Hot topics

How to manage app permissions on Android

MGL1954
© nextpit

You might have noticed that apps require special permissions in order to function. Unfortunately, it's not always clear what the permissions are used for. This article will provide an overview of the most important app permissions and we'll try to separate the necessary ones from the sketchy ones. In our update, we'll discuss the tighter controls over SMS and call logs that are in the latest version of Android.

Jump to:

There are two types of app permissions

The first type meant accepting all permissions of an app as a complete package before installing it on the Google Play Store. As a result, people were not worried and blindly handed everything over to the app and thought, "It'll be fine, I just want to finally be able to use the app!"

Then, a couple of years ago, a new type of app permissions came along. This method requires permissions according to the system used starting with Android 6.0, and only allows apps to have access to permissions when they are in use. This incidentally has led developers to explain why they need certain permissions.

With the launch of Android 9.0 Pie, and now Android 10, even tighter controls have been added. From January 7, 2019, SMS and call log access are separated from the old permissions grouping bundled into Phone. Call logs and SMS data can now only be accessed by apps that are set to default for those actions. The latest Android software makes it a lot easier to get control over those invasive apps that get greedy with permissions.

Change the permissions of an app

Apps that use this new authorization model allow you to revoke permissions. Google classifies some permissions as 'dangerous permissions', including the following:

There are permission packages that combine several partial permissions. A flashlight app can record videos of you, because it needs the camera permission for LED control. But an app that is allowed to read text messages may not send them automatically because of SMS permissions. This makes it all the more important for app developers to adhere to Google's transparency for users and to explain why their app requires a given permission.

AndroidPIT permissions 0059
There are different approaches to manage and administer permissions. / © NextPit

Starting from Android 8.1, several permissions are classified as 'normal' and every app is entitled to them. These include:

  • Network status
  • Notification guidelines
  • Bluetooth admin
  • Change network status
  • Keep key lock open
  • Internet
  • Stop background processes
  • NFC (near-field communication)
  • Disable battery optimizations
  • Change background image
  • Use the fingerprint sensor

Apps request these authorizations upon installation, and the user can't withdraw them afterwards.

Dangerous app permissions

Calendar

Similar to SMS permissions, calendar permissions are divided into access to reading and access to writing. Obviously, these permissions only make sense for third-party calendar apps.

Call logs

If you are already using Android 9.0, you may have noticed an extra permissions group appear in your settings menu. Google's new Malicious Behavior policy is a lot tougher on surveillance and commercial spyware, and this permissions category is a way of giving users more control. This is one of those permissions groups that you will likely be switching off for almost all of your apps.

call log permissions
How Call log permissions look on Android 10. / © NextPit

Camera

Flashlight apps request this strange-looking permission, but the LED light is accessed via the camera. Since the permission isn't broken into sub-permissions, these kinds of apps get full access to your camera, but not to the microphone.

Contacts

This group has a few different kinds of permissions: apps can read your contacts or view available smartphone accounts. Do you also use Facebook or Twitter and have the accounts already connected to your device? The address book and chat apps often want to read your contacts so it can network with them. The developer of an app can then store your contacts on its servers, and in the worse case, try to sell the numbers. So watch out!

Body sensors

Exercise or other health apps may want to measure your pulse. If your device has this kind of sensor, you'll have to activate it to allow apps permission to it.

Microphone

This permission allows audio recordings to be made immediately. If recordings are being made in the background, Android will notify you.

SMS

Some apps like WhatsApp don't offer SMS functionality. Instead, they are able to use this permission to read the SMS with a verification code. In principle, you can deny permission and enter the code manually in the chat app.

Furthermore, this group of permissions is divided into five groups. There are permissions for sending, receiving, and reading text messages, receiving WAP Push messages, and reading an MMS. You have to be especially careful with permissions for sending text messages. Ideally, you should only allow this permission if you've deactivated paying for text messages through your provider.

sms permissions
This is how SMS permissions look on Android 10. / © NextPit (screenshot)

Memory

When an app gets this permission, it has access to your memory. You'll run into this with file manager apps and the microSD card. The sub-permissions will either have reading access or writing access, and can therefore also be deleted. Many apps use this permission to provide your user data where it doesn't actually belong. Since your memory is virtually unprotected by the permission, these apps can spy on all your information in your memory.

Location

Apps can determine your location, either roughly or precisely. Android does this through the location service, i.e. a mixture of Wi-Fi, GPS, and other potentially available sensors. Apps with this permission can record a motion profile of you. Depending on the number of users, heat maps of cities and other big data analyses can also be created.

app permissions location
You have more options for location permissions on Android 10. / © NextPit (screenshot)

In more recent Android software updates, you now have more control over the type of location permission you hand out to apps. You can choose from three options: Allow all the time, Allow only while using the app, or Deny. The middle option, where the app can see your location only when it is open, is a really useful addition that helps to protect your privacy.

Telephone

This is by far the largest group of dangerous permission. It is divided into...

  • Receive phone status

This is often used in music apps that pause playback when a call is received.

  • Reading out telephone numbers

The app hands over your mobile number so you don't have to type it in. Deny this permission if the app doesn't necessarily need your mobile phone number.

  • Making calls
  • Answer calls
  • Reading the call list
  • Writing the call list
  • Add mailbox
  • Using SIP (Session Initiation Protocol)
  • Editing outgoing calls
  • Reading incoming numbers

Good apps, bad apps

There is always room for improvement. With every Android update, you can get one step closer to more precise control over your permissions. If you prefer to keep your friends' phone numbers to yourself and don't want to be part of the next big data scandal, be careful about what data you disclose. Trust is good, but control is better!

  nextpit recommendation Price tip Luxury version with handle Price tip with handle For Garmin fans Mid-range tip
Product
Image Withings Body Smart Product Image Renpho Smart Body Fat Scale Product Image Withings Body Scan Product Image Lepulse Lescale P1 Product Image Garmin Index S2 Smart Scale Product Image eufy Smart Scale P3 Product Image
Deals*
Go to comment (7)
Eric Ferrari-Herrmann

Eric Ferrari-Herrmann
Senior Editor

Eric has been with AndroidPIT since 2014. He’s writing articles and reviews for the German website. Topics are mostly privacy and new technology but there's also the occasional piece on environmental sustainability.

Liked this article? Share now!
Recommended articles
Latest articles
Push notification Next article
7 comments
Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • 1
    Photelegy Jun 23, 2020 Link to comment

    Does anyone know why the Bluetooth permission is in only in the location permission (with GPS)? Or is there a way to give an app only Bluetooth permission (without GPS)?


  • 1
    Photelegy Jun 23, 2020 Link to comment

    Does anyone know why the Bluetooth permission is in only in the location permission (with GPS)? Or is there a way to give an app only Bluetooth permission (without GPS)?


  • 49
    storm Mar 23, 2020 Link to comment

    On my wifi samsung tablet I've globally disabled and and body sensor permissions. There's simply no context where they can even work particularly where I have no body sensor devices. My banking app swears up and down that it can't work without SMs permissions. But works fine. Google play games also throws a conniption when I launch games that the ganes cant possibly operate without these permissions. Which then work fine.
    Google play games is more of a viral load for me at this point as it only sevrsto annoy me, is wrong in it's operation, and of negative value in using my android device. They should allow its removal for those of us who game offline and without social media gamification.


  • marco sarli 39
    marco sarli
    • Admin
    Sep 18, 2019 Link to comment

    Very interesting. Clear and informative. We need more of these articles


  • Stewart Daniels 3
    Stewart Daniels Jul 16, 2018 Link to comment

    This article is the embodiment of why root access is needed (For some). For all the permissions Google and certain app devs let you control, there are many permissions/ processes they wil never let you see/ access through stock Android because we're the 'Product', and that would harm the data flow= business model.

    Don't get me started on the Google background processes that log, report, save/ sync metadata to servers, analytics, app measurement, sensor collection, event logs, metrics logging, Firebase analytics (Look it up), MMS backup services, usage reporting, advertising, Full Log Backups and much more...all terms for data mining.

    That's the price of using Google Services with a very nice phone.

    No option to disable any of the spyware parts because you can't see it from 'Permissions'.

    Disabling permissions with stock Android is an illusion. At best, a Band-Aid on a severed limb.

    Google is blaming/ stopping devs from data overreach (Understandable), while freely doing the same thing for our 'Betterment' unchecked. Not in my devices though.

    Carefully explaining to users on exactly what Android is (And isn't), is not in the best interest of Google. Plus, they know we don't care how the meat is made, as long as it tastes good.

    Educate yourselves.

    I rest my tin-foil hat.

    marco sarli


  • 4
    jay singh Apr 11, 2018 Link to comment

    Great article guys, it is very informative and should make more people understand app permissions. Keep writing similar article which will help the Android community, thanks.
    Jay
    Real Media Now Ltd


  • 4
    Pteryx Feb 3, 2014 Link to comment

    Snoopwall lets you manage app permissions

Write new comment:
All changes will be saved. No drafts are saved when editing