How I Audited My Android App Permissions and Deleted 5 Apps I Trusted

Intro

Over a recent weekend, I did something I had been putting off for months: I opened my Android phone’s permission settings and looked, really looked, at what each app had access to. I had installed most of these apps years ago and never thought twice about their permissions. By the end of the weekend, I had uninstalled five apps that I had previously considered safe and trustworthy. Here’s what I learned, and how you can do the same audit in under an hour.

What happened

I started by going to Settings > Privacy > Permission Manager on my Pixel phone (the path is similar on most Android devices). This screen lists every permission category—location, camera, microphone, contacts, storage, and so on—and shows which apps have been granted access. I clicked through each one, noting apps that didn’t seem to need a given permission.

What I found was not malicious, but it was careless. Several apps I had downloaded years ago for one‑time uses still had permissions that no longer made sense. For example:

  • A flashlight app (which I had used years ago) still had access to my location and camera. There is no legitimate reason a flashlight needs either.
  • An old QR code scanner could read my contacts and had full storage access. Modern phones can scan QR codes from the camera app without a third‑party tool.
  • A simple calculator had permission to use my microphone. I never used a voice feature in it, and I doubt it offered one.
  • Two older games (a puzzle game and a racing game) had network access and storage permissions far beyond what they needed for saving progress. They also had location access, which seemed suspicious.

I revoked those permissions first, but then I thought better of it: do I really need these apps at all? The flashlight and QR scanner had simple, built‑in replacements. The calculator was redundant with the system calculator. The games I had not opened in over a year. So I deleted all five.

Why it matters

App permissions are not just about convenience—they are about limiting what data leaves your device. Every permission you grant is a potential pipeline for data collection, even if the app developer is not malicious. Apps accumulate permissions over time through updates, and many users never revisit them. Google’s Play Store now shows a “Data safety” section for each app, but it relies on developers to self‑report, and not all are fully transparent (as noted by Android Police and other outlets).

The real risk is not that every flashlight app is stealing your location, but that if one of those apps ever gets compromised through a vulnerability, the attacker inherits all the permissions you gave it. Reducing the number of apps—especially utility apps that duplicate system features—is a simple way to shrink your attack surface.

What readers can do

You can replicate my audit in a few steps, no special tools required.

1. Use the Permission Manager.
On most Android phones, go to Settings > Privacy > Permission Manager. You’ll see a list of permission types. Tap each one and review which apps have access. If an app’s permission seems unrelated to its core function, revoke it. You can always re‑enable it later if something breaks.

2. Check “All permissions” for each app.
For a deeper look, go to Settings > Apps > [App name] > Permissions. Some apps may request permissions that don’t appear in the manager’s summary. Look for permissions like “Phone” (which can read your device ID and phone number) or “SMS” (which can read or send messages). If an app doesn’t need these, deny them.

3. Delete apps you no longer use.
Be honest about apps you downloaded for a single purpose and forgot. Games you haven’t opened in six months, old utility apps, or shopping apps you used once—all of these can safely go. Instead of a dedicated app for scanning QR codes, use your phone’s camera (most Android camera apps scan QR codes natively). Instead of a flashlight app, use the quick settings tile.

4. Replace unnecessary apps with system features or web versions.
Social media apps often request many permissions. If you only check Facebook or Twitter occasionally, consider using the mobile website instead of the app. For utilities like calculators, compasses, or voice recorders, stick with the pre‑installed versions. They are usually sufficient and rarely request extra permissions.

5. Set a recurring reminder.
Permissions drift over time. I now plan to review my app permissions every three months. You can set a calendar reminder or schedule it alongside a phone security update.

Sources

This article is based on my own experience auditing permissions on a Google Pixel running Android 14. For background on the Play Store’s data safety disclosures, I consulted Android Police’s reporting on app privacy and Google’s official support documentation. The Permission Manager feature is available on all devices running Android 10 or later, though manufacturer skins may label it slightly differently.