I Spent a Weekend Reviewing Android App Permissions and Deleted 5 Apps I Thought I Could Trust

A few weeks ago, I finally did what I’d been putting off for years: I sat down and checked every single app permission on my Android phone. I expected a few annoyances. What I found was more unsettling than I anticipated.

What happened

Over the course of a weekend, I opened the Permission Manager in Android settings and went through each app one by one. The process took about two hours, including time spent researching what each permission actually does. I was looking for apps that requested access to things like location, camera, microphone, contacts, or storage when those permissions had no clear connection to the app’s core function.

I found that out of 87 installed apps, 14 had permissions I considered excessive. Five of those were apps I had downloaded from the Play Store and used regularly, including a simple unit converter, a popular weather widget, two games I hadn’t opened in months, and a free flashlight app. The flashlight app wanted access to my precise location and camera—neither of which it needs to turn on an LED.

None of these apps are malicious in the sense of stealing passwords. But they collect data for advertising and analytics, and that data is often sold to third parties. The flashlight app alone had over 10 million downloads and a permission list that read like a spyware checklist.

Why it matters

Android’s permission model has improved over the years. Since Android 11, you can grant one-time permissions, and on Android 12 and later, apps that haven’t been used for months automatically have their permissions revoked. But these features are opt-in or happen in the background. They don’t prevent an app from asking for invasive permissions in the first place, and they don’t alert you when an app has more access than it needs.

The real problem is not that one flashlight app can see your location. It’s that the cumulative exposure across dozens of apps builds a detailed profile of where you go, what you do, who you talk to, and when you’re home. That profile is bought and sold without your meaningful consent. A 2023 study by the International Computer Science Institute found that many free apps request far more permissions than necessary and that users rarely notice because the requests are bundled into the initial install flow.

What you can do

You can perform the same audit in about an hour. Here’s the step-by-step process that worked for me:

  1. Open settings, then Privacy, then Permission Manager. On stock Android, this is under Settings > Privacy > Permission Manager. On Samsung, it’s Settings > Security and Privacy > Permission Manager. The exact path varies by manufacturer, but searching for “permission” in settings usually works.

  2. Go through each permission category. Start with the most invasive: Location, Camera, Microphone, Phone, Contacts, and SMS. Tap each category to see which apps have been granted that permission. Android also shows a “Last 24 hours” view that reveals which apps actually accessed a permission recently. That’s a good way to spot apps that use location or microphone in the background without a clear reason.

  3. Check apps individually. For any app you don’t trust, tap it and choose “Deny” or “Remove permission.” If the app stops working, you’ll know it genuinely needed that permission. If it works fine, you’ve recovered some privacy.

  4. Decide whether to delete the app. Some apps, especially pre-installed carrier bloatware, cannot have their core permissions revoked. In those cases, consider disabling the app entirely. Go to Settings > Apps, select the app, and tap “Disable.” For downloaded apps, consider uninstalling and replacing them with a privacy-friendly alternative.

Here are five types of apps I deleted or replaced:

  • Flashlight apps. Almost all of them request location and camera. Use the built-in flashlight toggle in your quick settings instead.
  • Unit converters and calculator apps. Many of these request internet access and storage. Use the default Google calculator or a simple offline converter like “Unit Converter Ultimate” (which I verified only needs storage for saving conversions).
  • Popular casual games. Puzzle games, time killers, and simple arcade games often request contacts, location, and phone state. Before installing any game, check the permission list on the Play Store. If it asks for more than storage and network, be suspicious.
  • Weather widgets from small developers. Many of them request location even when you’ve entered a city manually. Use a reputable weather app like the open-source Breezy Weather or the built-in weather on Pixel/Samsung devices.
  • QR code scanners. They often ask for camera (necessary) plus location, storage, and internet. Use Google Lens or the camera’s built-in QR reader instead.

Alternatives that respect privacy:

  • For file management: Simple File Manager (open-source).
  • For note-taking: Standard Notes (encrypted).
  • For a keyboard: OpenBoard (no internet permission).
  • For barcode scanning: Binary Eye (no internet).

Finally, make this a habit. Set a reminder every three months to check your Permission Manager. Also review the list of apps with “All files access” under Special app access—this permission is rarely needed by anything other than a file manager.

Sources

  • Android Police article: “I spent a weekend reviewing Android app permissions and deleted 5 apps I thought I could trust” (June 2025).
  • Google’s Android Permissions overview: https://developer.android.com/guide/topics/permissions/overview
  • International Computer Science Institute study on app permission requests (2023).
  • My own audit: 87 apps, 14 with excessive permissions, 5 deleted.