Skin Cancer Detection Apps Shown Vulnerable to Camera Sticker Hacks, Study Finds

Mobile apps that use AI to spot skin cancer can be fooled by something as simple as a transparent sticker on the camera, a new study shows, raising new concerns about patient safety and the reliability of these tools beyond their digital performance.

The research, led by Junsei Oda and Kazuhiro Takemoto of Kyushu Institute of Technology in Japan and published in Scientific Reports, is the first to demonstrate that commercially available AI-powered skin cancer apps can be manipulated using a physical “adversarial attack,” or in this case, an almost invisible sticker with a subtle printed pattern.

The team focused on three apps that use deep neural networks, which are complex AI systems that analyze images for signs of cancer. Their aim was to test whether a physical camera-based attack, rather than a digital hack or access to the app’s code, could influence results in real-world settings.

“Skin cancer is one of the most prevalent malignant tumors, and early detection is crucial for patient prognosis, leading to the development of mobile applications as screening tools,” the authors wrote. Although deep neural networks “have demonstrated remarkable capabilities,” they also “are known to be vulnerable to adversarial attacks, where carefully crafted perturbations can manipulate model predictions.”

For the study, the researchers trained AI models using a publicly available dataset of 10,000 skin lesion images. To simulate an attack, they then created transparent stickers with patterns of small dots, barely visible to the naked eye, and attached these stickers to mobile device cameras running three popular skin cancer apps.

The results showed that for images of melanoma, which is the deadliest form of skin cancer, the attack success rates reached 50% to 80% across all apps. These attacks worked without visible clues to the user and persisted as long as the sticker was attached. The vulnerability was most pronounced for melanoma images, while images of benign moles were less affected.

“Our results show that these attacks successfully manipulate application predictions, particularly for melanoma images,” the authors wrote.

The study warns that “manipulation could affect diagnostic processes,” potentially leading to missed cancers or unnecessary medical follow-ups. The attack also requires no technical skill and is hard to detect, as transparent stickers are commonly used as protective films on phone cameras.

“These vulnerabilities could be exploited for various malicious purposes,” the authors noted, from insurance fraud and competitive sabotage to simple personal misuse. False negatives could delay diagnosis, while false positives could create patient anxiety and increase unnecessary consultations.

According to the American Cancer Society, more than 100,000 new melanomas will be diagnosed in the U.S. this year, and more than 8,400 people are expected to die from the condition. While the average age of diagnosis is 66, the cancer is one of the most prevalent among those younger than 30. When caught early, nearly every patient survives, but the 5-year survival rate drops to 35% when melanoma metastasizes.

Mobile apps that use AI to diagnose cancers have been suggested as one way to expand access to care for people who live in areas with few specialists or have difficulty securing an appointment, even if some doctors worry about false positives and missed diagnoses.

The findings of this new study “demonstrates the importance of security evaluation in deploying such applications in clinical settings,” the authors wrote.