How Android App Permissions Work and Why You Should Care

Chris Hoffman 21-05-2012

android app permissionsAndroid forces apps to declare the permissions they require when they install them. You can protect your privacy, security, and cell phone bill by paying attention to Android app permissions when installing those apps – although many users don’t.


Malicious apps can’t send premium-rate SMS messages or snoop on your personal information without asking permission – unless there’s a security vulnerability, of course. Often, people that install malicious apps could have noticed the problem by staying vigilant over Android app permissions.

Permissions Explained

Every app declares its permissions when you install it. It doesn’t request permissions — you can’t actually control these permissions. The app tells you what it requires, and you can take it or leave it. Android apps must declare permissions for nearly everything, from Internet access and writing to the SD card to monitoring your location and sending SMS messages.

You’ll see a list of these permissions when installing apps from Google Play. You can tap each type of permissions to get more detailed information. A similar screen appears when you sideload apps How to Download & Install Non-Market Google Android Mobile Apps Read More or install them from a third-party app store How to Download and Update Apps on Android Phones and Tablets Wondering how to download apps on Android? Need to install an update for an Android app? Here are the basics of installing and updating Android apps. Read More .

android app permissions

Here we see that Path requests access to your Contacts data. Path was recently in the hot seat for secretly uploading contacts data Apple Responds To Privacy Risks Concerning Access To Contact Data [News] Read More from Android and iOS devices. Android users had some warning that Path could do this by virtue of its permissions, while iOS users had no idea.


app permission android

Apple’s iOS lets apps read contacts without requesting any sort of permission and investigations found that a large amount of iOS apps upload users’ address books. Users may have assumed Apple’s app store review process would protect them, but this incident shows the advantage of using Android app permissions instead of relying on a review process.

The Problem With Permissions

Permissions are great – in theory. The problem is that most Android users had no idea Path was doing this either. For many users, permissions have unfortunately become like a EULA 8 Ridiculous EULA Clauses You May Have Already Agreed To Here are some of the most ridiculous terms and conditions in the EULAs of popular services. You may have already agreed to them! Read More – something to quickly tap through when installing apps. This isn’t helped by the way permissions are presented, placing everything from accessing the Internet to sending premium-rate SMS messages in the same list.

Every app ask seems to ask for permissions. Even installing Angry Birds 8 Awesome Angry Birds Videos For The Addicted I hate to admit it but I'm a little addicted to Angry Birds. I know many people hate the game in all its different iterations - it's for casual gamers, it sucks, it's pointless -... Read More requires allowing access to your device’s ID and location. Angry Birds requests these to target ads, but this trains users to agree to permissions requests and makes permissions seem less serious, with problematic permissions blending in.


app permission android

Automatic Updates vs. Manual Updates

Android can automatically update your apps, saving you time. Every now and then, however, you’ll see that an app can’t automatically update.

app permission android

Whenever you see an app that requires manual updates, it’s because the app requires additional permissions. Usually, the app’s developers added a new feature that requires a new permission.


application permission android

Theoretically, this is supposed to protect you from an app’s developers “going rogue” and updating a harmless app with malicious features. However, most users probably tap through the message without examining the new permission. You’ll see a “New” indicator next to each new permission.

application permission android

Viewing App Permissions

Android also allows you to view the permissions of your installed apps. To do so, tap the Menu button, tap Settings, tap Applications, and tap Manage Applications. Tap an installed app in the list and scroll down to the view the permissions it requires.


application permission android

Scanning App Permissions

The built-in way to view Android app permissions is a bit slow and tedious if you’re reviewing a lot of apps. To make this faster, install an app like aSpotCat. aSpotCat scans your installed apps and categorizes them by the permissions they require.

how app permissions work

Avast! Mobile Security Avast! Introduces Free Mobile Security App For Android 2.1+ [News] There are plenty of free mobile security apps available for Android. The market seems to be filled to the brim with them. Yet it’s hard to say if they’re trustworthy because often they’re developed by... Read More , a well-reviewed Android antivirus app The 3 Best Antivirus Apps To Protect Your Android Security As we’ve reported frequently at MakeUseOf, Android is no longer safe from malware. The number of threats is on the rise. This shouldn’t be surprise to anyone. Smartphones and tablets can carry all sorts of... Read More , also includes its own permissions scanner, named the Privacy Advisor.

how app permissions work

Restricting App Permissions

There’s no way to restrict app permissions by default. However, if you’ve rooted your Android device How To Root Your Android Phone With SuperOneClick Read More , you can install an app like Permissions Denied. This app allows you to revoke permissions from an installed app. Many apps will continue working if you revoke a permission, although some may force close (crash) when they attempt to use the permission.

android app permissions

There are other cool things you can do with a rooted Android 3 Cool Things You Can Do With A Rooted Android Phone By now you will know that there are a bunch of us here at MakeUseOf that love Android phones. Paul's article on writing an Android app is a good example of how thoroughly we dig... Read More , too.

How much attention do you pay to Android app permissions? Do you ignore them, or do you hunt for apps requiring the least permissions? Leave a comment and let us know.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Marlene Mori
    May 16, 2018 at 11:08 am

    I was just asking the question why does Facebook need permission for storage what is it used for and what happens if I turn it off and deny it?

  2. 01in
    October 29, 2017 at 5:19 pm

    I was searching the question of why so many Android Apps need permissions for things that are not part of the apps ostensible purpose. A calculator app needs your location, really.

    FWIW I have book marked this site.

    That various Android features that are extraneous to the App's function even get requested / are integral the the App 's installation, is outrageous. That app permissions are difficult to change is just insulting.


  3. vinayak
    August 8, 2017 at 7:10 am

    Hi Chris,

    Can u please help me with this , will there be any effect on Auto Update of App even if I add non dangerous permission, or it will be effected only if I add some dangerous permission?

  4. vinayak
    August 8, 2017 at 7:07 am

    Hi Chris,

    Thanks for your such important information.
    On Automatic and Manual update, I needed your help to know if Android Auto update will be stopped on adding non dangerous permission also, or it stops only if added some dangerous permission.

  5. Eddie turner
    February 23, 2017 at 1:54 pm

    Reading your article because of like concerns, and yes I seek the least invasive apps. Concerned about trends in app development, and user options to avoid the loss of privacy while maintaining access to the benefits of software-hardware "advances". Have 10 brothers and 3 sisters, don't need a "Big Brother".

  6. ctay
    December 30, 2016 at 12:49 pm

    what do you do when an app is already installed on your phone? how do you get rid of it?

  7. ctay
    December 30, 2016 at 12:48 pm

    what do you do when the app is pre-installed on your phone? How do you get rid of it?

  8. boopl
    October 25, 2016 at 4:00 am

    I pay attention! I want to put in a grammer checking app but its asking for Other?" abd when I read the info it's a bunch o mumbo jumbo. So that raiseses red flags, lots of them. Poor silly people,they really shouldn't click things mindlessly.

  9. Gloria Alleyne
    October 8, 2016 at 7:52 am

    I am at big odds with all these permissions that are needed to receive a service or game. I do not agree with my information nor my contacts or any of my private information to be at anybodys reach! Nobody business but my own. There should be an none intrusive way for the companies to get their marketing done within the expense of our privacy. The way it is limits me to most services. I want & need to feel safe. Therefore I am not using the full potential of this Android tablet. I wish I had a choice.

  10. marzuk
    September 1, 2016 at 7:58 pm

    using permissions , App developer have access to our personal data ? for example , app developer can download contents from our SD card ? or enable Wi-fi ?

    June 22, 2016 at 6:44 am

    A friend told me to watch app request and i have. Other people vot into my lhone and downloaded bad apps. I need to get my ueula back so i can learn and study..

  12. Svelt
    June 9, 2016 at 7:39 pm

    I don't even install apps anymore. Almost all of them seem to require access to everything and god knows what they do with it. I really don't like have smart phones have evolved. they should pay me to get access to all this information. I am looking at dumb phones now.

  13. Verne Jacobs
    March 13, 2016 at 2:00 pm

    Why doesn't Google at least specify what basic permissions a camera app or a keyboard app for example, needs in order to function and then invite the developers to explain the ones that aren't necessary.
    If this were mandatory the focus would be where it should be --- on the permissions requests which might be intrusive.
    While I know there are many decent developers who are above board, this stuff about trusting the developers with personal information amounts to idyllic wishful thinking.

  14. bm
    February 16, 2016 at 11:57 pm

    both of those apps you suggested (aSpotCat and Avast) need permission to basically see everything in your phone.....isn't the point to stay away from those

  15. Anonymous
    January 22, 2016 at 10:59 pm

    Blackberry is doing a nice work indeed about this issue. How big a deal do you think it is to buy a Blackberry phone?

  16. Virginia
    December 27, 2015 at 1:11 am

    Hi Chris,
    I have a new Android and can't seem to do anything without Google getting into play. (A play on words!) Once Google gets involved, it wants you to sign in to sites (Youtube, for example) via Google. That might not be so bad, but Google also wants users to provide credit card information in case any charges are incurred from a third party! Is anyone really comfortable with that? Are there good alternatives to Google? Is there a way to block Google, or would that be too limiting?

  17. james
    April 5, 2015 at 9:58 am

    Id love to see an option to filter apps by permisions in the google store , or even know that if i paid for the preimium version that i could opt out of the whole data mining in exchange for apps idea.

  18. Old Poor Richard
    March 28, 2015 at 3:36 pm

    Can anyone explain why we can't simply have a REAL sandbox? A virtual Android operating system running on top of the real one that simply lies to every app, giving the app access to a fake GPS, a false identity and phone number, empty contact lists and calendars, a virtualized network (connects to the internet but returns spoofed information), an SMS system that sends texts nowhere, a camera that takes black pictures (but still can light up the flash LED), a completely empty storage space, etc.

  19. Nolimit
    December 15, 2014 at 5:22 pm

    What do you think about the new movie America? Do you think the government has permissions to access anyone's phone today through these permissions?

  20. Andrew
    November 1, 2012 at 6:46 pm

    Hi sir,
    My friend's phone is texting messages to a foreign number nowadays without user permission. Could you give me some tips that'd be useful while we're trying to solve the problem? Might it be an application maybe sending the messages? We talked to gsm provider company support, they told us the messages are sent to a chat channel. We wanted them to cancel the operation, they couldn't help us (this is so sad to hear from support). Maybe you can give us some useful knowledge?

    • Chris Hoffman
      November 7, 2012 at 5:26 pm

      Definitely an app. You might want to wipe the phone to its factory state (in case it's malware) and be careful when installing apps with SMS permissions.

      You can try installing an app like aSpotCat and looking for the installed apps which have SMS permissions. Apps must have these permissions to send these messages, so that will help narrow it down for you.

      Luckily, Android 4.2 has built-in features that won't allow sending these messages in the background.

  21. Juan Carlos Espinosa Agudelo
    October 18, 2012 at 7:58 pm

    Hey Chris, my mom just got an Asus Transformer TF300T with Jellybean on it.

    Now, I haven't used any device with Android before(I mostly use my laptop or PC, so I haven't seriously thought of getting myself an expensive smartphone or tablet), so when my mom asked me to help her out with the tablet because a lot of functions weren't working and she couldn't install apps, I decided to look and she pointed out why she wasn't using anything:
    She saw all the permissions the apps were requesting and got scared by them.

    Now, I don't think that's a bad thing(like this article shows), but is there any way to make sure of what the app's doing with the permission, before downloading them? Or is there anything I could tell my mom to worry 0.1% less?

    • Chris Hoffman
      October 20, 2012 at 8:51 pm

      You can't really verify what an app is doing with the permissions, unfortunately. Installing well-known apps is a good option, like I mentioned above -- Amazon Kindle is probably safer than Joe's l33t Reading App with 10 downloads.

      Bear in mind that apps you install in Windows get full access to your entire computer. If Windows used the same notification system, you'd be installing an application on your desktop and see a message that "This application has the permissions to view all your data, delete files on your hard drive without your permission, etc" -- because Windows gives every app full permissions. Android at least tries to limit permissions more, although app developers often ask for too many permissions.

  22. Dede
    October 17, 2012 at 1:07 pm

    Thanks so much for your help. I just purchased and android and did not like the permissions wanted to use an app. When I started looking most all apps wanted the same or pretty much the same permissions. If I had know this prior to buying, I probably wouldn't have purchased the phone. Thanks again so much for all of the information. Going to go "rooted" now. LOL

    • Chris Hoffman
      October 20, 2012 at 8:48 pm

      App developers often ask for too much. It's an unfortunate situation.

  23. G.
    August 6, 2012 at 2:03 am

    How the hell Google didn't allow users to select which permissions to give to apps by default in the O.S.? Why I must FIRST install the app and LATER use a superuser app to LIMIT what the app wants to do?

    I want to use a tiny free game for 5 minutes and I can't deny crazy permissions to use it?

    So finally I end not installing it.

    This is a BIG mistake in the design of the app system. The USERS should have the right to select which permissions to give the apps, and receiving a warning with permissions that may lead to an unstable app, or give detailed information when is only a part of the permission you are giving and not something like: "yes, use all my private data for a game".

    I love Android, but this is very disappointing.

    Sorry for my english, I'm out of practice.

    • Chris Hoffman
      August 7, 2012 at 7:16 am

      I completely agree. The problem is just the developers abuse it -- if apps request only sane permissions, there wouldn't be much of a reason to lock down their permissions.

      For example, if you wanted to install a camera app and it requested access to your camera, there's no point in blocking that.

      However, when you want to install a game and it wants access to everything, that's bad.

      I'd like to see Google add this feature to Android and give users control, but part of the reason app developers do this is to gather data for advertising (ie: access your location to serve you local ads), and Google is in the business of advertising.

  24. Tushar
    May 28, 2012 at 1:44 am

    Could you please explain different kinds of permissions and how the developer is going to get benefited with these permissions? (e.g. Access device’s ID to target ads.)

    • Chris Hoffman
      May 29, 2012 at 3:34 am

      You can tap each permission to view more details. Answering that in a comment would require a lot of words and research.

      Actually, that may be a good idea for a future article -- thanks!

      • Tushar
        May 30, 2012 at 4:35 pm

        It will be nice to see an article on it. I needed this the most, as i always ignore the permissions messages. I always check Amazon's daily free apps. Something has gone with my Galaxy S & now it became sluggish. I have tried "Fast Reboot", "Android Assistance's Quick Boot" but these apps even unable to free RAM. Only rebooting the phone frees the memory. If a get a clear idea, then i can avoid the apps which open back doors, even if they are useful. Thanks a lot.

        • Chris Hoffman
          May 31, 2012 at 1:27 pm

          You're welcome! It definitely sounds like there's a misbehaving app or two on your phone.

  25. Wayne Hixenbaugh
    May 27, 2012 at 4:44 pm

    I agree with Stadsjaap, whenever I come across an App that I don't feel comfortable with I check the low rated reviews for permission problems. Sometime it can be time consuming but if I really want the App it's worth the time.

    • Chris Hoffman
      May 29, 2012 at 3:33 am

      It's a good idea. The problem is that other users may not know if an app is sneakily doing something in the background, so it's not a perfect solution.

  26. Stadsjaap
    May 25, 2012 at 10:32 pm

    OK, but can anyone name some well documented instances of (for eg. Google App store) apps raiding passwords, nicking credit card details, uploading and spamming entire contact lists, hacking email accounts and the like?

    Of course it can be done, but do we have any idea how widespread it is? Or is it a case of "Beware of swine flu!" (which killed 14,000 people in total) vs regular flu (which takes out 250,000 per year)?

    My top tip is to "Arty Urbi" - Read The User Reviews Before Installing. You'll see immediately is something is up. :-)

    • Chris Hoffman
      May 26, 2012 at 8:32 am

      Well, Path was probably doing this on Android, too.

      Lots of apps harvest a lot of personal data (the reason for the permissions requests) and use it to target ads and such.

      Either way, it's a concern. Giving apps the power to do this allows the permission to be abused in the future. Training users to ignore permissions because they don't matter most of the time makes users vulnerable to malicious apps -- why bother with a permission system if users ignore it, anyway?

      Reading user reviews before installing is definitely a good idea.

  27. Bob Drysdale
    May 25, 2012 at 10:32 pm

    I always read the permissions but find they are generally pretty vague, saying what a permission can mean but not what the specific app actually does with them. For example, I declined to install a bank's mobile banking app because it wanted to access my contacts. What the hell does it need to do that for?
    If an app was precise about what it actually does with the permissions (some are) I might be more inclined to install it.

    • Chris Hoffman
      May 26, 2012 at 8:29 am

      It could just be bad app design practices. Developers can sometimes be lazy and grab lots of permissions instead of fine-tuning them.

      Still, if you don't trust your bank, you might have a bigger problem!

  28. hong
    May 23, 2012 at 1:26 am


  29. John
    May 23, 2012 at 12:51 am

    Three letters: L-B-E. Four letters: F-R-E-E. 'Nuff said.

    • Chris Hoffman
      May 25, 2012 at 9:53 am

      I have heard great things about LBE Privacy Guard. If anyone else is interested, here's a link: [Broken Link Removed]

      Like the app mentioned in the article, though, it requires rooting your device.

  30. Jack Cola
    May 22, 2012 at 7:00 am

    If you want to use the app, you have to agree to the permissions... Not something you really get a say on is it?

    • Chris Hoffman
      May 25, 2012 at 9:50 am

      Yup, not really -- it's sad, Google should allow some control over this in the default OS, I think.

  31. Bernadette
    May 22, 2012 at 6:54 am

    I always check the permissions and if they are things I am not comfortable with I don't install the app. If it is something I really want and there is not a good alternative, I see how many people have downloaded the app, how many comments there are and if the comments are good. If all that is good and the web site is good and it looks like a valid company, then I will accept the app even if there are some permissions I don't like.

    • Chris Hoffman
      May 25, 2012 at 9:50 am

      That's the most practical approach. Ideally, all users should behave that way. Unfortunately, most people don't pay attention. EULAs have trained us to tap past these things, I suppose.

  32. Joel Lee
    May 22, 2012 at 4:31 am

    Unfortunately, comparing permissions to an EULA is spot on. I don't even bother checking the requested permissions--but that's mostly because I only install apps that are well-known. When I'm installing Winamp or Catch Notes or the Kindle app, it doesn't even cross my mind that the developers would do something dodgy.

    That's how I keep myself safe in general, whether it's on my phone or on my PC or elsewhere. Only deal with known software from known developers who have had good reviews from previous users.

    • Chris Hoffman
      May 25, 2012 at 9:49 am

      Very true. Dealing with popular apps is a good way to stay safe. I know that the Kindle app is probably safe, whereas Joe's L33t Book Reading App may be more dangerous, even if it requires the same permissions

      • guest25
        October 9, 2012 at 9:16 pm

        remember the issiue witch apple keept user location data
        you're logic is mirage coz shoud i let devs/anyone who is well known/big/whatever give acces to my computer/data ? It is raddiculus that for instance game any game app woud have premision to my calls/personal info im really shocked that anyone installs it and almost all apps have insane premisions

        • Chris Hoffman
          October 20, 2012 at 8:47 pm

          Yes, that's definitely true as far as privacy goes. I don't want to argue with you there, I think it's insane how many permissions apps require and I wish Google let us block them in stock Android.

          That said, while popular apps like Kindle or Angry Birds may data-mine my personal info, they probably don't contain malware that sends premium-rate SMS messages and drives my cell phone bill up. That's what I meant.

  33. cdub
    May 22, 2012 at 12:09 am

    This is a great article. In an age of 'buyer/downloader beware' when it comes to privacy, more user education needs to happen about this topic. I don't download apps where the permissions make no sense to me -- the example of contact information is a perfect example. For better or worse, that severely limits the number of apps I have on my phone. Somehow, I survive.

    • Chris Hoffman
      May 25, 2012 at 9:48 am

      Thanks for the vote of confidence, cdub.

      Unfortunately, lots of apps could have a good reason for requesting the permissions they do. An app could say "we request contacts permissions, but we only use this if you use our optional in-app Share feature." You'd have no way of knowing whether this is true or not -- and you can't deny permissions to an app without rooting your device.