Like the back of
your hand

Learning the basics of app permissions

by Robert Siciliano


I’ve been covering technology for quite a while now, so I like to think I know apps pretty well. But a point I won’t argue is that my apps know me much better than I know them, and since I’m a betting man, I’d wager the same goes for you too.

Apps learn about us through settings on mobile devices called permissions. Permissions can cover information like age, gender, and location, and much more. Often, access to this kind of information is the very thing that makes an app great. I’m happy, in most cases, to share the data I need with them. After all, that data is often exactly what makes them good.

Permissions are often what
make apps great.

A good example is Google Maps, or Apple Maps if that’s your preference (I do love that night mode!). If I didn’t give Maps permission to use my location, one of the app’s greatest features, navigation, would be useless. Another example is Instagram. When I give it access to my camera, I can take pictures within the app. And when I give it access to my photos, I can then load photos I take outside the app, into the app.

These apps, and countless others, also learn more about you (age, gender, location) and use that information to convince advertisers they can distribute ads more effectively than their competitors. Some go even farther.

As a user, it’s your job to know what permissions apps ask for, and to make a decision if you’re OK with that.

But sometimes, permissions go too far.

Some apps ask for excessive permissions, and because we’re so eager to use the app, we often just click ‘Next’ and don’t pay attention to them. But we need to!

If given permission, apps might have access to information you’d rather they not have. For example, McAfee Labs™ found that over 80% of Android apps track your location, even though the same apps had no location-based feature for the user.

Both iOS, and Android-based apps have extensive permissions, and even if you never suspect foul play, pay attention to the information your apps request so you can make an informed decision to keep them, or click Uninstall.

How to cozy up to your apps.

You’ll never be able to read the Terms and Conditions for every app you install (it would only take you about 250 hours, by the way) but that’s not the only way to see what you agree to when installing an app.

Android Permissions

Before installing an app, Android will notify you of all the permissions it asks for, which you can accept or reject.

Pre-install permission screen.

You can review permissions of apps that are already installed in the Settings menu.

Review the permissions for apps you’ve already installed.

On Android, you can even limit apps’ access to your data for advertising purposes by clicking on “Google” in the apps menu.

Screen for opting out of interest-based ads.

iOS Permissions

Whenever you install a new app in iOS, you’ll get a notification asking you to allow permissions.

In iOS, you give permission before an app can access your data.

If you want to review or change the permissions apps you’ve already installed (Location, Contacts, Photos, etc.), you need to go to your iPhone’s Settings menu.

In the same Privacy menu, there’s even an option to limit ad tracking, under Advertising. You’ll still see ads in apps that run them, but they won’t be based on data from your iPhone.

Tech isn’t a one-sided relationship

Now that you’re paying attention, if anything sounds fishy, try searching for more information about the app online, or by reading its reviews. If an app is well-known, like Facebook, chances are you can trust it. If it’s an app you’ve never heard of, take extra care.

You should also be careful where you download apps from. It’s best to stick to the main app stores as they do provide some screening and regulation on apps that are uploaded there. It’s also critical to have comprehensive mobile security (especially now that we live our lives on our mobile devices)! And make sure your mobile security includes a feature that will warn you about apps that are accessing too much information and let you put an additional layer of security to PIN-protect specific apps.

Don’t be a passive participant in tech — be an active one.

You will have a more rewarding experience online if you take the time to know your apps as well as they know you.


It’s impossible to be Unhackable, but it’s easy to be practically unhackable. Design the security of your online life with the 5 Habits of Unhackable People.