Evaluating Threats and Proposing Evidence-Based Recommendations for Mobile Digital Therapeutics Applications

Digital Therapeutics (DTx) are transforming modern healthcare by introducing software-based, clinically-validated therapeutic interventions that complement or replace traditional treatments. These solutions can potentially improve accessibility, personalization, and scalability of care, but at the same time, they raise critical concerns for patient safety and privacy, as they rely on the processing of highly sensitive health data and directly influence clinical decision-making. This paper addresses the gap between academic research and current industry practices by introducing a dedicated threat model for DTx applications, focusing on patient safety. Building on this model, we evaluate a selection of commercially available DTx services, systematically identifying common vulnerabilities and analyzing their implications for security and privacy. The findings reveal recurring weaknesses and highlight areas where improvements are most urgently needed. Based on these insights, we formulate a set of actionable recommendations for developers. By doing so, we contribute to the establishment of domain-specific best practices that can strengthen security and safeguard patient outcomes.