Android phones have privileges and permissions that control which areas of your phone a given app can access. There are permissions that you — the user can turn off, and there are also mandatory permissions that you are not allowed to disable (this is a failure to respect users’ preferences, but that’s a topic for another day).
If you turn on a permission for an app (for example: Contacts for Telegram), then you are allowing that app access to your contacts. If you turn off a permission, the operating system (OS) will enforce that by blocking the app from accessing that part of your phone.
There are also ‘opt-out‘ requests which are not enforced by your phone, but are instead a instruction to apps that informs them of your preferences. Apps on Android ask for permissions and you can decide whether you want to grant them the former variety of permissions. Existing permissions do help you to protect your privacy on Android, but users should have the ability to turn off more of them.
Please bear in mind that this article does not cover all permissions, only certain permissions that I have researched and found to be of significance to your privacy and security.
The vast majority of apps request several permissions. However, making a habit of reviewing them and choosing apps with less of them goes a long way towards protecting your privacy online.
The following instructions are for Android versions 9 and 10.
How To View App Permissions On Android
To see which permissions an app has if it is already installed (on Android 9 and 10), tap and hold the app until a context menu appears, then tap ‘App Info’ and scroll down to ‘Permissions’ and tap it. Alternatively, you can swipe down from the top of the screen, tap the settings icon (looks like a gear in the top right corner of the screen) then tap ‘Privacy’ followed by ‘Permission manager’.
This will list adjustable permissions and show you how many apps have access to each of them. For practice, tap one (like ‘call logs’) and then tap one of the apps under the ‘Allowed’ heading. Then you’ll see the option to turn it off.
On that screen you will see the permissions that you can switch on or off. Tap the three dots in the top right corner of the screen and a context menu will pop up, then tap ‘All permissions’. This displays all permissions, including the ones you can switch off, and the ones you can’t. There you will see not only the most invasive of the permissions, but also that you are not given the option to turn most of them off! Still turn off the ones that you aren’t comfortable with on the previous screen.
How To View App Permissions Before You Install (On Google Play)
You can view app permissions before installing them in the Google Play store by going to the app’s page (in the Google Play app on Android), tap ‘About this app’, then scroll down to the bottom and tap ‘See More’ to the right of ‘App Permissions’.
Permissions You Can Switch Off
If an app asks for the ‘contacts’ permission, it will be able to see all your contacts. This means it will be able to determine who your friends and family are. The app might also link you and your friends’ activity (if they use the same app) using your contacts. This, along with other permissions (in the case of many apps) used to build a profile on you.
Find Accounts On This Device
The ‘find accounts on this device’ permission falls under ‘Contacts’ and it enables apps to see which accounts are on your device. These could include your Gmail, Telegram, Facebook, Reddit, Twitter, WhatsApp, and many other apps you may have logged into on your phone.
The ‘location’ permission enables an app to obtain your current location. Your location could be useful if you’re trying to get an Uber ride, or a malicious app could use it to stalk you.
The ‘storage’ permission enables an app to view or modify the contents of your phones internal storage such as photos, videos, or other files you may have saved to the phone. This puts sensitive information at risk (for example: pictures of photo IDs or documents containing credentials and card numbers).
The ‘camera’ permission enables an app to access your camera. This means it can switch on the camera and see you or your surroundings. This can also be done without your knowledge.
The ‘microphone’ permission enables an app to turn on your microphone and listen to what you are saying. Apps have been accused of abusing this permission by listening to users’ conversations, even if they are not on their phones.
The ‘calendar’ permission enables apps that have it to see what’s on your calendar or edit it. If you add most or all of your daily activities on it, then apps with that permission will be able to see what you’re doing throughout the day, week, month, and year.
The ‘call logs’ permission enables apps to see your phone call history.
Permissions highlighted in red pose a high risk of hacking, data theft, data loss, or phone damage.
Change System Settings
The ‘change system settings’ permission enables the app to make changes to your phone settings. This risky permission is almost never needed and should therefore not be granted to any app (with very few exceptions).
Administrative or Accessibility Privileges
These privileges are not officially in the ‘permissions’ category, but they allow apps full access to your phone. This enables hackers to take over your phone completely and steal all data, damage your phone, or do anything else they please. This permission should not be granted to any app unless you’re using one of very few tools (such as an anti-malware app) that need it.
Usage Data Access
Found under the ‘Special access‘ section, the usage data access permission is not in the same permission section described above. To find it, you would go to Settings > Apps > The three dots in the top right-hand corner of the screen and then tap ‘Special access‘. Scroll down, tap ‘Usage data access’, and find the app(s) that you want to bar from accessing that data. Tap the app and then switch off ‘Allow usage tracking’.
Usage tracking allows apps to monitor which apps you are using, how often you use them, other your usage data, your service provider, and language settings.
Permissions You Cannot Switch Off
Just a reminder that not all permissions are covered here, just key ones.
Retrieve Running Apps
The ‘retrieve running apps’ permission enables an app to see what other apps you have running on your phone. This is a potential way to spy on competitors’ apps or see what you’re using.
Read Phone Status And Identity
The ‘read phone status and identity’ permission enables an app to get your phone number, your device ID, and some call details. Via data sharing arrangements, an app vendor can build a profile on you (identify you using data from other companies) with the help of your phone number.
Please take a look at my privacy guide for more information about protecting your privacy on Android and most other devices.