SECURITY CHALLENGES IN ANDROID MHEALTH APPS PERMISSIONS:ACASE STUDY OF PERSIAN APPS

In this study, Persian Android mobile health (mhealth) applications were studied to describe usage of dangerous permissions in health related mobile applications. So the most frequently normal and dangerous permissions used in mHealth applications were reviewed.

We wrote a PHP script to crawl information of Android apps in “health” and “medicine” categories from Cafebazaar app store. Thenpermission information of these applicationwere extracted.

11627 permissions from 3331 studied apps were obtained. There was at least onedangerous permission in 48% of reviewed apps. 41% of free applications, 53% of paid applications and 71% of in-purchase applications contained dangerous permissions. 1321 applications had writing permission to external storage of phone (40%), 1288 applications had access to read from external storage (39%), 422 applications could read contact list and ongoing calls (13%) and 188 applications were allowed to access phone location (5%).

Most of Android permissions are harmless but significant numberof the apps have at least one dangerous permission which increase the security risk. So paying attention to the permissions requested in the installation step is the best way to ensure that the application installed on your phone can only access what you want