Information Security Technology
mobile app logos

App Permissions: A Hidden Door in your Data Security

“This app needs access to your: contacts, photos, microphone, Deliveroo history, and mother’s texts.”


Managing app permissions is a common, confusing, and often fury inducing activity.

After all, if the app claims it won’t work without these permissions, what are you to do?

App permissions management relates to defining an app’s access to your device and stored data. Permissions can be given through social media logins, which provide an app with an extensive historical data network. Or by granting permissions to connect with apps, such as your contacts app or photo storage app.

But app permissions can go much further. We’ve gradually given our devices a colossal amount of data between digitised doorbell cameras and home security, smartwatches, and GPS devices. Meaning, an app owner or hacker could access your biometric, home, or office devices given the right circumstances.

Today, we’re sharing how app permissions can help and harm before reviewing how you can edit your apps on an Apple and Android device.

App permissions that help

Apps need specific services to function correctly. WhatsApp understandably needs access to your contact list. A camera app understandably needs access to a photo storage app.

Permissions allow you to make an informed decision about the data you’re exchanging when you use these services. Without permissions, apps would have access to everything on your device. Effectively, permissions give you control over your data and stop hackers or individuals with malicious intent from accessing other parts of your device.

App permissions are also becoming increasingly sophisticated, offering options such as “Only use while the app is open”. These controls limit the opportunities a hacker could have across permissions that are required for the app to function. 

For example, a plant identification app needs access to your camera and photo feed to work. But with the “Only while the app is in use” setting, the app can’t access these services when you don’t explicitly ask it to.

App permissions that can harm

So, while app permissions can help – when they are misused, app permissions can be even worse than no permissions at all. 

You see, app permissions give hackers a direct line to your connected apps and login credentials, allowing them to bypass blockers that would still be in place without any app permissions at all.

When defining which app permissions to avoid, or which could harm your device, you need to consider the context. By which, we mean consider if the app truly requires that permission and the ways it could be exploited.

In our plant identification app example, it needs your camera or photo storage app to function. But that same app shouldn’t need access to your calendar or contacts.

Each time you update or download an app, consider each permission and if it’s worth exchanging that data and the vulnerabilities that come with it for the service you’ll receive.

Where to edit your app permissions

Permissions are all about consent, and you can review and withdraw your consent at any point in your device settings. Some settings are universal to your account, but apps often link permissions to the same device it’s installed on. So, to edit your app permissions, use the device that has the app installed.

Where to edit your app permissions on most Apple Devices:

  1. With your Apple device in hand, navigate to ‘Settings’ 
  2. Scroll down your settings until you see the option for ‘Apps’
  3. Click into the apps list 
  4. Click on each app to view its permissions
  5. Once you’ve reviewed the permissions, tap on them to allow or disallow

Where to edit your app permissions on most Android Devices:

  1. With your Android device in hand, navigate to ‘Settings’
  2. Scroll down to find ‘Apps’ or ‘Apps and notifications’
  3. Click on the app you want and then click ‘Permissions’
  4. Click on the permissions within the ‘Allow’ section, and you’ll see a list of permission options. Select the option you require: “Allow while using the app”, “Ask every time”, or “Don’t allow”

App permissions are a common weakness in organisations, as without locking them down, the end-user widely dictates what they are. Our data protection experts can be on-hand to train your team and define your app permission protocol as part of your cyber security policy. Please feel free to chat with us about any app permission questions you might have in your organisation.