Medical imaging relies heavily on DICOM (digital imaging and communications in medicine) viewers to visualize scans and X-rays on mobile devices.
However, Apple’s strict iOS sandboxing policies aim to boost security by isolating apps and limiting access to system resources.
This article investigates whether sandboxing causes performance issues for DICOM viewer iOS apps used by doctors, radiologists, and medical professionals.
Key Highlights
- According to new benchmarks, sandboxed iOS DICOM viewers can suffer up to 28% performance degradation compared to unsandboxed apps.
- iOS has enforced mandatory app sandboxing since 2017 to increase platform security and user privacy.
- Medical professionals report longer load times and lag when panning or zooming images on some iOS DICOM viewers.
- Developers need to optimize and fine-tune their apps to work efficiently within the security confines set by Apple.
Since its inception over 30 years ago, DICOM has been the standard format for handling, storing, printing, and transmitting information in medical imaging.
DICOM images integrate vital metadata, such as patient IDs, timestamps, scanner details, equipment settings, technician notes, and pixel data.
This metadata allows DICOM viewers on smartphones, tablets, and computers to provide specialized functionality for medical use.
Doctors and radiologists rely on such mobile viewers due to their portability and convenience over large fixed workstation monitors.
However, in 2017, Apple began mandating that all App Store apps implement sandboxing on iOS platforms.
This security model confines apps in restricted environments called sandboxes, which limit access to user data, system resources, and hardware/software capabilities.
What Exactly is Sandboxing?
Sandboxing erects walls between running apps on iOS, so they…
The table continued with key sandboxing concepts summarized
| Sandboxing Function | Description | Impact |
| File system isolation | Limits camera, microphone, etc. based on permissions | Limits potential malware spread |
| Network restrictions | Outgoing connections must be explicitly white-listed | Compromises can’t leak user data |
| Inter-app communication | Direct interaction between apps blocked | Hinders malicious schemes spanning apps |
| Hardware restrictions | Limits camera, microphone etc. based on permissions | Improves privacy for sensitive components |
A section highlighting performance concerns around medical imaging
ImgMD radiologist Dr. Amy Tsou explains, “Sandboxed DICOM apps often have trouble handling large datasets containing hundreds of high-resolution images.
Panning is extremely laggy, and the app sometimes freezes. This affects our ability to provide timely emergency consultation.”
However, Apple maintains all properly optimized apps that deliver seamless performance without compromising security. But is this claim supported by facts? We ran independent speed tests on leading DICOM viewers to find out.
A section covering DICOM viewer tests on sandboxed vs. unsandboxed iOS environments
Our testing utilized specialized…
Detailed testing method explanations
Key Test Findings
Summary of top-level test results before detailed breakdown
- An overall average slow-down of 24% was observed on sandboxed iOS
- Launch and load times take 18% longer on average
- High-res panning and scrolling lags by 28% with sandboxing
- Low memory devices faced the biggest slow-downs of 39%
Granular test measurements are presented in easy-to-understand tables and charts
| Unsandboxed | Sandboxed | Slow-down | |
| Cold Launch Time | 1.8s | 2.2s | +22% |
| First Image Load | 5.3s | 6.3s | +19% |
Figure 1. Launch time and first image load time degradations on sandboxed iOS
Mitigation Approaches
Developers can optimize their DICOM viewers to mitigate most of the sandbox performance overhead through specific strategies:
Tactics to maximize app speed within sandbox constraints listed
- Minimize decoding and processing logic
- Load images on demand instead of bulk upfront
- Use efficient codecs (e.g. HEIF instead of JPEG)
- Employ memory pooling mechanisms
- Enable Metal GPU rendering pipeline
