Every time you install an app, it asks for certain permissions, such as access to the camera, microphone, accessibility features, contacts, messages, and network. Some of these permissions are essential to the operation of the app, while others may be unrelated. If you have a habit of allowing all the permissions the app asks for, you could be putting your phone’s privacy and security at risk.
Some Android app permissions are dangerous: they potentially allow malicious apps to monitor your activity, capture images, record audio, track your location, display fake login screens, read and delete stored data, and even install other third-party apps. It’s not that these permissions are difficult to manage or revoke. But many people simply ignore them, assuming that Android will handle permissions automatically.
Keep in mind that not all apps requesting these permissions are malicious. Even the most secure ones require a certain set of permissions to work effectively on your smartphone. For example, a scanner app needs access to the camera, and that’s something you’ll need to allow. But if a calculator asks the same thing, that’s a cause for concern, because that particular permission isn’t tied to the app. This is not about denying all permissions, but about identifying those that are unrelated. At the same time, some permissions should be treated with more caution, because accessing them can allow a malicious app to exploit your phone’s data or potentially turn it into a tracking device.
Access accessibility
Accessibility features on Android are designed to help people with disabilities interact with their smartphones. For example, reading on-screen text aloud falls into this category and is useful for a few applications. But for others, especially those with malicious intent, these permissions can be dangerous. An untrusted app with accessibility access can monitor screen activity, identify taps, read messages, and interact with other apps. This means it can allow the app to hack your passwords as you type, carry out transactions on your behalf, make purchases, and even change device settings. Additionally, with such permissions, you allow malware to spread on your device without detection, as the untrusted application can approve changes without explicit user approval.
That said, it’s important to realize that some apps need these permissions to streamline your Android experience, especially for people who are hearing or visually impaired. But these permissions should never be given to apps that don’t help you meet your accessibility needs, for example a game or any app you don’t trust or don’t remember installing. To check which apps have Accessibility access, open your Android Settings, go to Accessibility, and tap Installed Apps or Installed Services. Check the list of apps and services, and if you find any that ideally shouldn’t have accessibility access, tap the app and turn off the corresponding toggle.
Overlay or appear on top
Another app permission that you need to be very careful about is overlay access. Depending on your smartphone, this may be called “Appear on top”, “Show on other apps” or “Draw on other apps”, but it’s always the same thing. The permission allows apps to place content on top of another active app. It is not dangerous in itself, but when handled carelessly and allowed for suspicious applications, it becomes a major risk.
For example, a messaging app will use overlay access to display chat bubbles on top of active apps. Similarly, an Android music app aimed at audiophiles can use the overlay feature to place controls over other apps. Everything is fine. The problems start when a harmful app gains access to the overlay feature, as this allows it to place fake login screens on top of your banking app or social media. It could also place transparent overlays, tricking the user into downloading malware-infected files, granting other critical permissions, or sharing sensitive data. It is therefore important not to grant overlay access to untrusted applications.
To check which apps currently have overlay permissions, open Settings, go to Apps, tap the ellipsis at the top right, choose Special access, and tap Appear at the top (or whatever it’s called on your phone). Now go through the list, identify any app you don’t trust and disable overlay permissions for all these apps.
Install unknown apps
One of the things you should never do on your Android phone is install apps from unknown sources unless you know where you downloaded the APK file from. This is a major security risk, according to CISA. This is why the feature is disabled by default. But Android includes a permission that grants this privilege to apps and allows them to install unknown apps. When enabled, the app can install apps from sources other than the Google Play Store. This could threaten the security and privacy of your smartphone and compromise stored data.
Even if it’s not malicious, letting apps install other apps from unknown sources isn’t the smartest idea. First, it can add apps that you don’t even need, taking up a significant portion of the smartphone’s storage and system resources. Additionally, when an app is installed via this route, it can often be difficult to erase all traces of it later. So it’s best to avoid this, at least for apps and sources you don’t trust. To check these permissions, go to Apps under Settings, tap the ellipsis, select Special access, then choose Install unknown apps. If an app has access to this feature, revoke its permissions.
Access to usage data
Access to usage data is another risky app permission that you should pay attention to. When an app has this permission, it can identify your service provider and language settings. Additionally, it can monitor your activity, including what other apps you use, how often you use them, and how much time you spend on each one. While it may not seem alarming at first, the permission allows apps to create a profile of you, revealing your habits and daily routine.
For example, the app will know when you open banking apps, what parts of the day you spend on social media platforms, and when you typically use e-commerce services, as well as how much time you spend on each. This information may then be sold to advertisers and data collection companies to deliver targeted advertisements.
To check which apps have access to usage data, open Settings, then Apps, select Special access from the ellipsis menu, and tap Usage data access. Go through the list of apps that ideally should not collect such data and disable their functionality.
Contacts and SMS access
Allowing apps to access contacts and text messages can pose serious privacy risks. Let’s start with the contacts. It’s not just phone numbers, but also names, email addresses and connections. This is sensitive information that must not fall into the wrong hands. When you allow apps to access contacts, they can harvest this data and sell it to third parties. Many lending apps also use this information to harass and extort money from victims.
SMS messages also contain sensitive data that should not be shared with random apps, for example a photo editing app. SMS messages contain everything from personal conversations to banking OTPs, which can be misused by apps. For example, a harmful application can intercept your bank’s OTPs to process unauthorized transactions. Additionally, if a malicious app somehow becomes the default messaging app, it is that much more dangerous. So you need to be very careful with app permissions on Android.
To check which apps have access to Contacts and SMS, open Apps under Settings, tap the ellipsis, select Permissions Manager, then go through the Contacts and SMS sections and disable all untrusted apps from the list. Finally, remember that not all permissions are inherently dangerous. It always depends on the individual app requesting permission or already having it. The same permission that is perfect for one app can pose a major risk when granted to another. So, get in the habit of only granting permissions that match the app’s core functionality. Everything else is best avoided.