Android app permissions have improved a lot over the years. But still, the apps are not trustworthy. Especially if you have an android phone then the threat increases. Yes, you read it right! So I have created a list of various android app permissions which will help you to make an appropriate decision next time when giving permissions to an installed app.
Before we get to the list let us first understand basic questions related to app permissions.
Table of Contents
Does uninstalling an app remove permissions?
No, not necessarily because most apps leave behind directory structure along with log files and other data to let them know if they were previously installed.
How to solve “android apps updating without permission” problem.
How to disable auto- update of an app:
- Open the Google Play Store.
- Tap the icon in the top-left, and choose My apps & games.
- Now click on the top-right corner.
- Uncheck Auto-update.
How to disable automatic updates for all apps on android:
- Open the Google Play Store.
- Tap the top-left icon, and choose Settings.
- Under General, tap Auto-update apps.
- Choose the first option: Do not auto-update apps.
How to solve “android app keeps asking for permission” problem?
To see all permissions of an app:
- Open the Settings app on your phone.
- Tap Application Manager.
- Tap the app you want to update.
- Tap Permissions.
- Next, choose which permissions you want to give.
Why android app needs permission?
The sole reason being to protect your data from exploitation.
If your android device gave all the permissions to all the apps which you installed then there would be a high chance that your data would be on sale on an online black market.
According to Citrusbits, android’s play store security is very low compared to that of Apple’s app store.
Because the app store has high standards required by an app to qualify before they publish it on their app store.
While play store! meh!
A Complete Android App Permissions List and What Do They Mean
1.) Make phone calls
Permission Type: Software
URI: android.permission.CALL_PHONE
Risk: HIGH
Protection level: DANGEROUS
Official Description:
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
Details
This permission is of high importance. This could let an application call a 1-900 number and charge you money.
2.) Send SMS or MMS
Permission Type: Software
URI: android.permission.SEND_SMS
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to send SMS messages.
Details
This permission is of high importance. This could let an application send an SMS on your behalf, and much like the phone call permission, it could cost you money by sending SMS to for-pay numbers.
3.) Modify/delete SD card contents
Permission Type: Software
URI: android.permission.WRITE_EXTERNAL_STORAGE
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to write to external storage.
Details
This permission is of high importance. This will allow applications to read, write, and delete anything stored on your phone’s SD card. This includes pictures, videos, mp3s, documents, and even data written to your SD card by other applications.
4.) Read Contacts
Permission Type: Software
URI: android.permission.READ_CONTACTS
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to read the user’s contacts data.
Details
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn’t much of a reason to give an application this permission.
5.) Write contact data
Permission Type: Software
URI: android.permission.WRITE_CONTACTS
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user’s contacts data.
Details
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn’t much of a reason to give an application this permission.
6.) Read calendar data
Permission Type: Software
URI: android.permission.READ_CALENDAR
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to read the user’s calendar data.
Details
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access.
7.) Write calendar data
Permission Type: Software
URI: android.permission.WRITE_CALENDAR
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user’s calendar data.
Details
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access.
8.) Read browser history & bookmarks
Permission Type: Software
URI: com.android.browser.permission.READ_HISTORY_BOOKMARKS
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to read (but not write) the user’s browsing history and bookmarks.
Details
This permission is of medium-high importance. Browsing habits are often tracked through regular computers, but with this permission, you’d be giving access to more than just browsing habits.
9.) Write browser history & bookmarks
Permission Type: Software
URI: com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user’s browsing history and bookmarks.
Details
This permission is of medium-high importance. Browsing habits are often tracked through regular computers, but with this permission, you’d be giving access to more than just browsing habits.
10.) Read sensitive logs
Permission Type: Software
URI: android.permission.READ_LOGS
Risk: VERY-HIGH
Protection level: DEVELOPMENT
Official Description
Allows an application to read the low-level system log files.
Details
This permission is of high importance. This allows the application to read what any other applications have logged.
11.) Modify global system settings
Permission Type: Hardware
URI: android.permission.WRITE_SETTINGS
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to read or write the system settings
Details
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android’s main ‘settings’ window. However, a lot of these settings may be perfectly reasonable for an application to change.
12.) Read sync settings
Permission Type: Hardware
URI: android.permission.READ_SYNC_SETTINGS
Risk: LOW-MODERATE
Protection level: UNKNOWN
Official Description
Allows applications to read the sync settings
Details
This permission is of low to medium importance. It mostly allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
13.) Automatically start at boot
Permission Type: Hardware
URI: android.permission.RECEIVE_BOOT_COMPLETED
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
Details
This permission is of low to moderate impact. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in and of itself, it can point to an applications intent
14.) Restart other applications
Permission Type: Hardware
URI: android.permission.RESTART_PACKAGES
Risk: HIGH
Protection level: UNKNOWN
Official Description
This constant is deprecated. The restartPackage(String) API is no longer supported.
Details
This permission is of low to moderate impact. It will allow an application to tell Android to ‘kill’ the process of another application. However, any app that is killed will likely get restarted by the Android OS itself.
15.) Retrieve running applications
Permission Type: Hardware
URI: android.permission.GET_TASKS
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
Details
This permission is of moderate importance. It will allow an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data.
16.) Display system-level alerts
Permission Type: Hardware
URI: android.permission.SYSTEM_ALERT_WINDOW
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications.
Details
This permission is of high importance. This permission allows an app to show a “popup” window above all other apps, even if the app is not in the foreground. A malicious developer/advertiser could use it to show very obnoxious advertising.
17.) Control vibrator
Permission Type: Hardware
URI: android.permission.VIBRATE
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows access to the vibrator
Details
This permission is of low importance. As it states, it lets an app control the vibrate function on your phone. This includes incoming calls and other events.
18.) Take pictures and videos
Permission Type: Hardware
URI: android.permission.CAMERA
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Required to be able to access the camera device.
Details
This permission is of moderate importance. As it states, it lets an app control the camera function on your phone. In theory, this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras.
19.) Access location extra commands
Permission Type: Network
URI: android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
Risk: MEDIUM-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to access extra location provider commands
Details
The specifics of the extra commands here are a bit unclear. However, the usage of this permission indicates that an app wants to know detailed information about your location, and respond accordingly.
20.) Access mock location
Permission Type: Network
URI: android.permission.ACCESS_MOCK_LOCATION
Risk: MODERATE
Protection level: DANGEROUS
Official Description
Allows an application to create mock location providers for testing
Details
This is permission used for development of apps that make use of location-based services. By creating “mock” (fake) locations, apps can test if their code works correctly depending on your location.
21.) Battery stats
Permission Type: Hardware
URI: android.permission.BATTERY_STATS
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to collect battery statistics
Details
This permission is of little to no importance.
22.) Bluetooth Admin
Permission Type: Software
URI: android.permission.BLUETOOTH_ADMIN
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows applications to discover and pair Bluetooth devices
Details
Bluetooth Wikipediais a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-Fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices.
23.) Broadcast Sticky (Intents)
Permission Type: Hardware
URI: android.permission.BROADCAST_STICKY
Risk: LOW-MEDIUM
Protection level: UNKNOWN
Official Description
Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished so that clients can quickly retrieve that data without having to wait for the next broadcast.
Details
The permission has to do with how applications “talk” to each other using a communication method called “Intents”. While this permission is highly technical it is relatively low importance. There are no know obvious malicious uses for this permission.
24.) Change Configuration
Permission Type: Hardware
URI: android.permission.CHANGE_CONFIGURATION
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to modify the current configuration, such as locale.
Details
This is a permission that generally should not be granted to regular apps. Other than changing the locale (i.e. language), it is unclear what configuration changes this permission allows. As such, it should be treated with considerable caution.
25.) Clear app cache
Permission Type: Hardware
URI: android.permission.CLEAR_APP_CACHE
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to clear the caches of all installed applications on the device.
Details
This permission is of low importance. It allows an app to clear the cache of apps on the phone or tablet. A cache is a place that app stores recently used data for faster access. Clearing the cache can sometimes (very rarely) fix bugs related to those files.
26.) Disable Keyguard (lock screen)
Permission Type: Hardware
URI: android.permission.DISABLE_KEYGUARD
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows applications to disable the keyguard
Details
This permission is of medium-high importance. It allows an app to disable the “lock screen” that most phones go into after going to sleep and been turned on again. This lock screen can sometimes be a password screen, or a PIN screen, or just a “slide to unlock” screen.
27.) Expand status bar
Permission Type: Hardware
URI: android.permission.EXPAND_STATUS_BAR
Risk: MEDIUM-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to expand or collapse the status bar.
Details
This appears to be system permission — not for use by regular applications. If you come across this permission I would beware of any app requesting it that is not an Android system app.
28.) Flashlight
Permission Type: Hardware
URI: android.permission.FLASHLIGHT
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows access to the flashlight
Details
This allows apps to turn on or off the LED “flash” light used by the camera. This is a handy tool but usually of no risk itself.
Top 5 Best Free File Manager Apps For Android 2018
29.) Get package size
Permission Type: Hardware
URI: android.permission.GET_PACKAGE_SIZE
Risk: LOW-MODERATE
Protection level: UNKNOWN
Official Description
Allows an application to find out the space used by any package.
Details
This permission does not seem to have any risk associated with it.
30.) Kill background processes
Permission Type: Hardware
URI: android.permission.KILL_BACKGROUND_PROCESSES
Risk: HIGH
Protection level: UNKNOWN
Official Description
Allows an application to call killBackgroundProcesses(String).
Details
This permission is a bit of a tricky one. Often this is used by what are called “task killers”. These apps supposedly free system resources by closing apps running in the background. However, the usefulness of such apps is minimal at best. They can help close an app that is misbehaving, however, a user can already do that themselves through the Android settings under “Apps” or “Manage Applications”. Conversely, this permission has some potential to maliciously close anti-virus or other security related apps. As with anything I would treat this with caution. Few users should ever need an app with this permission. Rather, it could be an indicator of malicious intent (especially if not requested by a task killer or system performance tuning app).
31.) Modify audio settings
Permission Type: Hardware
URI: android.permission.MODIFY_AUDIO_SETTINGS
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to modify global audio settings
Details
This permission is of low importance. Audio settings pose little to no risk to the device.
32.) Format file systems
Permission Type: Software
URI: android.permission.MOUNT_FORMAT_FILESYSTEMS
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows formatting file systems for removable storage.
Details
The primary danger with this permission is that it could be used to erase data from an SD card or other similar storage in your phone. This is also not permitted by any normal app should need.
33.) Mount / Unmount file systems
Permission Type: Software
URI: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Risk: MODERATE
Protection level: DANGEROUS
Official Description
Allows mounting and unmounting file systems for removable storage.
Details
This permission just allows for connecting to SD cards for reading and writing. While not a risk itself, this is also not permitted by any normal app should need.
34.) NFC (Near Field Communication)
Permission Type: Software
URI: android.permission.NFC
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows applications to perform I/O operations over NFC
Details
NFC stands for Near Field Communication. This is a technology like Bluetooth that enables short-range communication between two devices or the reading of NFC “tags”.
35.) Process outgoing calls
Permission Type: Software
URI: android.permission.PROCESS_OUTGOING_CALLS
Risk: VERY-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to monitor, modify, or abort outgoing calls.
Details
This permission is of high importance. This would allow an app to see what numbers are called and other personal info. Generally, this permission should only be seen on apps for VOIP (Voice Over Internet Protocol) like Google Voice or dialer replacement type apps.
36.) Read sync stats
Permission Type: Hardware
URI: android.permission.READ_SYNC_STATS
Risk: MODERATE
Protection level: UNKNOWN
Official Description
Allows applications to read the sync stats
Details
This permission is related to “Read sync settings” but not particularly dangerous itself. There is a minor risk that some personal information could be gleaned from the sync stats, but the information is unlikely to be valuable. Sync, in this case, relates to the syncing of contacts and other types of media on the phone.
37.) Record audio
Permission Type: Software
URI: android.permission.RECORD_AUDIO
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to record audio
Details
While this permission is not typically dangerous, it is a potential tool for eavesdropping. However recording audio has legitimate uses such as note taking apps or voice search apps. As a side note recording audio is typically a significant drain on the battery.
38.) Set alarm
Permission Type: Hardware
URI: android.permission.SET_ALARM
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to broadcast an Intent to set an alarm for the user.
Details
This permission seems to be of low risk because it doesn’t allow the setting of the alarm directly. Rather it allows the opening of the alarm app on the phone.
39.) Set time zone
Permission Type: Software
URI: android.permission.SET_TIME_ZONE
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows applications to set the system time zone
Details
This permission poses little if any, risk
40.) Set wallpaper
Permission Type: Software
URI: android.permission.SET_WALLPAPER
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows applications to set the wallpaper
Details
This permission poses little if any, risk
41.) Subscribed feeds read
Permission Type: Software
URI: android.permission.SUBSCRIBED_FEEDS_READ
Risk: MEDIUM
Protection level: UNKNOWN
Official Description
Allows an application to allow access the subscribed feeds ContentProvider.
Details
This would give an app access to RSS feed that you have subscribed to. If you don’t subscribe to any RSS feeds this permission is of little risk. If you do, this permission is akin to letting an app have access to your browser history.
42.) Subscribed feeds write
Permission Type: Software
URI: android.permission.SUBSCRIBED_FEEDS_WRITE
Risk: LOW-MEDIUM
Protection level: DANGEROUS
Official Description
(No developer documentation is available for this permission)
Details
This would give an app access to RSS feed that you have subscribed to. If you don’t subscribe to any RSS feeds, this permission is of little risk. If you do, this permission is akin to letting an app have access to your browser history.
43.) Use SIP
Permission Type: Software
URI: android.permission.USE_SIP
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to use SIP service
Details
SIP stands for Session Initiation Protocol. It is a technology mostly used for making video and voice calls over the Internet. While not a major security risk it should be treated with almost as much caution as the standard “make phone calls” permission.
44.) Write secure settings
Permission Type: Software
URI: android.permission.WRITE_SECURE_SETTINGS
Risk: VERY-HIGH
Protection level: DEVELOPMENT
Official Description
Allows an application to read or write the secure system settings.
Details
This permission should only be seen on Android system apps (and possibly wireless carriers or hardware manufacturer pre-installed apps).
45.) Read profile
Permission Type: Software
URI: android.permission.READ_PROFILE
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to read the user’s personal profile data.
Details
This a new permission that relates to a special new “Me” contact you can create in your phone or tablet as your own profile.
46.) Install Shortcut (Android Launcher)
Permission Type: Software
URI: com.android.launcher.permission.INSTALL_SHORTCUT
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Details
This is custom permission for the default Android Launcher (the home screen). This permission would allow an app to put an icon or shortcut there. While not dangerous, this can sometimes be a sign of a potentially malicious or adware app.
47.) Read external storage
Permission Type: Software
URI: android.permission.READ_EXTERNAL_STORAGE
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to read from external storage.
Details
This permission is granted to all apps by default.
48.) Add voicemail
Permission Type: Software
URI: com.android.voicemail.permission.ADD_VOICEMAIL
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Details
This seems to be new permission related to Android’s new centralized voicemail system. It would be an unusual means for an app to use this permission maliciously. However a few apps should need it and, as always, it should be treated with caution.
49.) Authenticate Accounts
Your messages
URI: android.permission.AUTHENTICATE_ACCOUNTS
Risk: VERY-HIGH
Protection level: DANGEROUS
Details
This permission is of high importance. It allows an app to authenticate credentials (such as passwords). Typical uses of this would be if an app had its own type of account on your phones such as Google, Facebook, or Twitter. This permission is closely related to the Account Manager permission.
50.) Read email attachments
Development tools / Your personal info
URI: com.android.email.permission.READ_ATTACHMENT
Risk: HIGH
Protection level: DANGEROUS
Details
This is custom permission for the default Android email app (i.e. not Gmail). This permission should be treated with great caution. Many email attachments contain highly sensitive and personal or financial information.
51.) Read user dictionary
Permission Type: Software
URI: android.permission.READ_USER_DICTIONARY
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to read the user dictionary.
Details
This would allow an app to read words added to your custom dictionary. Oftentimes this is abbreviations like “brb” that you might add for typing text messages. Unless you save personal information in your dictionary, this permission is of almost no risk.
52.) Write user dictionary
Permission Type: Software
URI: android.permission.WRITE_USER_DICTIONARY
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to write to the user dictionary.
Details
This allows an app to add custom words to your user dictionary. For example, the common acronym “brb” for “be right back”.
53.) Install DRM
Permission Type: Hardware
URI: android.permission.INSTALL_DRM
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Details
DRM stands for Digital rights management. Typically this permission is not particularly dangerous itself. However, it is a permission related to controlling access to media such as books, audio video, and more. Due to its purpose to control access, I would be especially careful installing any app requesting it.
54.) Add system service
Permission Type: Hardware
URI: android.permission.ADD_SYSTEM_SERVICE
Risk: CRITICAL
Protection level: UNKNOWN
Details
This permission should only be given to Android System apps (and possibly to wireless carrier or hardware manufacturer pre-installed apps)
55.) Access WiMax State
Permission Type: Software
URI: android.permission.ACCESS_WIMAX_STATE
Risk: LOW-MODERATE
Protection level: UNKNOWN
Details
WiMax is a technology developed for “4G” data and internet speeds on mobile devices. This permission allows an app to see if it is currently connected to a wireless network that uses WiMax. There is no significant risk associated with this permission.
12 Actionable Tips To Reduce Mobile Data Usage on Android
56.) Change WiMAX state
Permission Type: Software
URI: android.permission.CHANGE_WIMAX_STATE
Risk: MODERATE
Protection level: DANGEROUS
Details
This permission allows an app to turn on or off the WiMax radio. WiMax is a type of “4G” wireless connection like LTE. This permission essentially allows an app to turn on or off 4G.
57.) Read instant messages (IM)
Permission Type: Software
URI: com.android.providers.im.permission.READ_ONLY
Risk: HIGH
Protection level: UNKNOWN
Details
This is permission related to reading instant messages, such as those on Google Talk.
Thanks to Mr. alostpacket from Android Forums.
FAQs
Can apps steal your photos?
In February 2019, Google deleted 29 applications from it’s Play Store because they were found to compromise with the user’s data. Now imagine how many apps were downloaded before and apps that will be downloaded in the future that can compromise your data.
For an app to steal your photos or data all you need to do is grant the app permission to read/write to your gallery. After that it’s up to the app what it does with that permission, it could be made to just upload the photo you chose to post if its a social media app, but it could also secretly upload them to their own server or something similar.
Hence it is better you read the reviews and go through the app permissions list to see what all app permissions does it require to function.
How do I stop an app from accessing my contacts?
For this you need to follow these steps:
- Go so Settings
- Select Apps
- Now choose any app you want
- Select App permissions
- Select the permission of your choice
- Disable that app’s permission
Conclusion:
Hence this is a complete android app permissions list and I hope from now on you will make informed decisions before granting any permission to any app.
Share your experiences about any app in the comments section.
Thank You!!!
Hi there. My name is Prathamesh Rathod and I am doing my MBA from JBIMS ’23. You can follow me on Linkedin.
You should be a part of a contest for one of the greatest websites on the web.
I am going to recommend this website!
I pay a quick visit each day a few blogs and websites to read articles or reviews, however this webpage offers
feature based writing.
Thanx for the infor mation make the android application simple way all permisson add how to track plz suggestet me and reply to mail
Hello, I enjoyed the reviews of all the what permission should be knowledgeable on a device. Thanks for the insight, as all the permission I have on my phone is at high risk when I first received it. There’s so much permission on the phone I feel that my mobile device is unsafe. And for me to take action on the phone company.