I Checked My Android App Permissions and Deleted 5 Shockingly Over-Entitled Apps

Over a slow weekend, I decided to do something I’d been putting off for months: audit every app permission on my Android phone. I’d read the occasional privacy story and knew that permissions can be abused, but like most people, I assumed the apps I’d downloaded from the Play Store were basically safe. I was wrong.

By Sunday evening, I had removed five apps I had previously considered trustworthy. Here’s what I found, how you can check your own phone, and what to look out for.

What happened: digging into the permission list

Android has offered granular, runtime permission controls since version 6.0 (Marshmallow). That means you can see exactly which permissions each app has, and revoke them individually, rather than accepting an all-or-nothing list at install time. But that feature only helps if you actually use it.

I started by opening Settings > Apps > See all apps. Then I tapped each app one by one, selected Permissions, and looked at what was enabled. I paid special attention to the “dangerous” permission groups: location, camera, microphone, body sensors, calendar, and contacts. I also checked storage and phone permissions.

To my surprise, several apps had permissions that had no plausible connection to their core function. For example:

  • A simple unit-converter app had access to my precise location.
  • A flashlight app (yes, still available) requested camera and microphone.
  • A barcode scanner demanded full contact list access.
  • A weather widget had permission to read my calendar.
  • An offline dictionary app requested phone call management.

In each case, the app worked fine after I revoked the questionable permission. None of them broke or complained. That told me the permissions were almost certainly being collected for analytics, ad targeting, or data brokerage—not for any feature I was using.

Why it matters

Excessive permissions are a real privacy risk. A location-aware flashlight can build a detailed timeline of where you are. A barcode scanner with contact access can siphon your address book. Even if an app isn’t malicious, its advertising SDK might be harvesting this data. And because Android allows background activity, permissions granted once can keep running long after you’ve stopped using the app.

Google Play Protect scans for malware, but it does not review whether an app’s permission requests are proportional to its function. That responsibility falls entirely on you.

What you can do: a practical audit

If you want to run your own audit, here is a straightforward checklist.

  1. Open Settings > Apps > See all apps. (On some Samsung phones, it’s under Settings > Apps > tap the three dots > Show system apps to see everything.)
  2. Tap an app, then tap Permissions. Look at each permission listed under “Allowed.”
  3. Ask yourself: Does this app need this permission to work? If it’s a map app, location makes sense. If it’s a calculator, it does not.
  4. Revoke anything you’re unsure about. You can always re-enable it later if the app stops working. In my experience, most apps won’t even notice.
  5. Repeat for every app. I did this systematically, and it took about an hour for roughly 80 apps.

For the five apps I deleted, I also uninstalled them entirely. There are leaner alternatives for all those functions. For instance, a simple LED flashlight app without ads or excessive permissions can be found on F-Droid or by using the built‑in flashlight toggle.

If you prefer not to go app by app, Android also offers a global permission manager. Go to Settings > Privacy > Permission manager. There you can see every app that has access to a specific permission, like location, and revoke it in bulk. I recommend using this view as a quick check, then drilling into individual apps for deeper scrutiny.

Making it a habit

One weekend audit is fine, but permissions can change after updates. A month from now, an app might add a new permission request during an update, and you might approve it without thinking.

My advice: set a calendar reminder every three to six months to repeat this process. The whole thing takes less than an hour, and it’s one of the most effective ways to reduce your phone’s data exposure without changing your daily habits.

Sources

  • The original Android Police article (June 2026) that inspired this weekend project.
  • Android developer documentation on runtime permissions (source.android.com).
  • Google’s Play Protect overview (support.google.com/googleplay).