How a Weekend Audit of Android Permissions Made Me Delete 5 Apps I Trusted

Intro

A few weekends ago, I sat down with my phone and did something I had been putting off for months: I opened the Android Permission Manager and reviewed every app that had access to my location, camera, microphone, contacts, and storage. It took about half an hour. When I finished, I had deleted five apps I had been using regularly — apps I assumed were safe because they were popular and had good ratings.

This article walks through what I found, why it matters, and how you can do the same audit on your own Android device without needing any technical skill.

What happened

I started by going to Settings > Privacy > Permission Manager on my Pixel phone (Samsung and other manufacturers have similar paths). This screen shows every permission type — body sensors, calendar, camera, contacts, location, microphone, phone, SMS, storage — and lists which apps have been granted that permission.

What I saw was not shocking in a “someone is stealing my banking details” way, but it was quietly unsettling. A flashlight app I had downloaded years ago had access to my precise location. A calculator app could read my contacts. A note-taking app I hadn’t opened in two years still had full camera access. One popular weather app, which I had allowed “location only while using,” had somehow been granted background location access at some point after an update.

I didn’t delete apps that had legitimate reasons for permissions — for example, Google Maps needs location, and Signal needs microphone for calls. The five I removed were apps where the permission request made no functional sense: a barcode scanner that wanted access to my SMS logs, a wallpaper app that requested microphone, and three utility apps that had “phone” permission enabled (which can read device identifiers and call logs).

Why it matters

App permissions are not just a theoretical privacy concern. Every permission you grant is a potential data channel. Location data can reveal where you live, work, and spend time. Contacts can be uploaded and used for social graphs or spam targeting. Microphone and camera access can be exploited if an app is compromised or if the developer monetizes data in ways you did not expect.

There is also a less-discussed security angle. In August 2024, Google stopped funding a program that paid independent researchers to find vulnerabilities in popular Android apps. This means there is now less incentive for security audits on the same apps. Combined with apps that request more permissions than they need, the attack surface widens. An innocent-looking utility app with unnecessary permissions becomes a softer target if a vulnerability is discovered.

I am not saying any of the apps I deleted were malicious. But when an app asks for data it has no business accessing, the safest assumption is that someday that data could be used in a way you would not approve of — either by the developer, an advertiser, or an attacker.

What readers can do

You do not need to spend a full weekend on this. Here is a practical, repeatable process:

  1. Open Permission Manager. On most Android devices, go to Settings > Privacy > Permission Manager (or Settings > Apps > Permission manager on some interfaces). This groups all permissions and shows which apps have been granted each one.

  2. Scan each permission category. Start with the highest-risk permissions: location, camera, microphone, contacts, SMS, phone, and body sensors. For each category, ask yourself: “Does this app absolutely need this permission to function?” A mapping app needs location. A note-taking app does not.

  3. Revoke what you do not need. Tap a permission entry and you will see a list of apps that have it. For any app that does not need it, change the setting to “Deny” or “Ask every time.” Android also offers granular options — for example, “Allow only while using the app” for location.

  4. Watch for apps that break. Some apps will malfunction if you remove a permission they truly need. That is fine — you can always grant it back. In my case, none of the five apps I deleted broke before I uninstalled them; they simply had no use for the permissions they held.

  5. Repeat every few months. New apps get installed, existing apps update their permissions. Set a reminder to do this audit quarterly. It takes fifteen minutes once you are used to it.

  6. Consider replacing apps. If a flashlight app asks for location, there are dozens of open-source alternatives that request no permissions at all. Calculate the cost of convenience versus privacy.

Sources

The topic of app permission abuse has been covered extensively. The original Android Police article that prompted this reflection details the author’s own experience deleting five apps after a permission review. Google’s decision to end the vulnerability reward program for popular apps was reported in August 2024 by several outlets. For technical reference, Android’s official documentation on Permission Manager and scoped storage (introduced in Android 11) provides context on why manual audits remain necessary despite platform improvements.