Understanding the risks of granting app permissions on your phone

Stop Giving Away Your Data For Free: A Sysadmin’s Take on App Permissions

Look, I’m tired of seeing folks click ‘Allow’ on every single app permission prompt like it’s a game of whack-a-mole. Every day I get asked, “Why is my battery draining so fast?” or “Why am I getting so many spam calls?” And 9 times out of 10, it boils down to some garbage app you installed to tell you the weather or play a simple game, now hoovering up your location data, contacts, and god knows what else. It’s a mess, and frankly, it’s lazy.

Why Your Default ‘Allow’ Button is a Trap

The standard way most people deal with app permissions is to just mash ‘Allow’ so they can get on with whatever they downloaded. It’s quick, it’s easy, and it’s also how you end up with apps designed to give you a flashlight suddenly demanding access to your microphone and text messages. Why does a calculator app need to see your contact list? It doesn’t. Developers, especially the shady ones, try to get as much access as possible because they can sell that data, use it for “targeted advertising” (read: creepy tracking), or exploit security vulnerabilities later. My method? Assume every app is trying to steal your data until proven otherwise. It saves you a lot of grief down the line.

How I Manage App Permissions (And You Should Too)

Here’s the deal. You need to be deliberate about this. It’s not hard, just takes a minute.

1. Install, but Don’t Launch Immediately: When I download a new app, I install it but I don’t open it right away. This gives me a chance to review its initial permission requests *before* it starts doing anything in the background.
2. Initial Permission Review:
   • On my Android phone, I go to Settings > Apps & Notifications > See all apps. Then I find the app I just installed.
   • Tap on the app, and then look for Permissions. This shows you everything it’s *currently* asking for or has already been granted.
   • On an iPhone, it’s a bit more distributed. After installation, I go to Settings, scroll down to find the specific app, and tap on it. There, I see a list of individual permissions like Location, Photos, Microphone, etc., with toggles.
3. Evaluate Each Permission Critically: This is where the common sense comes in. Ask yourself, “Does this app *really* need this to function?”
   • Location: Maps app? Yes. Flashlight app? Absolutely not.
   • Camera/Microphone: Video call app? Yes. Basic game? No.
   • Storage/Files: Photo editor? Yes. Simple utility app that doesn’t save anything? Likely not.
   • Contacts: Messaging app? Sure, maybe. QR code scanner? No business.
   • SMS/Call Logs: Messaging app or call blocker? Possibly. Most other apps? Big red flag.
   • Phone: Generally means it wants to make calls or access your phone number. Be very wary.
   • Calendar: Scheduling app? Yes. Social media app that doesn’t involve events? Why?
   • Nearby Devices: For connecting to Bluetooth peripherals or casting screens. Usually fine if the app’s function involves that.
4. Deny and Test: My approach is to deny everything I don’t think it needs. If the app complains or a feature I genuinely want doesn’t work, I’ll go back and grant *only that specific permission*. For example, the first time I set up a new banking app, I denied camera access thinking “why would it need that?” Turns out, it’s for cheque deposits. Felt like an idiot for a minute, but I learned. I enabled just the camera permission then. Better to deny first and grant later than the other way around.
5. Revoke Unused Permissions: Every few months, I do an audit. I go back into my app list (Settings > Apps & Notifications > See all apps > select app > Permissions) and check what’s still active. If I haven’t used an app in a while, or if I’ve found an alternative, I often revoke all its permissions before deleting it. Some phones even have a feature to “remove permissions if app is unused,” which is handy, but I wouldn’t rely on it exclusively.
6. Don’t Trust Updates: App updates sometimes quietly add new permission requests. Be aware of update notes, especially if you see new features. It’s good practice to re-check permissions for key apps after a major update, just in case.

Things people often get wrong

The biggest mistake people make is not understanding that these permissions aren’t just for features, they’re often for data collection. You deny an app location, and suddenly it can’t geotag your photos, fine, but also it can’t sell your movements to advertisers. Another common screw-up is trusting “system apps” or pre-installed bloatware. Just because it came with the phone doesn’t mean it’s benign. Some phone manufacturers bundle in their own apps that are just as bad, if not worse, at permission abuse. I’ve seen some OEM’s “launcher” apps demand access to call logs and SMS, which is completely unnecessary for a home screen. Also, watch out for apps that constantly ask for the same permission after you’ve denied it. That’s a strong indicator they’re trying to badger you into giving up your data, or they’re just badly coded. If an app legitimately *needs* a permission, it should explain *why* and usually only asks once. If it keeps bugging you, it’s likely nefarious or poorly designed. Just uninstall it. There are always alternatives.Be vigilant, be skeptical, and protect your digital privacy like it’s your last slice of pizza.