Abstract: Digital applications (apps) are commonly used across the research ecosystem. While apps are frequently updated in the course of clinical and behavioral research, there is limited guidance as to when an app update should trigger action related to human research participant protections and who should be responsible for monitoring and reviewing these updates. We term this the “update problem” and argue that, while it is the principal investigator's duty to track all relevant updates, the level of involvement and re-review by the institutional review board (IRB) of an approved research protocol should vary depending on whether the update may be classified as minor, not minor, or significant. Minor updates require at most annual notification of the IRB, updates that are not minor require prompt notification of the IRB, and significant updates may require full board re-review or another response. We also suggest how these policies might be implemented.