Security Challenges in Android mHealth Apps Permissions: A Case Study of Persian Apps

Introduction: In this study, Persian Android mobile health (mhealth) applications were studied to describe usage of dangerous permissions in health related mobile applications. So the most frequently normal and dangerous permissions used in mHealth applications were reviewed. Material and Methods: We wrote a PHP script to crawl information of Android apps in “health” and “medicine” categories from Cafebazaar app store. Then permission information of these application were extracted. Results: 11627 permissions from 3331 studied apps were obtained. There was at least one dangerous permission in 48% of reviewed apps. 41% of free applications, 53% of paid applications and 71% of in-purchase applications contained dangerous permissions. 1321 applications had writing permission to external storage of phone (40%), 1288 applications had access to read from external storage (39%), 422 applications could read contact list and ongoing calls (13%) and 188 applications were allowed to access phone location (5%). Conclusion: Most of Android permissions are harmless but significant number of the apps have at least one dangerous permission which increase the security risk. So paying attention to the permissions requested in the installation step is the best way to ensure that the application installed on your phone can only access what you want.