A 4-Month Journey into Medical Device Communication

A 4-Month Journey into Medical Device Communication 0:00

Project Duration: June – September 2024
Tech Stack: React Native, Expo, TypeScript, BLE, NFC, Cloud Integration
Outcome: Production-ready medical device management app for iOS and Android

Introduction

When I started building Mobile application for the medical device, I knew it wasn’t going to be simple. The goal was clear — create a mobile application that connects to medical devices via Bluetooth, manages over-the-air firmware updates, and syncs sensitive patient data securely to the cloud.

Four months later, I emerged not only with a functioning product but with a deeper understanding of low-level protocols, cryptography, and the delicate choreography between hardware and software.

This is the story of building Mobile application for the medical device — a secure, cross-platform medical device connectivity and management platform.

The Challenge

At its core, Mobile application for the medical device needed to help healthcare professionals:

  • Connect to Mobile application for the medical device via Bluetooth
  • Perform firmware updates over the air
  • Sync historical medical data securely to the cloud

Sounds simple, right?
But the reality involved tackling NFC scanning, BLE communication, encryption, data synchronization, and cross-platform support — all under strict medical data security requirements.

Month 1: Foundation and Protocol Understanding

Learning BLE from Scratch

The first major challenge was Bluetooth Low Energy (BLE).
Unlike classic Bluetooth, BLE uses small, efficient data packets and is structured around GATT services and characteristics.

It took two weeks to establish stable connections.
Along the way, I learned about:

  • MTU negotiation and packet sizing
  • Differences between iOS and Android BLE stacks
  • Auto-reconnect logic and exponential backoff retries
  • Permission handling for NFC and BLE scanning

Lesson learned: BLE is fragile. Build your connection logic as if it will fail — because it often does.

Understanding the Custom Protocol

The Mobile application for the medical device used a proprietary binary protocol over BLE. Each packet followed a well define structure

Implementing this required mastering:

  • COBS encoding to eliminate delimiter conflicts
  • CRC16 checksums for integrity
  • AES encryption

I discovered that CryptoJS wasn’t using a cryptographically secure RNG by default — so I overrode it with a CSPRNG.

Key takeaway: Using encryption isn’t enough — you must understand every component in the chain.

Month 2: State Management and Architecture

Discovering Zustand

Once BLE was working, I hit another wall — state management.
Redux quickly became bloated and unmanageable. That’s when I found Zustand — a lightweight, hook-based alternative that simplified everything.

I organized the app into 8 specialized stores, each with a single responsibility (BLE, device info, firmware versions, progress tracking, etc.).

This modular design made debugging and performance tuning a breeze.

Lesson: Small, focused stores are more maintainable than a single global one.

Defining the Architecture

I adopted a layered architecture that cleanly separated responsibilities:

UI / Screens
↓
State (Zustand)
↓
Services (BLE, Cloud, File I/O)
↓
Protocol (Encryption, Encoding)
↓
Storage (Secure Store / Keystore)

This made testing, debugging, and scaling the app much easier — especially when new features arrived later in the project.

Month 3: File Transfer and Firmware Updates

The “Elephant Through a Garden Hose” Problem

BLE packets max out at ~512 bytes, but after encryption and headers, I only had ~208 bytes of usable space.
Transferring a 2MB firmware file meant sending 10,000+ packets efficiently and safely.

Profiling and Optimization

Using a custom TransferProfiler, I discovered that BLE writes, not encryption, were the bottleneck.

Lesson: Measure before optimizing — assumptions are often wrong.

The Firmware Update Flow

A complete update involved:

  1. Device authentication
  2. Firmware version check
  3. Cloud lookup
  4. File download
  5. File upload via BLE
  6. Installation + reboot
  7. Confirmation with the cloud

Each step had to handle failure gracefully — dropped connections, timeouts, and corrupted files.

Month 4: Cloud Integration and Polish

Secure JWT Authentication

The app used machine-to-machine JWT authentication via an embedded RSA private key.
I implemented RS256 signing, token exchange, and secure storage in Keychain/Keystore.

Key insight: Security is about context and threat modeling — not one-size-fits-all rules.

iOS Receipt Validation

Apple required verifying App Store receipts to ensure authenticity.
I added a robust retry system that handled missing or delayed receipts gracefully.

UX and Developer Tools

The final stretch was all about polish:

  • Progress indicators with phase labels
  • Toast notifications for user feedback
  • A developer debug panel showing BLE logs, performance data, and manual testing tools

Small details made a huge difference in usability — especially during field testing.

Technical Challenges and Solutions

ChallengeProblemSolution
Binary Data Over BLEDelimiter bytes corrupted payloadCOBS encoding
Connection ReliabilityFrequent disconnectsState machine + exponential backoff
File Transfer IntegrityCorruption over large transfersCRC16 + file size validation
Cross-State CoordinationUI, BLE, and API out of syncZustand centralized stores
Platform DifferencesiOS vs Android BLE quirksPlatform-specific wrappers

What I Learned

Technical Growth

  • Low-level binary protocols
  • AES & RSA encryption
  • BLE fundamentals (GATT, MTU)
  • State management with Zustand
  • Secure storage and JWT handling

Architectural Principles

  • Separation of concerns
  • Measure before optimizing
  • Build for failure, not perfection
  • Small, testable units of logic

Personal Lessons

  • Patience and persistence matter
  • Documentation saves your future self
  • Curiosity drives understanding
  • Every bug is an opportunity to learn

The Final Product

After four months of development, Mobile application for the medical device shipped with:

  • Stable cross-platform BLE communication
  • NFC pairing
  • Secure firmware updates
  • Historical data synchronization
  • JWT-based authentication
  • Polished UI and robust UX

It’s now in production, helping healthcare professionals manage Mobile application for the medical devices safely and efficiently.

Project Stats

  • Lines of code: ~15,000
  • Files: 50+ TypeScript/TSX
  • Dependencies: 50+
  • Platforms: iOS & Android
  • Custom BLE commands: 15+
  • Zustand stores: 8
  • Commits: 100+ over 4 months

Looking Ahead

If I were to build it again, I’d explore:

  1. Certificate pinning for enhanced MITM protection
  2. Data compression before encryption
  3. Delta firmware updates
  4. Offline-first caching
  5. Telemetry for diagnostics
  6. QR-based error documentation

For a solo four-month project — I’m proud of how far it went.

Conclusion

Building Mobile application for the medical device was equal parts challenging and rewarding.
It pushed me beyond my comfort zone into low-level engineering, mobile security, and system design — and that’s where the best growth happens.

If you’re eyeing a project that intimidates you — do it anyway.
The steepest climbs offer the best views.

Tech Stack Summary

Framework: React Native + Expo
Language: TypeScript
State Management: Zustand
BLE: react-native-ble-plx (iOS), react-native-ble-manager (Android)
NFC: react-native-nfc-manager
Crypto: CryptoJS, react-native-rsa-native
File System: react-native-fs, JSZip
Security: expo-secure-store, react-native-secure-key-store
Navigation: React Navigation
Cloud: REST API + JWT Authentication

Have questions about BLE, React Native, or medical device integration?
Drop a comment below or reach out — happy to share more! 💬

November 7, 2025