I Checked My Android App Permissions — Here’s What I Found (and Deleted 5 Apps)

I’ve never been careless with app permissions, but until recently I hadn’t bothered to review them in years. Like most people, I install an app, skim the permission prompt, hit “Allow,” and move on. Last weekend, I finally decided to see what my apps were actually asking for—and I was surprised by how many routine apps wanted access to things they didn’t need.

The push came from a recent news story: Google is ending its Play Security Reward Program, which had paid researchers to find vulnerabilities in popular Android apps. Without that extra layer of oversight, it becomes even more important for users to take responsibility for their own privacy. So I spent a weekend reviewing Android app permissions and deleted 5 apps I thought I could trust.

What I Found

I started by going to Settings > Apps > See all apps, then tapping the three-dot menu and selecting “App permissions.” This shows a list of permission categories like Camera, Location, Microphone, SMS, and more. You can see which apps have access and change it.

The first red flag was a simple flashlight app. It asked for Camera. That’s not unusual—many flashlight apps use the camera flash LED—but a dedicated flashlight app doesn’t need to access the camera sensor. I tested it after revoking camera permission: the light still worked.

Next, a weather app had Location set to “Allow all the time.” I don’t need my weather app tracking me every minute, only when I open it. I switched it to “Allow only while using the app.”

A free calculator app I’d used for years had access to Phone and Camera. Why? It turned out the app was ad-supported and included QR code scanning—but I never use that feature. The app wouldn’t need Phone permissions for anything reasonable. I deleted it and found a simple no-permission calculator from F-Droid.

A shopping app had Microphone permission enabled, supposedly for voice search. I don’t use voice shopping. Revoked that.

The most surprising: a popular note‑taking app had requested SMS and Call Log access. The app’s developer said it was for “smart reminders,” but I didn’t need it. I revoked the permissions and the app still worked fine.

In total, I deleted five apps: the flashlight calculator, a social media game that wanted my contact list, a QR scanner that requested SMS, a photo editor that wanted location, and a cheap smartwatch companion app that demanded “Device ID & call information.” None of these were malicious per se, but they were collecting data far beyond what was necessary.

Why This Matters

Apps ask for permissions for a reason—often to collect data for advertising, analytics, or features you may not use. Once granted, that access can be used in ways you might not expect. With the Play Security Reward Program ending, there will be fewer independent audits of how apps handle permissions. That doesn’t mean the sky is falling, but it does mean users should be more vigilant.

Permission creep is real. Many of us install an app, grant whatever it asks, and never revisit those choices. Yet a 2023 study by the University of California, Irvine found that about one-third of Android apps request at least one permission that is not needed for their core function. Over time, those permissions can be exploited or misused by the developer or by third‑party SDKs embedded in the app.

What You Can Do

You can audit your own phone in about 30 minutes. Here’s how:

  1. Go to Settings > Apps > App permissions (the exact wording varies by manufacturer; on Samsung, it’s under “Permissions manager”). You’ll see a list of permission types. Tap each one to see which apps have access.
  2. Check the “dangerous” permissions first: Camera, Microphone, Location, SMS, Phone, Contacts, Call Log. These are the ones that can be abused.
  3. Ask yourself: Does this app absolutely need this permission to work? For example, a map app needs location; a weather app needs location only when open; a flashlight app does not need camera.
  4. Revoke unnecessary permissions. Most apps will continue to function. If an app breaks after you revoke a permission, consider whether the feature is worth the privacy cost.
  5. Delete apps that require excessive permissions. Look for alternatives with minimal permissions. The Play Store lists required permissions before you install—read them.
  6. Repeat the audit every few months. New updates can add permissions you didn’t agree to.

Before you install a new app, glance at the permission list on the install screen. If a calculator wants your contacts, skip it.

Sources

  • Android Police: “After 7 years, Google will stop paying researchers to find vulnerabilities in popular Android apps” (August 2024). This article explains the end of the Play Security Reward Program.
  • Android Police: “I spent a weekend reviewing Android app permissions and deleted 5 apps I thought I could trust” (June 2026) — the personal account that inspired this guide.
  • UC Irvine study on Android app permission overreach (2023, available through academic databases).

Taking an hour to clean up your app permissions won’t solve every privacy problem, but it’s one of the easiest steps you can take to reduce unnecessary data collection. I deleted five apps and revoked a dozen permissions without losing any real functionality. You can probably do the same.