How App Permissions Work & Why You Should Care [Android]

Ads by Google

android app permissionsAndroid forces apps to declare the permissions they require when they install them. You can protect your privacy, security, and cell phone bill by paying attention to Android app permissions when installing those apps – although many users don’t.

Malicious apps can’t send premium-rate SMS messages or snoop on your personal information without asking permission – unless there’s a security vulnerability, of course. Often, people that install malicious apps could have noticed the problem by staying vigilant over Android app permissions.

Permissions Explained

Every app declares its permissions when you install it. It doesn’t request permissions — you can’t actually control these permissions. The app tells you what it requires, and you can take it or leave it. Android apps must declare permissions for nearly everything, from Internet access and writing to the SD card to monitoring your location and sending SMS messages.

You’ll see a list of these permissions when installing apps from Google Play. You can tap each type of permissions to get more detailed information. A similar screen appears when you sideload apps or install them from a third-party app store.

android app permissions

Here we see that Path requests access to your Contacts data. Path was recently in the hot seat for secretly uploading contacts data from Android and iOS devices. Android users had some warning that Path could do this by virtue of its permissions, while iOS users had no idea.

app permission android

Ads by Google

Apple’s iOS lets apps read contacts without requesting any sort of permission and investigations found that a large amount of iOS apps upload users’ address books. Users may have assumed Apple’s app store review process would protect them, but this incident shows the advantage of using Android app permissions instead of relying on a review process.

The Problem With Permissions

Permissions are great – in theory. The problem is that most Android users had no idea Path was doing this either. For many users, permissions have unfortunately become like a EULA – something to quickly tap through when installing apps. This isn’t helped by the way permissions are presented, placing everything from accessing the Internet to sending premium-rate SMS messages in the same list.

Every app ask seems to ask for permissions. Even installing Angry Birds requires allowing access to your device’s ID and location. Angry Birds requests these to target ads, but this trains users to agree to permissions requests and makes permissions seem less serious, with problematic permissions blending in.

app permission android

Automatic Updates vs. Manual Updates

Android can automatically update your apps, saving you time. Every now and then, however, you’ll see that an app can’t automatically update.

app permission android

Whenever you see an app that requires manual updates, it’s because the app requires additional permissions. Usually, the app’s developers added a new feature that requires a new permission.

application permission android

Theoretically, this is supposed to protect you from an app’s developers “going rogue” and updating a harmless app with malicious features. However, most users probably tap through the message without examining the new permission. You’ll see a “New” indicator next to each new permission.

application permission android

Viewing App Permissions

Android also allows you to view the permissions of your installed apps. To do so, tap the Menu button, tap Settings, tap Applications, and tap Manage Applications. Tap an installed app in the list and scroll down to the view the permissions it requires.

application permission android

Scanning App Permissions

The built-in way to view Android app permissions is a bit slow and tedious if you’re reviewing a lot of apps. To make this faster, install an app like aSpotCat. aSpotCat scans your installed apps and categorizes them by the permissions they require.

how app permissions work

Avast! Mobile Security, a well-reviewed Android antivirus app, also includes its own permissions scanner, named the Privacy Advisor.

how app permissions work

Restricting App Permissions

There’s no way to restrict app permissions by default. However, if you’ve rooted your Android device, you can install an app like Permissions Denied. This app allows you to revoke permissions from an installed app. Many apps will continue working if you revoke a permission, although some may force close (crash) when they attempt to use the permission.

android app permissions

There are other cool things you can do with a rooted Android, too.

How much attention do you pay to Android app permissions? Do you ignore them, or do you hunt for apps requiring the least permissions? Leave a comment and let us know.

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Best Android Phones
Best Android Phones
4 Members
Best Android Games
Best Android Games
15 Members
Best Android Apps
Best Android Apps
20 Members
Android Rooting and ROMs
Android Rooting and ROMs
25 Members
Android OS Tips
Android OS Tips
21 Members
Android Rumors and News
Android Rumors and News
8 Members
Best Android Tablets
Best Android Tablets
3 Members
Ads by Google
Comments (34)
  • james

    Id love to see an option to filter apps by permisions in the google store , or even know that if i paid for the preimium version that i could opt out of the whole data mining in exchange for apps idea.

  • Old Poor Richard

    Can anyone explain why we can’t simply have a REAL sandbox? A virtual Android operating system running on top of the real one that simply lies to every app, giving the app access to a fake GPS, a false identity and phone number, empty contact lists and calendars, a virtualized network (connects to the internet but returns spoofed information), an SMS system that sends texts nowhere, a camera that takes black pictures (but still can light up the flash LED), a completely empty storage space, etc.

  • Nolimit

    What do you think about the new movie America? Do you think the government has permissions to access anyone’s phone today through these permissions?

  • Andrew

    Hi sir,
    My friend’s phone is texting messages to a foreign number nowadays without user permission. Could you give me some tips that’d be useful while we’re trying to solve the problem? Might it be an application maybe sending the messages? We talked to gsm provider company support, they told us the messages are sent to a chat channel. We wanted them to cancel the operation, they couldn’t help us (this is so sad to hear from support). Maybe you can give us some useful knowledge?

    • Chris Hoffman

      Definitely an app. You might want to wipe the phone to its factory state (in case it’s malware) and be careful when installing apps with SMS permissions.

      You can try installing an app like aSpotCat and looking for the installed apps which have SMS permissions. Apps must have these permissions to send these messages, so that will help narrow it down for you.

      Luckily, Android 4.2 has built-in features that won’t allow sending these messages in the background.

  • Juan Carlos Espinosa Agudelo

    Hey Chris, my mom just got an Asus Transformer TF300T with Jellybean on it.

    Now, I haven’t used any device with Android before(I mostly use my laptop or PC, so I haven’t seriously thought of getting myself an expensive smartphone or tablet), so when my mom asked me to help her out with the tablet because a lot of functions weren’t working and she couldn’t install apps, I decided to look and she pointed out why she wasn’t using anything:
    She saw all the permissions the apps were requesting and got scared by them.

    Now, I don’t think that’s a bad thing(like this article shows), but is there any way to make sure of what the app’s doing with the permission, before downloading them? Or is there anything I could tell my mom to worry 0.1% less?

    • Chris Hoffman

      You can’t really verify what an app is doing with the permissions, unfortunately. Installing well-known apps is a good option, like I mentioned above — Amazon Kindle is probably safer than Joe’s l33t Reading App with 10 downloads.

      Bear in mind that apps you install in Windows get full access to your entire computer. If Windows used the same notification system, you’d be installing an application on your desktop and see a message that “This application has the permissions to view all your data, delete files on your hard drive without your permission, etc” — because Windows gives every app full permissions. Android at least tries to limit permissions more, although app developers often ask for too many permissions.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.