Mobile health apps work with sensitive personal data — heart rate, sleep, steps, weight. The interview tests whether you understand the platform-provided abstractions (HealthKit on iOS, Health Connect on Android), privacy boundaries, wearable sync patterns, and the regulatory considerations of health data.
Functional requirements
- Track basic health metrics: steps, heart rate, sleep, workouts
- Pair with wearables (Apple Watch, Fitbit, Garmin)
- Visualize trends over time
- Share data with the user’s doctor or family
- Support exercise tracking with GPS
The platform abstraction
Both platforms provide a centralized health database that apps read and write. The user controls what each app can access.
HealthKit (iOS)
Stores data types: HKQuantityType (steps, weight), HKCategoryType (sleep, mindfulness), HKWorkoutType (exercise sessions). Permissions are per-data-type and per-direction (read/write).
Health Connect (Android)
Newer (2022+) platform-provided alternative to Google Fit. Same model: typed records, per-app permissions.
Always use the platform store as the source of truth. Don’t maintain a parallel database.
Wearable pairing
Apple Watch: WatchKit / Watch app communicates with iPhone. WatchKit Connectivity for direct messaging; HealthKit for shared data.
Third-party wearables: Bluetooth + their SDK. Most modern wearables (Garmin, Fitbit) write directly to HealthKit / Health Connect, so the iPhone app does not need bespoke integration.
Sleep tracking
Multiple sources:
- Apple Watch: heart rate variability, motion, REM detection
- Manual: user logs sleep manually
- Third-party rings (Oura, Whoop): import via SDK or HealthKit
The app should not invent its own sleep logic if Apple/Google have already done the work — read from the platform store and visualize.
Workouts
An HKWorkout (or equivalent) has a type (running, cycling, yoga), start/end time, distance, calories, GPS route. Designed by Apple to be the canonical workout record.
For run/cycle workouts, your app records GPS via CoreLocation and writes a complete HKWorkoutBuilder with all samples. Other apps reading the same workout see consistent data.
Visualization
HealthKit provides query APIs: average steps over the past 30 days, heart rate variability over the past week. Use these directly. Render with a charting library (Charts framework on iOS, MPAndroidChart on Android).
Privacy and consent
- Always request only the data types you need
- Explain why each permission is needed in the request UI
- Health data leaves the device only with explicit user opt-in
- HIPAA does not apply to consumer apps generally, but it does if the app is “covered” — get legal review
- Comply with App Store / Play Store policies on health data
Sharing data with others
Apple’s Health Sharing lets users share specific data with family or doctors. Your app can integrate but typically does not need its own sharing layer.
For research apps, ResearchKit (iOS) handles informed consent and IRB workflows.
Battery
Health apps that continuously read sensors are battery-expensive. Mitigations:
- Subscribe to data updates rather than polling
- Use HKObserverQuery to wake only when data changes
- Avoid your own sensor reads if HealthKit already provides the data
Frequently Asked Questions
Do I need to encrypt health data on disk?
HealthKit / Health Connect handle encryption at the platform layer. Your app data, if you store it separately, should also be encrypted with platform keystores.
How do I handle a user who switches phones?
HealthKit data syncs via iCloud (with user opt-in). Health Connect supports import/export. Your app should detect existing platform data and onboard gracefully.
What about Android Wear / Wear OS?
Wear OS apps access Health Services API for sensor data. Mirror or sync to phone via Wearable Data Layer. Similar pattern to Apple Watch.