Mobile applications for skin cancer detection are vulnerable to physical camera-based adversarial attacks

Skin cancer is one of the most prevalent malignant tumors, and early detection is crucial for patient prognosis, leading to the development of mobile applications as screening tools. Recent advances in deep neural networks (DNNs) have accelerated the deployment of DNN-based applications for automated skin cancer detection. While DNNs have demonstrated remarkable capabilities, they are known to be vulnerable to adversarial attacks, where carefully crafted perturbations can manipulate model predictions. The vulnerability of deployed medical mobile applications to such attacks remains largely unexplored under real-world conditions. Here, we investigate the susceptibility of three DNN-based medical mobile applications to physical adversarial attacks using transparent camera stickers under black-box conditions where internal model architectures are inaccessible. Through digital experiments with various DNN architectures trained on a publicly available skin lesion dataset, we first demonstrate that camera-based adversarial patterns can achieve high transferability across different models. Using these findings, we implement physical attacks by attaching optimized transparent stickers to mobile device cameras. Our results show that these attacks successfully manipulate application predictions, particularly for melanoma images, with attack success rates reaching 50--80% across all applications while maintaining visual imperceptibility. Notably, melanoma images showed consistently higher vulnerability compared to nevus images across all tested applications. To the best of our knowledge, this is the first demonstration of real-world adversarial vulnerabilities in deployed medical mobile applications, revealing significant security concerns where prediction manipulation could affect diagnostic processes. Our study demonstrates the importance of security evaluation in deploying such applications in clinical settings.