulnerabilities in some of the popular apps from the marketplace; it was amazing to see that we discovered that from our work.”
The project required developing entirely new approaches to security analysis. The team built custom algorithms along with static and dynamic analysis techniques specifically designed to evaluate mobile application security. This technical innovation represents a significant contribution to the cybersecurity field and demonstrates the research capabilities of UWF’s Center for Cybersecurity.
While the platform initially focused on healthcare applications and HIPAA compliance, its scope has expanded significantly. The software now analyzes security risks across thousands of applications developed for popular platforms, including Android, iOS, and web-based systems. According to Shahriar, at least one Fortune 500 company has utilized the tool and discovered security vulnerabilities in its applications.
‘The platform is publicly accessible through hipaachecker.health. Currently supporting Android apps, iOS apps, and web applications, the tool allows individuals and organizations to test their applications’ security levels.
The team continues to innovate, with development underway on a Large Language Model-based module designed to recommend fixes for discovered insecure code. This advancement could transform the platform from merely identifying problems to actively helping developers solve them.
- For more information about the UWF Center for Cybersecurity, visit uwf.edu/cybersecurity. To test applications using the security analysis platform, visit hipaachecker.health.
