Skip to content

Best Practices

Yuan Zhu edited this page Apr 20, 2016 · 2 revisions

These materials are for informational purposes only and do not constitute legal advice. You should contact an attorney to obtain advice with respect to the development of a care app and any applicable laws.

CareKit Framework Best Practices

This page documents lessons learned while developing and testing applications using the CareKit™ framework.

Contribute to the Community

Our hope is that users of the CareKit framework will contribute code back to the community to improve the quality and usefulness of care apps. See Contributing.

If you would like to see new features but don't have the resources to build and contribute them yourself, do file a bug in our issue tracker so that the community as a whole can evaluate all options when allocating resources.

Privacy

Participant privacy is a core value. Medical care apps should ensure highest levels of security to maintain the privacy of one’s data.

  • Having an explicit privacy policy is highly recommended for every app that collects personal data. It is also required for CareKit apps posted to the iOS App Store.

  • Use touch ID or PIN access to control access to your app, if your app records or displays personal data.

  • Do not use iCloud to store health information.

Security

The flip side of privacy is data security.

  • Use the highest level of file protection possible for the given use case. Usually this should be NSFileProtectionComplete or NSFileProtectionCompleteUnlessOpen. This way, files stored by your app are encrypted automatically whenever the device is locked.

  • Do not keep personal data for longer than necessary for your app to function.

  • When transmitting data via networks that terminate SSL early, or when contemplating a store and forward mechanism of any kind for your data, consider an extra cryptographic wrapper for the data to protect it end to end. For example, a Cryptographic Message Syntax (CMS) envelope, the same technology used in S/MIME, can be used to encrypt data before transmission.

Accessibility

Apple builds products to be accessible to people with disabilities by default, and the CareKit framework should meet this standard. While certain tasks and activities and their corresponding results might be more relevant to perform and view by sighted users, or users with certain diseases, it is important that all UI can be explored and navigated using VoiceOver, Apple’s built-in screen reader for the blind. Failing on this promise could leave users stuck in areas of CareKit apps that are inaccessible, or even make them unwilling to consent to relevant studies, because of insecurity caused by inaccessibility.

As a minimum, when adding new UI to the CareKit framework, follow these steps:

  • All UI elements should be reachable with VoiceOver enabled, and have proper accessibility labels.

  • Add accessibility hints and traits to describe UI elements whose purposes might be difficult to describe with just a label.

  • Actions such as tapping, swiping and other interaction with UI elements, should be possible to perform with VoiceOver enabled.

  • When possible, follow the accessibility conventions and patterns embraced by Apple's own apps.

Refer to the Accessibility Programming Guide for iOS for more detailed information.

Clone this wiki locally