A GDPR-Compliant Mobile App to Conduct Spirometry/Oximetry Tests



A provider of medical software solutions turned to Altoros to build an iOS app for pulmonary function/oxygen saturation testing, enabling self-checkup prior to a doctor’s appointment.

Brief results of the collaboration:

  • The customer delivered an iOS app for patients to conduct spirometry (breath frequency, lung volume, etc.) / oximetry (pulse, oxygen level) testing across 50+ parameters, facilitating diagnostics during in-person visits to a doctor.
  • With a minimum viable product (MVP) delivered in just 8 weeks, the company was able to identify the features to include in a fully fledged product, as well as present the app to investors and partners.
  • Thanks to the introduced security measures, the company protected sensitive medical data and ensured compliance with the General Data Protection Regulation (GDPR).

The customer

The customer is a Norwegian software provider for the healthcare industry. In 2021, the company partnered with Innovation Norway, a state-owned business incubator, and BankID, a nation-wide identification system, to develop its flagship platform for oximetry/spirometry testing.

The need

The COVID-19 pandemic put a strain on healthcare institutions' load and resources. The waiting time for patients also increased. The customer saw an opportunity to fast-track diagnostics of respiratory diseases with pulmonary function/oxygen saturation self-testing. So, the company built a web system that would analyze data from oximeters/spirometers for doctors. Still, the startup needed an iOS app for patients to conduct self-tests and send results to the web system prior to an appointment.

Comprising medical experts and back-end engineers, the company relied on mobile development expertise at Altoros to deliver an MVP and present it to the investors/partners.

The challenges

Under the project, the team at Altoros had to address the following issues:

  • The mobile app would share sensitive information (personal and medical data) with the existing web system. Furthermore, the app would use BankID as an authentication system for patients. In this regard, security and GDPR compliance were crucial.
  • To run tests, oximeters/spirometers had to be connected to the mobile app via Bluetooth. If Bluetooth was not deactivated after the test, smartphone's battery might run out of charge or slow down performance. Furthermore, an open Bluetooth connection posed a point of vulnerability.

The solution

Stage 1. After analyzing the requirements, the mobile developers at Altoros helped the customer to identify the features to include in an MVP and create an implementation roadmap. Following the Agile methodology, the team moved in frequent iterations and delivered the MVP in 8 weeks.

Stage 2. The engineers at Altoros opted for a modular architecture with loosely coupled app components, promoting ease of maintenance and troubleshooting. Then, the developers designed 6 modules (a test launcher, device search, etc.).

Stage 3. The team built a REST API to share data between the app and the web system. The engineers also delivered a script that loaded certain screens of the proprietary system as web views (e.g., a health questionnaire). This way, patients directly interacted with the web system, and sensitive data was not stored on the app.

Stage 4. The developers integrated BankID, enabling secure login via Face ID/Touch ID. Using KeychainSwift, the experts also employed authentication token hashing and encryption. The introduced measures contributed to enforced security and GDPR compliance.

Stage 5. The team integrated Spirobank Smart Kit and configured its Bluetooth protocol. To optimize battery performance, the engineers enabled the app to automatically disconnect from spirometers/oximeters after the test, turn off Bluetooth when the app session ends, etc.

Stage 6. The developers delivered animation that visualized the progression of a spirometry test. Using Charts, the team also visualized oxygen levels and pulse readings in a graph.

Stage 7. With Xcode, the engineers enabled localization in English/Norwegian. Finally, the team integrated Firebase Crashlytics to track, prioritize, and fix app incidents.


compliance ensured

8 weeks

to deliver an MVP


parameters tracked

The outcome

Partnering with Altoros, the customer delivered an MVP of an iOS app for spirometry/oximetry self-testing across 50+ parameters, promoting accurate diagnostics during in-person visits. Thanks to security measures in place, the customer can protect personal and medical data, as well as comply with GDPR. With the MVP delivered in just 8 weeks, the customer was able to present it to the investors/partners and move on with developing a fully fledged solution.

Technology stack



Programming language


Frameworks and tools

KeychainSwift, Lottie, Charts, Firebase Crashlytics, Google Firebase Cloud Messaging

Seeking a solution like this?
Contact us and get a quote within 24 hours

Alex Tsimashenka
Business Development Director
+1 (650) 419-3379