Guides

MindLogger Software Guide

Licenses

Our application front-end and back-end code base is accessible as online GitHub repositories, and is licensed under an extremely permissive, Open Source Initiative-approved open-source license, the Common Public Attribution License (CPAL-1.0). The license requires that attribution be given by including (1) the copyright notice: “Copyright (c) 2017 MATTER Lab at the Child Mind Institute”, (2) the URL: “https://matter.childmind.org”, (3) the Child Mind Institute’s logo, and (4) the attribution phrase: “Child Mind Institute product intended for building applications for good.” We include the attribution phrase to give credit to the developers while also making it clear that while we intend for people to build MindLogger applets that will be benevolent, we have no control over their intent, content, or the data they collect. See an example license file.

Our administrative software is licensed under a new license, the Delayed Open Source Attribution License (DOSA-1.0). Though it is not itself an open source license, the purpose of this Delayed Open Source Attribution License is to provide open access to software for non-commercial use while giving attribution to its original developer, and after a delay of three years, forcing the software to fall under the terms of the open source CPAL-1.0 license above that preserves the attribution information of this license. This delay is intended to protect the commercial interests of the licensor without compromising on the many benefits of creating open source products. See an example license file.

Security

The computer security firm Alpine Security has conducted extensive cybersecurity penetration tests to ensure that MindLogger follows best practices for privacy and security.

Software Architecture

MindLogger’s software architecture consists of a set of end-user-facing front ends (two mobile applications and a web application) and organizer-facing front ends (an admin panel, data dashboard, and applet builder) with a shared RESTful HTTP API using MongoDB for data storage. The mobile front ends, Android and iOS apps, are built using React Native. This allows us to share a single code base across mobile platforms, resulting in increased speed of development and ease and cost-effectiveness of maintenance. The web application is a ReactJS browser-based counterpart to the mobile applications, and currently provides a subset of their functionality. Administrators (managers, coordinators, editors, and reviewers) have access to different single-page applications built using VueJS. The admin panel and applet builder are for managing user roles and applets, and the data dashboard is for reviewing user data, with custom charts implemented using d3.js. The computer security firm Alpine Security has conducted extensive cybersecurity black, gray, and white penetration tests to ensure that MindLogger follows best practices for privacy and security. These practices can be adapted to the specific regulations and guidelines of different countries, including the General Data Protection Regulations (GDPR) of the European Union that are among the most strict concerning data use, access, and storage. As shown in Figure 3, MindLogger has end-to-end encryption, permits administrators to delete an individual’s data, and can be set up on one’s own server (accommodating European regulations concerning the physical location of data processing and storage), so the platform should already meet the security requirements of most use cases.

MindLogger stack architecture diagram

Back-end

The back-end API is built in Python using Girder’s RESTful API with the CherryPy framework. This software layer provides a set of RESTful endpoints that allow you to manage users, applets, activities, items (such as individual questions), and user responses. All user data is stored in a MongoDB database hosted in an Amazon Web Services cloud instance with password-based encryption. Specifically, user response data is encrypted using their own password on the client side so that only managers or reviewers can view their data using an applet password; other sensitive information (name and email) is encrypted on the server side. We have HIPAA compliance agreements with Amazon Web Services, Google Cloud Platform, and MongoDB Atlas, and the software permits installation on an arbitrary backend server (for example, on a university or hospital server and not on any cloud service provider’s servers). For improved performance, MindLogger uses a Redis instance as a temporary storage for data caching. MindLogger uses Firebase Cloud Messaging for sending notifications from the back-end server to the end user’s mobile device. All additional data is consumed from the back-end API through HTTPS requests.

Data schema

The applets, activities, and items are described using ReproSchema, an emerging standard to capture and harmonize cognitive, clinical, and behavioral assessments and responses in a provenance-preserving manner. The schema uses JSON-LD as its representation format and captures, as a connected graph of information, the details of the questions, presentation logic based on responses or scheduling, computation of scores, and interface hints for applications such as MindLogger. The schema uses GitHub to maintain versions and provide persistent URIs for applets and activities, supports multilingual applets, and uses W3C-PROV to establish provenance between the response, the responder, and the applet.

Contributing

The guidelines for contributing to the mobile app codebase are for the most part applicable across all of the MindLogger repositories. See Contributing and Versioning.

Bug reports and feature requests

Admin client (primarily for user management)

User clients

  • mindlogger-app repo for the iOS and Android apps in React Native

  • mindlogger-web repo for the MindLogger [web app](https://web.mindlogger.org

Back-end APIs

Our servers are managed through MongoDB Atlas with each instance’s API served via AWS Elastic Beanstalk.

Community-maintained repos