π Audit App Permissions
Take Control of Your Privacy
Learn how to systematically review and revoke excessive app permissions on Android. Discover which apps have access to your camera, microphone, location, contacts, and moreβthen take back control of your data.
Why App Permissions Matter
Every app you install requests permissions to access different parts of your device. While some permissions are necessary for the app to function, many apps request far more than they need.
π¨ Common Permission Abuse Examples
- Flashlight apps requesting access to your contacts and location
- Photo editing apps wanting to access your microphone and call logs
- Games requesting camera and location access for "better experience"
- Social media apps accessing everything (camera, mic, location, contacts, storage)
What apps can do with permissions:
- Camera: Take photos/videos without your knowledge
- Microphone: Record audio conversations
- Location: Track your movements 24/7
- Contacts: Upload your entire contact list to their servers
- Storage: Read all your files, photos, and documents
- Phone: See who you call and when
- SMS: Read your text messages
Understanding Android Permissions
π― Permission Types
| Permission | What It Allows | Risk Level |
|---|---|---|
| Camera | Take photos and videos | π΄ High |
| Microphone | Record audio | π΄ High |
| Location | Access precise or approximate location | π΄ High |
| Contacts | Read and modify your contacts | π Medium |
| Phone | Make calls, see call logs | π Medium |
| SMS | Read, send, and receive text messages | π΄ High |
| Storage | Read and write files on your device | π Medium |
| Calendar | Read and modify calendar events | π‘ Low |
| Body Sensors | Access health data (heart rate, steps) | π‘ Low |
β° Permission Timing Options (Android 11+)
- Allow all the time: App can access even when not in use (β οΈ avoid this)
- Allow only while using the app: Access only when app is open (β recommended)
- Ask every time: Prompt each time app needs access (β most secure)
- Don't allow: Completely deny access (β use when possible)
Before You Start
What You'll Need:
- Android device running Android 6.0 or newer
- 20 minutes of uninterrupted time
- List of all your installed apps (we'll review them)
π Audit Strategy
We'll review permissions in two ways:
- By app: See all permissions for each app
- By permission: See which apps have access to camera, mic, etc.
Both approaches are important for a complete audit.
Step-by-Step Instructions
Open Settings
Open your device's Settings app. You can find this in your app drawer or by swiping down and tapping the gear icon.
β You should see: Main Settings screen with search bar and menu options
Navigate to Apps
Scroll down and tap on "Apps" (may also be called "Applications" or "App management" depending on your device).
β You should see: List of recently opened apps and "See all apps" option
View All Apps
Tap "See all apps" or "App info" to see your complete list of installed apps. You'll see all apps sorted alphabetically.
β You should see: Scrollable list of all installed apps with icons and names
Select an App to Audit
Let's start with a social media app (like Facebook, Instagram, or TikTok) since these typically request many permissions. Tap on the app to open its info page.
β You should see: App info page with storage usage, permissions, and other details
Review App Permissions
Tap on "Permissions" to see all permissions this app has requested. You'll see two sections:
- Allowed: Permissions you've granted
- Not allowed: Permissions you've denied or the app hasn't requested
π© Red Flags to Watch For
Ask yourself: "Does this app NEED this permission to function?"
- Photo editor with microphone access (why?)
- Flashlight with location access (suspicious)
- Game with contacts access (data harvesting)
- Any app with "Allow all the time" location (excessive)
Revoke Unnecessary Permissions
Tap on a permission you want to revoke (like Camera). You'll see timing options. Change from "Allow all the time" or "Allow only while using the app" to "Don't allow" or "Ask every time".
β Permission Revoked!
The app can no longer access this feature without asking. If the app truly needs it, it will prompt you when you try to use that featureβthen you can decide if it's legitimate.
Audit by Permission Type
Now let's check which apps have access to sensitive permissions. Go back to Settings β Apps, then tap "Permission manager" (may be under a menu or "Advanced" section).
Tap on "Camera", "Microphone", or "Location" to see which apps have access. Review each one and revoke access for apps that don't need it.
β You should see: List of all permission types (Camera, Location, Microphone, etc.) with number of apps that have each permission
Permission Decision Framework
β When to ALLOW a Permission
- Camera app needs camera access (obviously)
- Maps app needs location access (for navigation)
- Voice recorder needs microphone access (core function)
- Messaging app needs contacts access (to find friends)
- Banking app needs phone permission (for 2FA via SMS)
β When to DENY a Permission
- Flashlight requesting location or contacts (no reason)
- Game requesting camera or microphone (unless it's a photo/video game)
- Weather app requesting contacts (data harvesting)
- Any app requesting "Allow all the time" location (excessive)
- Calculator requesting anything beyond storage (suspicious)
β οΈ When to Use "Ask Every Time"
- Social media camera access (only when posting photos)
- Ride-sharing location access (only when booking rides)
- Shopping apps location access (only for store locator)
π‘ The "Broken App" Test
If you're unsure about a permission, revoke it and see what breaks. If the app stops working or prompts you for the permission, you'll know it's necessary. If nothing changes, the permission was unnecessary.
High-Priority Permissions to Audit
π₯ Camera & Microphone
Why it matters: Apps can record you without indication.
Who should have it: Camera apps, video calling apps, social media (when posting)
Who shouldn't: Games, flashlights, utilities, most apps
π Location
Why it matters: Tracks your movements 24/7.
Who should have it: Maps, ride-sharing, weather (while using only)
Who shouldn't: Most apps, especially "Allow all the time"
π± Phone & SMS
Why it matters: Can see who you call and read your texts.
Who should have it: Phone/messaging apps, banking (for 2FA)
Who shouldn't: Social media, games, most apps
π₯ Contacts
Why it matters: Apps upload your entire contact list.
Who should have it: Messaging apps, email apps
Who shouldn't: Games, utilities, most apps
π Storage/Files
Why it matters: Can read all your photos and documents.
Who should have it: File managers, photo apps, backup apps
Who shouldn't: Apps that don't need to save/load files
π¨ Spyware Red Flags
If you see an app with these permission combinations, investigate further:
β οΈ Suspicious Permission Patterns
- Unknown app with camera + microphone + location (classic spyware)
- System-sounding app you don't recognize (e.g., "System Update", "Device Care")
- App with generic icon requesting sensitive permissions
- App you didn't install (someone else may have installed it)
- Accessibility service enabled for unknown apps (can control your device)
If you find suspicious apps: Don't uninstall immediately if you're in dangerβfollow our spyware removal guide for safe removal.
Troubleshooting
β I revoked a permission and now the app is broken
Simply go back and re-enable the permission. The app will work normally again. This confirms the permission was necessary.
π± App keeps asking for permission I denied
This is normal. If the app truly needs the permission, it will ask each time. If it's annoying, consider:
- Granting "Only while using the app" instead of denying completely
- Finding an alternative app that doesn't require that permission
- Uninstalling the app if it's too pushy
π Can't find "Permission manager"
On some devices, it's under:
- Settings β Privacy β Permission manager
- Settings β Apps β Advanced β Permission manager
- Settings β Security & privacy β Permission manager
βοΈ Some permissions can't be revoked
System apps and pre-installed apps may have permissions you can't revoke. This is normal, but you can:
- Disable the app if you don't use it
- Use NetGuard to block its internet access
- Contact your device manufacturer about removing bloatware
What's Next?
You've now audited and restricted app permissions. This significantly reduces your attack surface and data collection. But there's more you can do:
π― Recommended Next Steps
- Set a monthly reminder to re-audit permissions (apps update and request new ones)
- Review Privacy Settings (next guide) to lock down system-level tracking
- Use NetGuard to block apps from internet access entirely
- Check for spyware if you found suspicious apps with excessive permissions
