Research

UWF faculty and students develop software that analyzes security and privacy levels of mobile applications

Jun. 02, 2025
Dr. Hossain Shahriar, associate director and professor for the University of West Florida Center for Cybersecurity, and his graduate students have developed a platform that evaluates how well thousands of mobile applications are securing users’ personal information.
Three people stand in front of a tv screen with a webpage pulled up that reads, "Leading the Revolution: HIPAA Certification Technology"

Dr. Hossain Shahriar, associate director and professor for the University of West Florida Center for Cybersecurity, and his graduate students have developed a platform that evaluates how well thousands of mobile applications are securing users’ personal information.

“Many times now, before a doctor’s appointment, you will be told to go fill out your information on the apps,” Shahriar said. “That’s fine, but that is protected health information; so what we are doing is researching whether these apps are secure and compliant with HIPAA, the federal law restricting the release of medical information, when storing your data.”

Shahriar’s goal is for the platform to help companies be proactive in enhancing their app’s security level before deploying it. He also hopes it will help individuals understand the risk factor level of each app when inputting their information. The app uses a scale of low, medium, high and critical when testing vulnerabilities. It also includes vulnerability and risk breakdowns.

“For example, if the meter shows 87% risk factor, then the user knows they should not be using that app,” Shahriar said. “Why? Because if they put their social security number in there, it is probably being disclosed as plain text and the encryption is not there.”

The project has been funded by a two-year $545,000 National Institutes of Health Small Business Technology Transfer grant that Shahriar received in 2023 in partnership with Ubitrix, Inc. Shahriar said when the project began a couple years ago, he could not find anything similar in the market that would analyze apps and give a score based on their compliance with privacy laws. He said the project has involved building new algorithms, as well as static and dynamic analysis techniques. Abdul Barek, graduate research assistant in UWF’s intelligent systems and robotics doctoral program, has been the lead student developer on the project since its inception. Other project members include Md Bajlur Rashid, Md Mostafizur Rahman, ABM Kamrul Riad and Md Abdur Rahman.

“We saw some vulnerabilities in some of the popular apps from the marketplace; it was amazing to see that we discovered that from our work,” Barek said.

Shahriar said the platform has not just been used to run security risks for medical information but also general information of thousands of applications that are developed in different popular platforms like Android, iOS and more. According to Shahriar, at least one Fortune 500 company has used the app and found some holes in the security of their app. The currently deployed tool can be publicly accessed and tested on hipaachecker.health. The tool currently supports Android app, iOS app and web apps, while a new Large Language-based module to recommend the discover insecure code fixing is in the development process.

For more information about the UWF Center for Cybersecurity, visit uwf.edu/cybersecurity.

Most read in Research