Android Security

What Are Android Permissions and Why Should You Care?

Ben Stegner 11-03-2016

One of the critical parts of Android 9 Things Not to Do When Getting Your First Android Phone These common pitfalls should be avoided for the optimal Android experience. Read More  that is often overlooked is app permissions. Any app that you install on your phone has to ask for explicit access to potentially sensitive areas of your device, but they don’t always ask for these honorably.


Thankfully, Android permissions have taken a turn for the better in its most recent update (Android 6.0 Marshmallow) Android 6.0 Marshmallow: What It Is and When You'll Get It Android Marshmallow is here -- but why should you care? Read More , but less than 3% of people have Marshmallow on their devices. Thus, it’s important to know how Android permissions have worked in the past, and how they’ll look in the future.

Let’s take a complete look at permissions under both systems, what they mean for you, why you should care, and what these actually look like in real apps. You’ll learn a lot!

In case these seems like déjà vu — we’ve explained Android permissions before How Android App Permissions Work and Why You Should Care Android forces apps to declare the permissions they require when they install them. You can protect your privacy, security, and cell phone bill by paying attention to permissions when installing apps – although many users... Read More in the past, but they’ve changed so much recently that it’s worth going over again.

What Are Permissions?

It’s simple: Permissions are special privileges that apps must ask for if they want to access sensitive media on your phone.

Because our phones contain so much personal information — like our exact location 5 Types Of Android Apps That Make Good Use Of Your Location You might turn off your location services to save battery life, but these kinds of apps might make you change your mind. Read More , contact data, and cameras that can record us — apps can’t just use these unless you tell them it’s okay.



You can check the permissions of an app at any time. If it’s an app that you already have installed, go to Settings > Apps and find the app you’d like to examine. Tap an app and on its info screen, click the Permissions field or scroll down to find the list. Here you can view everything that the app asks for.

If you’d like to view permissions for an app that you’re not using yet, find it on the Google Play Store (either on your phone or using the Web interface How to Install Android Apps Right From Your PC in Seconds When you're at your PC, you don't want to have to pick up your phone to text, so why do it to install apps? Here's a better way. Read More ) and click Permission Details to view them. They’ll be grouped by type; if you don’t understand them yet, don’t worry! We’ll review some soon.

Why This Matters

Don’t get the idea that permissions are inherently bad, because they’re not! Modern phones are capable of so much The Best Android Apps on the Google Play Store for 2019 Looking for the best Android apps for your phone or tablet? Here's our comprehensive list of the best apps for Android. Read More , which means they can naturally be used for harm too. Permissions help you keep your device protected from shady apps — just because an app wants a permission doesn’t mean it’s awful.


For instance, Google Maps would be pretty useless if it couldn’t access your location, but when a calculator app needs access to your contacts, that should raise concern. This was the source of the Facebook Messenger app’s controversy How Bad Are Those Facebook Messenger Permissions Anyway? You've probably been hearing a lot about Facebook's Messenger app. Let's quell the rumors and find out if the permissions are as bad as they claim. Read More a while ago, because people felt that the app was overstepping its bound on permissions.

We’ve written about how invasive the Facebook app’s permissions are How To Use Facebook On Android Without All The Invasive Permissions Facebook's Android app requires a ton of permissions, and it shouldn't be trusted with them. The Tinfoil app for Facebook is the privacy-conscious solution. Read More , but you have to be prudent with everyday apps too. For instance, when I played a bunch of knockoff Mario games on Android, the majority of them asked for permissions like Contacts and Location.

These apps have no business requesting these, because they’re not necessary for the functionality of the app. Even if an app clearly defines what it wants the permission for (which more developers should do), there’s no guarantee that it’s not abusing the permission.


It’s not fair to say that certain permissions are inherently bad The Seven Deadly Android Permissions: How to Avoid the Sin of Slothful Preparedness Everyone with an Android device should know that your private information isn’t treated as private. For example, making an app purchase may expose personal contact information, including one’s name, physical address and email address, to... Read More 100% the time, but because it’s easier for certain ones (location, camera, etc.) to abuse your information, you should treat those permissions with greater care.

In the old days, Google would list every single permission that an app required (even minor items like vibration). Now, those are pretty much expected; they’ve moved these into the Other category of permissions, including Full network access since it’s so common these days, especially for in-app ads.

If you’re curious, below is a screenshot of what it looks like to add app permissions when you’re writing an Android app. This is from an app I’m actually writing for a college class — you can see that we need access to the phone’s storage (so we can keep track of user preferences), but we also have to ask for permission to vibrate and access the network. If we didn’t declare those permissions and tried to perform those functions, the app wouldn’t work.



Common Permissions

A lot of permissions are self-explanatory, and you’ll likely come across a similar set in many apps, so they shouldn’t take too long to get down. Let’s have a look at a few common ones and what they mean.

  • Storage: Apps can read your files, save files, or both. A common reason for reading your storage is picking a file to share with a friend, while an app might need to write to storage so it can save a picture you edited.
  • Location: This can be your approximate location, which is gathered from Wi-Fi networks near you, or your exact location, which uses your phone’s GPS.
  • IdentityFind accounts on the device: This is used when an app wants to find what other accounts you’re signed into on your phone, such as an app letting you sign in with your Google or Facebook account.
  • Phone/Device IDRead phone status and identity: This lets the app know when you’re in a call, so it can avoid interrupting the call. Directly call phone numbers lets an app make a phone call without prompting you to go to the dialer app.
  • Device & app historyRetrieve running apps: This lets an app know what other apps are on your phone. This could be abused, but is used “legitimately” by task killer and battery optimizer apps that you should never use. Why RAM Boosters and Task Killers Are Bad for Android Do Android RAM boosters really work? Here's what task killers and RAM boosters actually do to your Android device! Read More

These are some of the most common, but there are lots of other permissions in the Other category, including Download files without notification, Run at startup, Change network connectivity, and Change your audio settings, all of which could be used maliciously.

By the way, when I was compiling this list, I solely referenced the Facebook app for Android, which asks for all of these permissions and more. Quite frankly, it’s absurd that they ask for some of these permissions; you’re better off with a slim third-party Facebook alternative Faster, Leaner, Better - Alternatives To The Android Facebook App Oh, the joys of having social media available to us at any time of day thanks to the advent of the smartphone. Facebook has always been (at least on the surface) about connecting with your... Read More on your phone.

The Old System (Lollipop and Earlier)

Since the vast majority of Android users aren’t on Marshmallow yet, let’s look at how the permissions system worked in the past, even though it’s (thankfully) on its way out. If you’re not sure which Android version your phone is running, you can go to Settings > About Phone and look for Android Version. 6.0 is Marshmallow, 5.x is Lollipop, and 4.4.x is KitKat; earlier than that is the same for our purposes.

So, the old system of permissions is a blanket choice — you either have to accept every permission an app asks for when you install it, or decline to install the app. This is frustrating for a number of reasons, the most prominent being that a rogue permission could keep you from installing otherwise useful apps. As useful as some Android apps are Top 10 Android Apps Everyone Should Install First Got a new Android phone or tablet? Then you absolutely need these apps! Read More , you don’t want to make your contacts available to every app that asks for them.

The problems with this method don’t stop there, though. Years ago, each permission was listed separately. If you chose, apps updated automatically — unless a new permission was added. When this happened, you had to explicitly click Accept on the new permission before you updated it, so the same “take it or leave it” rule applied, and apps could be ruined by adding new permissions.

Eventually this meant that permission listings were pretty lengthy, so Google decided to start grouping similar permissions. When you install an app now, you’ll notice these — SMS, for example, contains all possible permissions around your text messages. The problem is that app updates can add additional permissions in a group without asking your permission as they did before.

So, for example, one of the possible SMS permissions is Read your text messages. Perhaps you use the excellent keyboard, SwiftKey, which allows you to personalize your dictionary by reading in how you type from your texts, Gmail, and other sources. You don’t mind giving it access to your texts, so you go ahead and enable it.

A few months down the road, SwiftKey could update to include the Send text messages permission without you even realizing it — this could cost you money if SMS messages are sent to premium numbers or you don’t have unlimited texting The Best Ways To Send A Free SMS Online In an era where smartphone ownership is becoming the majority, it’s hard to imagine someone who can’t (or won’t) send out text messages. When was the last time you knew someone who didn’t have a... Read More ! SwiftKey is a reputable app and would never do this, but it’s an example of how unsafe permission groups are.

Your only defense under this system is to avoid apps whose permissions you don’t like, or root your phone The Complete Guide to Rooting Your Android Phone or Tablet So, you want to root your Android device? Here's everything you need to know. Read More and install an app that lets you toggle permissions on or off. Because rooting can be complicated and voids your warranty, though, this isn’t a viable solution for most users.

Hopefully now you see the issues with this system, especially when contrasted with iOS, where you can turn individual permissions on or off in any app you please. Android has needed a better way for a long time, and it finally has one.

The New Way (Marshmallow and the Future)

Android Marshmallow arrived with plenty of changes Android 6.0 Marshmallow: What It Is and When You'll Get It Android Marshmallow is here -- but why should you care? Read More in October 2015 — a new permissions system was among them. Now, permissions are granular, and you don’t have to agree to a blanket set of permissions to install an app.

When you install an app built for Marshmallow, the Play Store will let you know that you can decide on each permission as it comes up. Let’s say your favorite SMS app Text Better With These Alternative SMS Apps for Android Don't like your default SMS app? Try a new one! Read More lets you take pictures inside the messenger, for example. Once you click the button to open the camera in the app, you’ll get a pop-up asking for access to your camera. Obviously you prompted this action, so it makes sense to confirm it.

If you deny a permission, the app won’t be able to use that feature — so if you deny your location to Google Maps, it will appear to not be working right for no reason. If app developers know what they’re doing, they’ll have a check in place to let you know that the app can’t function if you don’t grant the app that permission. Ideally, the app will ask you for permission as you take actions in the app that require them, not all at once as soon as you open it.

There’s still a drawback hanging on from the old system, though. If apps aren’t built to take advantage of Marshmallow’s new features, you’ll still be asked to agree to every permission as soon as you install the app. Once it’s installed, you can find the app in Settings > Apps and toggle its permissions, but the app may break without warning. Even if the app is built for Marshmallow, you can tweak permissions here at any time if you change your mind

By this point, developers really should be on board with Marshmallow, but you’re bound to come across some apps that are still on the old system. Essentially, you’re free to turn permissions off for any app even if you have to agree to them all at once, but this could break things since the developer hasn’t accounted for them.

Some Real App Examples

Let’s wrap up by looking at a couple of popular apps The Best New Android Apps Released in 2015 Some really amazing apps hit the scene in 2015 -- let's take a look at the best. Read More and the permissions they ask for. I can’t claim to know the reason for all of them, but I’ve speculated where appropriate.

Snapchat requires the following:

  • In-app purchases
  • Finding accounts on your device, and reading your contact card
  • Reading your contacts
  • Your exact location
  • Receiving text messages
  • Reading whether you’re on the phone
  • Reading, saving, and deleting files on your phone
  • Full access to your camera and microphone
  • The ability to view information about the WiFi you’re connected to
  • Preventing your device from sleeping
  • Turning on the phone’s flashlight

That’s a pretty big list! Most make sense in the app’s context (which is key when analyzing permissions) — you can sign in with other accounts, and when messaging you can share your location, take pictures, and record voice.

The app requests the ability to prevent sleep so that you get notifications even if your phone isn’t awake. As you see, most permissions can be explained, but it’s up to you if you trust the developer with them.

Pandora asks for these permissions:

  • In-app purchases (for subscribing to their premium service)
  • Find accounts on device (for signing in with Facebook, etc.)
  • Add or modify calendar events and send email to guests without owners’ knowledge (no idea why they need this)
  • Read your contacts (for sharing tracks with friends)
  • Read phone status and identity (for knowing when you get a call, so it can halt the music)
  • Modify or delete the contents of your USB storage and read the contents of your USB storage (for caching data so the music doesn’t have to buffer as much)
  • View Wi-Fi connections (likely to determine the quality of your current connection)
  • Various other settings, such as Bluetooth control

Overall, Pandora isn’t awful. I don’t understand why they need calendar info, and you could probably do without them knowing your contacts, but there are far worse apps.

Let’s take a game for our last sample:

Candy Crush Soda Saga wants to access these on your device:

  • In-app purchases (so they can nickel and dime you at every corner)
  • Find accounts on the device (for signing in with Facebook)
  • Read your contacts (so you can annoy your friends and ask for lives)
  • View Wi-Fi connections (likely so they know if you’re on a quality connection)
  • A few other permissions, including prevent device from sleeping

Overall, this one isn’t too bad in terms of permissions. The game itself is a different story, but at least this app doesn’t need to know your contacts or calendar information.

You Have Permission

That was a lot to take in, but permissions impact your privacy and are important Smartphone Privacy Settings You Need To Activate Today Smartphones ship with plenty of default settings that could be leaking your info. Let's dive in and tweak them. Read More ! Hopefully you learned a lot about the different permissions, how they used to work, and what’s ahead for them.

The takeaway here is to be sure that you don’t install apps recklessly on your phone. All kinds of apps, especially popular ones, are laced with more permissions than they need. If you’re on Marshmallow, be sure to only enable permissions that you’re okay with. If you’re on an older version, always review the list of permissions before you install an app. Be aware of what you’re putting on your phone!

Most permissions don’t do a whole lot if you’re offline, so take a break and enjoy some Android games that don’t need an Internet connection to play 11 Fun Mobile Games When You Have No Internet or Data Here are the best mobile games that don't need an internet connection, allowing you to save your mobile data. Read More .

What other questions do you have about permissions? Are you excited to upgrade to Marshmallow and get control over your permissions? Share your thoughts and questions about permissions in the comments!

Related topics: Google Play, Smartphone Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Todd
    February 9, 2018 at 7:43 am

    I have declined a permision that now will not allow me to keep or download numbers from call log can you jelp me give that permission so i can put mames with nbers in my contacts.

  2. Ella
    January 3, 2018 at 9:45 pm

    I wouldn't be surprised if the NSA/GCHQ etc pay some app developers to include nefarious permissions on their apps.

    Just now I wanted to download a voice recorder. It wanted permissions to my photos as well as files and media. Why photos?

    It's a jungle. Everything we do is being logged, shared, recorded and sold.

  3. Smart User
    May 22, 2017 at 7:13 am

    Such an awful website with these ads every 3 lines of article

    • Dave Parrack
      May 22, 2017 at 9:06 am

      They're not ads, they're links to other MUO articles related to the article.

  4. Raymond K.
    May 17, 2017 at 3:11 am

    I do not have version 6.
    I have an LG K7 and it contently turns on data, I have no data plan, it is a work phone, every time it think I figured out what is turning it on, after a few days I find I was wrong.
    Do you know what permissions exactly I can look for and uninstall the apps so that nothing has permission to turn on my data?

    I have turned off auto check mms I have also restricted background data, I have done everything I can find.

  5. YO
    December 26, 2016 at 9:21 am

    MyPermissions Privacy Cleaner is a mobile app that helps you find & fix privacy issues on your Android (and iOS). Using the app you can get 24/7 ongoing alerts for when a new Android or social app accesses your information.

    Disclaimer: I work for MyPermissions

  6. pd
    October 18, 2016 at 2:13 am

    Gmail does not need microphone to run but constantly nags for it with claims it won't work without it, which is false.

    I don't user voice activation. I hate the very concept. Why can't I disable the microphone permission in gmail without gmail becoming super awkward to use nag ware?

    • Ben Stegner
      October 31, 2016 at 3:57 pm

      To be honest, I'm surprised that this is the case. With Android 6.0 and above, developers should be gracefully degrading functionality if the user does not grant a permission. You're right — voice permissions should not be required normally for Gmail to function. This might be worth raising a question on Google Groups.

  7. Lope
    October 15, 2016 at 10:56 am

    Just my 2 cents: you make sound google maps like it's only useful if it has access to GPS, but it works perfectly without it. google maps doesn't need to know where you are if YOU know where you are (also fast battery drain when GPS is on). it's useful if it can access GPS if you're lost, but how often does that happen?

    • Ben Stegner
      October 31, 2016 at 3:55 pm

      I guess I never thought about using Maps in that way. If you don't want to grant it your location but still want to check restaurants, etc. in a certain area, it's still useful. Thanks for that angle!

  8. Alpha
    March 17, 2016 at 7:33 pm

    No thanks Ben! I got all my answers and warnings of course! But if you are asking about those question marks at the end of my previous comment, they're just stars but after I sent the post, they turned into ?s :)

  9. Alpha
    March 16, 2016 at 3:05 am

    Thanks for the very useful post! ?????

    • Ben Stegner
      March 17, 2016 at 5:31 pm

      You're welcome! Did you have another question?

      • Ali
        January 19, 2017 at 10:48 am

        What about an AP that says this ap does not require permissions. Does this mean they can do what they like without permission or does this mean they don't want to access any of them anyway? Is it a good thing or a bad thing?

        • Ben Stegner
          January 19, 2017 at 4:00 pm

          If an app says that it doesn't require permissions, it means that there are no permissions required to run that app. Many small games are like this — they don't need access to your camera, contacts, or location, so they just run without those.

          Note that Google doesn't alert you about "small" permissions like vibration or internet access — those are considered ubiquitous. But yes, when you see that an app doesn't need permissions, you can rest assured that there's nothing shady going on with it!

      • Move
        January 19, 2017 at 10:50 am

        What about an AP that says it does not require permissions. Does this mean they can do what they like without permission or they don't want to do anything so don't require permissions? Is it a good thing or a bad thing?

      • Todd
        February 9, 2018 at 7:51 am

        I declined permision on somthing and dont know wut it was. O can not download phone calls to my contacts. Realy need to gove permission to allow to hatjer contacts from phone calls comong in

        • Ben Stegner
          February 9, 2018 at 3:27 pm

          Hi Todd, I'm not exactly sure what your issue is as I'm not sure what you mean by "download[ing] phone calls to my contacts." Can you go into Settings > Apps > Permissions and check that you haven't denied the Phone and Contacts apps any relevant permissions?