Security challenges in android mHealth apps permissions: A case study of Persian apps

Introduction: In this study, Persian Android mobile health (mhealth) applications were studied to describe usage of dangerous permissions in health related mobile applications. So the most frequently normal and dangerous permissions used in mHealth applications were reviewed.Material and Methods: We wrote a PHP script to crawl information of Android apps in “health” and “medicine” categories from Cafebazaar app store. Then permission information of these application were extracted.Results: ۱۱۶۲۷ permissions from ۳۳۳۱ studied apps were obtained. There was at least one dangerous permission in ۴۸% of reviewed apps. ۴۱% of free applications, ۵۳% of paid applications and ۷۱% of in-purchase applications contained dangerous permissions. ۱۳۲۱ applications had writing permission to external storage of phone (۴۰%), ۱۲۸۸ applications had access to read from external storage (۳۹%), ۴۲۲ applications could read contact list and ongoing calls (۱۳%) and ۱۸۸ applications were allowed to access phone location (۵%).Conclusion: Most of Android permissions are harmless but significant number of the apps have at least one dangerous permission which increase the security risk. So paying attention to the permissions requested in the installation step is the best way to ensure that the application installed on your phone can only access what you want.