Anytime you install an app from Google Play, you’ll likely see an app permission request. If you install a camera app, for example, it will need your permission to access your device’s camera before it can actually take photos.
Other permissions can include monitoring your location, saving data, sending and receiving calls and texts, reading sensitive log data, or accessing your contacts, calendar, or browsing history.
A typical Android app permissions request looks like this:
The familiar Android app permissions request.
Before Facebook Messenger can access your text messages, for example, you need to approve or deny the permission request.
What is the Android permissions controller?
The Android permissions controller is a part of the Android operating system that tells apps what they can and can’t access. When you install a new app, the Android permissions controller is what gives you the option to allow or deny permissions for that app.
Android app permissions to avoid
You should avoid app permissions that aren’t necessary for an app to work. If the app shouldn’t need access to something — like your camera or location — don’t allow it. Consider your privacy when deciding whether to avoid or accept an app permission request.
Android system permissions are divided between “normal” and “dangerous” permissions. Android allows “normal” permissions — such as giving apps access to the internet — by default. That’s because normal permissions shouldn’t pose a risk to your privacy or your device’s functionality.
It’s the “dangerous” permissions that Android requires your permission to use. These “dangerous” permissions include access to your calling history, private messages, location, camera, microphone, and more. These permissions are not inherently dangerous, but have the potential for misuse. That’s why Android gives you the opportunity to accept or refuse them.
Some apps need these permissions. In those cases, check that an app is safe before you install it, and make sure the app comes from a reputable developer.
How to tell if an app permission is dangerous
Android classifies permissions as “dangerous” if they might affect your privacy, the functionality of other apps, or your device’s operation. Watch out for apps that request access to at least one of these nine permission groups:
How to change Android app permissions
You can manage Android app permissions by checking which ones you currently have allowed and modifying them if necessary. You can also check Android app permissions in the Google Play store before you download an app. Here are four ways to change your app permissions on Android.
Check an app’s permissions before installing it
Maintain strict privacy standards by reviewing an app’s permissions before you install it. Here’s how to check Android app permissions in the Google Play store:
Open Google Play and find the app you’re interested in.
Scroll down and tap About this app.
Scroll down to the bottom and tap App permissions.
Here you can see all the permissions the app will request.
From here, you can decide whether you trust the app developer and feel comfortable with the app using these permissions. Choosing to use only apps with appropriate permissions is a great way to control Android app permissions right from the start.
See all permissions used by a specific app
Concerned about what a particular app can access on your phone? Here’s how to manage permissions on a specific app:
Open Settings and choose Apps & notifications.
Find and select the app you want to check permissions for.
Now you can see all the app’s permissions. To change a specific permission, tap it.
Here you can delete any permissions you aren’t comfortable with.
Apps do require some permissions to work properly. If you deny Google Maps access to your location, it can’t give you directions and also won’t be able to personalize your map searches based on your location.
Here you can also choose to allow permissions all the time, only when the app is in use, or only if you allow it each time.
See all apps that use a specific permission
If you’d rather take a look at the Android app permissions list and choose something specific — like access to your location or contacts — and then view all apps that have that access, this can help you get control of your privacy on Android.
Here’s how to access the app permissions list to see all apps that use a specific permission:
Open Settings and tap Apps & notifications.
Tap Permission manager to open the Android permission controller app.
Click a specific permission from the app permissions list that you’re interested in, like location.
Here you’ll see apps that have access to your location all the time or only while in use. To remove access, tap a particular app.
Manage the Android app’s permissions by choosing its level of access here.
Use a security tool to see app permissions
An easy way to manage your Android app permissions is to use a security tool to help with the process. Not only does AVG AntiVirus for Android help you take control of your Android app permissions, it also protects your phone against malware, theft, and unsafe Wi-Fi networks.
Here’s how to use AVG AntiVirus to see app permissions:
Download and install AVG AntiVirus FREE for Android.
Allow the necessary permissions — we need access to your device folders and apps so we can properly protect them.
Click the hamburger menu in the top left.
Scroll down and tap App Insights.
Select the Permissions category. Here you’ll see all your high-permission apps, along with average and low-permission apps. Tap a specific app to get more info on its permissions.
Here you can see which permissions might be concerning from a privacy standpoint. You can also easily uninstall the app or get more info.
Additionally, you can review your apps’ data usage and screen time for valuable insights into your digital habits. You’ll also enjoy ongoing protection against unsafe Wi-Fi networks, password leaks, and malicious software.
Permissions to look out for
Be careful about apps requiring permissions that may compromise your privacy. You should be especially wary of an app that requests a permission that doesn’t seem necessary for what the app does.
Android defines nine groups of “dangerous” permissions. Each of these dangerous permission groups contains multiple permissions, and approving one permission within a group also approves the other permissions in that same group. For example, if you allow an app to see who’s calling you, you’ll also allow it to make phone calls.
Here are the dangerous Android app permissions, explained:
Body sensors app permissions
Body Sensors: Allows access to your health data from heart-rate monitors, fitness trackers, and other external sensors.
The good: Fitness apps need this permission to provide health tips, monitor your heart rate while you exercise, and so on.
The bad: A malicious app could spy on your health data.
Calendar app permissions
Calendar: Allows apps to read, create, edit, or delete your calendar events.
The good: Calendar apps need this permission to create calendar events, and so do social networking apps that let you add events and invitations to your calendar.
The bad: A malicious Android app can spy on your personal routines, meeting times, and events — and even delete them from your calendar.
Camera app permissions
Camera: Allows apps to use your camera to take photos and record videos.
Contacts app permissions
Contacts: Allows apps to read, create, or edit your contact list, and access the lists of all accounts (Facebook, Instagram, Twitter, and others) used on your device.
The good: A communication app can use this to help you easily text or call other people on your contact list.
The bad: A malicious app can steal all your contacts and then target your friends and family with spam, phishing scams, etc.
Location app permissions
Location — Allows apps to access your approximate location (using cellular base stations and Wi-Fi hotspots) and exact location (using GPS).
The good: Navigation apps help you get around, camera apps can geo-tag your photos so you know where they were taken, and shopping apps can estimate your address for delivery.
The bad: A malicious app can secretly track your location to build a profile on your daily habits and digital breadcrumbs, or even let dangerous hackers or thieves know when you’re not at home.
Microphone app permissions
Microphone: Allows apps to use your microphone to record audio.
The good: A music recognition app like Shazam uses this to listen to any music you want to identify; a communication app uses this to let you send voice messages to your friends.
The bad: A malicious app can secretly record what’s going on around you, including private talks with your family, conversations with your doctor, and confidential business meetings.
Phone app permissions
Phone: Allows apps to know your phone number, current cellular network information, and ongoing call status. Apps can also make and end calls, see who’s calling you, read and edit your calling logs, add voicemail, use VoIP, and even redirect calls to other numbers.
The good: Communication apps can use this to let you call your friends.
The bad: A malicious app could be spyware that can eavesdrop on your phone habits and make calls without your consent (including paid calls).
SMS app permissions
SMS: Allows apps to read, receive, and send SMS messages, as well as receive WAP push messages and MMS messages.
The good: Communication apps can use this to let you message your friends.
The bad: A malicious app can spy on your messages, use your phone to spam others (including smishing scams), and even subscribe you to unwanted paid services.
Storage app permissions
Storage: Allows apps to read and write to your internal or external storage.
The good: A music app can save downloaded songs to your SD card, or a social networking app can save your friends’ photos to your phone.
The bad: A malicious app can secretly read, change, and delete any of your saved documents, music, photos, and other files.
The most dangerous permission types
In addition to the permissions above, Android also has administrator privileges and root privileges — the most dangerous permission types. You definitely don’t want any malicious apps accessing these super-permissions on your device.
While Google vets apps before allowing them into their marketplace, sometimes malicious apps sneak into the Play Store. Google works quickly to correct their mistakes and remove them, but sometimes the apps get downloaded hundreds or even thousands of times first.
What are device administrator privileges?
Device administrator privileges (sometimes called admin rights) let apps modify your system settings, change your device password, lock your phone, or even permanently wipe all data from your device. Malicious apps can use these privileges against you, but they’re also important for some legitimate apps.
For example, security apps with admin privileges are difficult to uninstall, which helps stop thieves and hackers from removing them from your phone. Our free AVG AntiVirus app uses device administrator privileges to let you remotely lock or wipe your device if it’s ever lost or stolen.
What are root privileges?
Root privileges (sometimes called root access) are the most dangerous app permissions. Any app with root privileges can do whatever it wants — regardless of which permissions you’ve already blocked or enabled. Malicious apps with superuser privileges can wreak havoc on your phone. Thankfully, Android blocks root privileges by default.
But malware makers are always looking for sneaky ways to get root privileges. That’s another reason why having a strong Android security app to defend your phone is so important.
In earlier versions of Android, accepting potentially dangerous permission groups was an all-or-nothing affair. You either allowed all permissions requested by an app — before installation — or you declined them all, which meant you couldn’t install the app.
Sketchy app developers could abuse this system to sneak in permissions that went beyond the scope of their app — such as calendar apps that requested access not only to your calendar, but also to your microphone.
Thankfully, that mostly changed with the release of Android 6.0 (the so-called Marshmallow update) back in October 2015. Now Android allows you to decide which permissions to accept on a case-by-case basis — after the app is installed.
Android app permissions to allow
Allow Android app permissions that apps legitimately need. Google Maps can’t give directions without your location, and Zoom can’t connect you to a video meeting without accessing your microphone and camera. But make sure to assess Android apps for safety before installing them.
How to tell if an app permission is normal
To tell if an app permission is normal, read the permission carefully and use common sense to determine whether it’s a reasonable request. Does a social media app really need access to your location? Perhaps some features won’t work without it. But it's up to you to find the right balance between privacy and usability.
App permissions are designed to protect you. They might seem annoying at first, but you need to approve them only once per app — unless you configure apps to ask each time — and it’s well worth it to carefully read and consider these pop-ups before giving access.
Why am I getting two requests for the same permission?
You might sometimes see two back-to-back notifications for the same app permission. This is because the first notification is from the app itself, explaining why it needs the permission. The second notification is from Android and is a generic request for the permission. Only this second request actually allows or rejects the permission.
Secure your phone with AVG AntiVirus for Android
Whether it’s managing your Android app permissions with ease or defending your phone against real-life theft, AVG AntiVirus for Android is there to protect your device. Get real-time protection against malware, boost speed by killing tasks that slow down your device, and receive alerts if your passwords ever leak.