How Do Android App Permissions Work? What You Need to Know
Android permissions are a core operating system feature for protecting your privacy, so it’s important that you understand them. If you’re confused about how it all works, you might not make the best decisions for your needs.
Let’s take a look at how Android permissions work and what you should know about managing them.
What Are Android Permissions?
Android permissions are special privileges that apps must ask for your approval to use when they want to access sensitive information on your phone. Our phones contain so much personal data that it makes sense to limit this access. You probably don’t want to let every app on your phone use your camera, microphone, and location.
Since Android changed the way that permissions work starting with Android 6 Marshmallow, we’ll focus on the modern method and briefly look at the way this used to work afterward. Here we illustrate instructions for stock Android; these menu options may differ slightly based on your phone.
How to View and Manage Permissions on Android
You can check the permissions that you’ve granted to your installed apps at any time.
Head to Settings > Privacy > Permission manager to view a breakdown of the major permissions like Camera, Phone, SMS, and more. Most of these are self-explanatory—for instance, the SMS permission lets apps read and send text messages—but you’ll see descriptions at the top of each page if you’re not sure.
Tap a permission and under Allowed, you’ll see every app that you’ve approved to use that function. Below this, the Not allowed (or Denied) section shows apps that don’t have access but could use it if approved.
Some permissions, like Location and Microphone, have more levels of granularity. For example, you’ll see Allowed all the time and Allowed only while in use to denote if the app has constant access or can only use the permission when the given app is open. And for Location, you can disable the Use precise location slider to limit apps to your general area.
Tap an app to change its permission status to Allow or Deny. To see all other permissions for that app in one place, select See all [app] permissions to jump to the app’s full permissions page. You can also get to this by going through Settings > Apps > See all X apps, tapping the app in question, and choosing Permissions.
Reviewing Specific Android Permissions
While Android groups permissions into broad categories like Location and Storage, there are actually many granular permissions under each category. You can find these on an app’s permissions page; tap the three-dot Menu button at the top-right and choose All permissions to see a full breakdown.
For example, under the Storage section, you’ll likely see both read the contents of your shared storage and modify or delete the contents of your shared storage. This provides the app with both read and write permissions to your file system. Tap any permission to see more info about it.
At the bottom, you’ll see a collection of Other app capabilities. Android considers these “normal permissions”; they don’t require your approval since they are common across apps and don’t pose a risk to your privacy. These include control vibration, receive data from internet, and others.
Be aware that when you approve a permission group, all the granular permissions inside are automatically granted. You can’t pick and choose individual permissions from a group.
Granting Permissions to New Android Apps
We’ve looked at how to adjust permissions for apps already on your device, but what about when you install new apps?
Before installing, you can check the permissions that an app might request on its Google Play Store page. Tap the About this app section to open its description, then scroll down to the bottom and hit the See More link next to App permissions. Here you’ll see a list of permissions groups and specific permissions that the app may request.
You can review this information on the web version of the Play Store in the same way.
With apps built for modern versions of Android, you don’t have to grant any permissions upon installing an app. Instead, an app will ask you for permissions as it needs them, and a well-made app will do this in a way that makes sense. For example, it might walk you through an introduction with the reasons it needs certain permissions before prompting you for them.
Other times, you won’t see a request for a permission until you try to use that function. For instance, when you try to send a picture in a messaging app, you’ll see a prompt for it to access your storage.
Permissions vs. Google Play Privacy Labels
Keep in mind that Android permissions aren’t the same as Google Play’s privacy labels, which have a different intent. While permissions dictate what apps can and can’t do on your device, Google Play’s privacy information is a summary of how the app handles your data, even outside your phone.
For example, these labels tell you if data collected by the app is shared with third parties, what purposes data is collected for, whether your data is encrypted in transit, and if you can request to have this data deleted. While the permissions you set will affect what data the app collects, the privacy labels are intended to help you make better decisions about what apps you trust with your data in the first place.
If you deny a permission, what happens next depends on the app. Sometimes, it will work just fine without a certain function. For example, you can still browse Instagram without giving the app access to your camera—you just can’t snap new pictures using the app’s interface.
Other times, an app may refuse to function properly unless you grant that permission. It might rely on it to work, or maybe the developer didn’t account for people denying the permission.
This is also the case if you change your mind and decide to deny a permission that you had approved earlier. The app will hopefully detect that you denied the permission and ask you to allow it again when needed, but that’s up to the developer. Should you find that some feature in an app doesn’t work, it’s a good idea to review the permissions list as above.
And if an app keeps asking for a permission that you don’t want to provide, after you tap Deny once, you’ll see a Don’t ask again option.
The Old Android Permission System
On Android 5 Lollipop and earlier, the classic system of Android permissions applies. Since only a small percentage of devices still run these versions, we’ll briefly touch on how it worked for historical purposes.
Prior to Android 6 Marshmallow, you had to accept all requested permissions when you installed an app, which was an all-or-nothing system. Thus, if you didn’t like one permission that an app asked for, your only options were to live with it or not download the app. And if an app added new categories of permissions later, you had to also accept those to update the app to the latest version.
Obviously, this setup had a lot of problems. Unless you rooted your phone to use a permission manager app, you were at the mercy of whatever permissions an app added. It didn’t give the user enough control, which is why Google changed it.
Unless you have an old Android phone, you don’t have to worry about this system. However, there is one quirk that carries over from older permissions. If a developer hasn’t updated their app to target Android 6 or newer, you’ll see a prompt to accept all permissions when installing an app, instead of approving them individually later.
You can still use the permission manager to revoke permissions as described above, but since the apps aren’t built with this functionality in mind, doing so may break them.
Using Android Permissions Wisely
There’s no blanket answer to which permissions you should grant to specific apps. It’s up to you to decide whether you trust an app to access sensitive information on your device. However, using a bit of common sense will help.
For example, Google Maps obviously won’t do much if you deny it access to your location. Similarly, a messenger app might need access to your camera if it has its own camera shortcut option. However, a free sudoku game has no good reason to request access to your calendar or microphone, so you shouldn’t grant those.
Keep in mind that once an app has permission to use something, it can do so whenever it wants. While an app might have a legitimate reason for accessing your location, it could also check your location in the background every so often and send that data to advertisers. This is why some permissions are more dangerous than others.
It’s difficult to vet how apps actually use the permissions you grant them, so there’s a level of trust you have to apply. If you need to use an app but don’t want to leave its permissions on all the time, try granting temporary app permissions using an app called Bouncer, which is one of the best permission manager apps on Android.
Android also manages permissions as part of the built-in Play Protect service. Thanks to this feature, your phone will automatically remove permissions for any apps that you haven’t used for at least three months. This means that even if you forget an app is on your phone, or only need it occasionally, it won’t sit around sucking up your data. See our guide to removing permissions from old Android apps to learn how it works.
Treat Android Permissions With Care
Since a smartphone isn’t much without apps, permissions are important to the experience. Now you know how permissions work on Android and how to manage them to keep your information safe. For best results, consider each permission carefully and review them regularly.
Meanwhile, there are more options to dig into on your Android phone if you’re curious.