From spying to stealing data: what app permissions you should avoid giving

Milda Jokubaitė

December 2, 2021


On average, one person has more than 80 apps downloaded on their devices. And each of them requires the user to grant several permissions upon installation. Many people give them without even bothering to read what they're asked to do. However, thinking about security - it's an extremely risky way to use your phone. Therefore, in this blog, we're going to discuss what dangers app permissions pose to your online privacy and how to stay protected while using your devices.

close up of shirt-wearing person holding smartphone and working on a laptop

6 app permissions you should avoid giving

Before granting permissions to access your personal data and smartphone functions, think about the risks they can pose to your privacy. Cybercriminals can collect sensitive information about you and sell it on the dark web, access your social and financial accounts, change passwords, control your device, or delete files without your consent. Moreover, it can be used for even more sinister purposes like planning criminal attacks, kidnapping, blackmailing, or committing a fiscal crime (emptying your accounts, opening credit cards, taking out loans, etc.). Stay vigilant and think before granting one of the following app permissions:

  1. Camera

    It allows the app to use your camera for taking photos or recording videos. However, when granting it, consider the app's function. If it's photography, beauty, or communication-related - you may not worry about it. Yet, if it's navigation, finance, or, for example, a weather app, think twice if you really need a camera to know where you're driving or what is going on in the stock market. The thing is that hackers could turn on the camera without you even noticing and secretly record or take pictures of you or your surroundings.

    Often required: beauty, communications, parenting, photography, social, video players, and editors.

    Sometimes necessary: entertainment, food and drink, shopping, travel and local apps.

    Shouldn't be required: music and audio, weather, and other apps.

  2. Location

    Your location data is essential for navigation, traveling, or shopping apps to track your current coordinates or identify your delivery address. However, location is a very powerful piece of data, and when granted for malicious apps, this permission can serve such details as your home address, where your kids go to school, daily habits, routes, etc. All this information can be sold to third parties, abused to steal your identity, and used to plan a burglary, kidnapping, or even physical attack. Therefore, stay vigilant when giving this permission away.

    Often required: weather, events, maps and navigation, shopping, travel and local.

    Sometimes necessary: communications, entertainment, social, parenting, tools.

    Shouldn't be required: beauty, education, music, and audio apps.

  3. Microphone

    Ever had an ad pop out after you just talked about it with your friends? Maybe, you should check the apps on your phone and the permissions you granted to them. Microphone permissions can be used to record confidential conversations with family, doctors, and business partners and collect data while you're completely unaware. It can later serve to build advertising profiles based on interests and, in some extreme cases, for blackmail purposes.

    Often required: social, communications, video players and editors, music, and audio apps.

    Sometimes necessary: tools, games, productivity, parenting, entertainment apps.

    Shouldn't be required: weather, photography, news and magazines, beauty.

  4. Storage

    It seems rather innocent at first, but when you think about it, the perpetrators don't even need to lift a finger to get information about you when abusing this permission. They can just easily extract it from your device storage. File managers, photo galleries, or communication apps often need to access this space to save, read, and modify data on your device. So, if you don't want your photos and documents sold to third parties, be wary about granting them to suspicious apps. Keep in mind that instead of storing files on your smartphone, you can save them in an encrypted cloud, helping to keep your private information truly secure.

    Often required: social, communications, video players and editors, music and audio, photography, personalization apps.

    Sometimes necessary: games, education, beauty apps.

    Shouldn't be required: sports, weather apps.

  5. Call and messaging

    While having permission to manage calls and messages is necessary for communications apps, it's not exactly a priority for a diet tracking app on your phone. Granting this permission to suspicious apps could result in hefty phone bills. Malicious software could use it to make calls or send messages to premium numbers or phishing scams using your contact list numbers.

    Often required: social, communications, dating apps.

    Sometimes necessary: medical, parenting apps.

    Shouldn't be required: entertainment, video players and editors, maps and navigation, games, diet apps.

  6. Contact list

    And speaking of the contact list - you've probably been asked for it not only by communications apps. Service apps usually require it to bring on your friends, share content with them, etc. There is no surprise that when a fraudulent app gets access to this data, it can sell these contacts to third parties for a steep price. Therefore, be aware when sharing your contact data on your device.

    Often required: social, communications, dating apps.

    Sometimes necessary: tools, parenting apps.

    Shouldn't be required: video players and editors, music and audio, maps and navigation, games.

How to manage your app permissions and secure your data

One thing to understand here - you're in charge of your security when it comes to app permissions. Of course, it's still a cybercrime to collect information about you even if you permitted it on the app. However, it's better to take precautions because once the hackers get ahold of your data, it could take some time for you to learn that it was actually sold to third parties or used for other malicious purposes.

So, if you want to stay secure and protect your device, follow the steps below:

  1. Check out enabled permissions for your current apps and disable those you don't trust.

  2. Before downloading a new app, do some research:

    • Check people's reviews;

    • Look for information about the developer, seller, and brand;

    • Read the app description on the app store to determine what permissions it will ask you to confirm.

  3. Accept only those permissions necessary for the app to function and let the app use your data only when it's opened.

  4. Install antivirus software to protect your device from malicious apps.

The golden rule of deciding whether you should grant the app permission is to understand its purpose, so use logic and common sense. For example, if a beauty app asks access to your phone's microphone or a well-being app - to make direct calls, it's a major red flag. Another key thing is downloading only trusted apps on your phone - those that are really public about their functions and purposes. And even so, you cannot be entirely sure that your data is safe. Even the most trusted apps can pose a threat to your privacy when cybercriminals discover app vulnerabilities and exploit them for sinister purposes. Remember that app permissions are only one way of getting to your data - you can also download malware and other threats to your device, so using a VPN while browsing is always advisable.