Android Permissions Explained
The Android Permission Manager classifies permissions into 13 different categories. Within those categories are a total of 57 individual permissions. These are essentially hidden unless you research each app individually. One way to do this is the Exodus Privacy website, where you can search an app and determine which of the 57 permissions it’s requesting.
Unfortunately, Exodus Privacy only lists the permission and provides some general guidance if it could be dangerous. To find a full description, copy the Permission name in Exodus Privacy and paste it in the search field below on this page.
When you decide on a permission, ask yourself if it seems valid for the purpose and function of the app, and if you feel comfortable granting that type of access. Remember, apps found on F-Droid and those recommended on Atsanik’s list of Privacy Android Apps page ask for minimal permissions.
General Description | Permission | Full Description |
---|---|---|
Make Phone Calls | android.permission.CALL_PHONE | Allows an application to initiate a phone call without going through the Dialer user interface and for the user to confirm the call being placed. This could let an application call a 1-900 number and charge you money. |
Send SMS or MMS | android.permission.SEND_SMS | Allows an application to send SMS messages. This could let an application send an SMS on your behalf, and much like the phone call permission, it could cost you money by sending SMS to for-pay numbers. |
Modify/Delete SD card Contents | android.permission.WRITE_EXTERNAL_STORAGE | This will allow applications to read, write, and delete anything stored on your phone’s SD card. This includes pictures, videos, audio, documents, and even data written to your SD card by other applications. |
Read Contacts | android.permission.READ_CONTACTS | Allows an application to read the user’s contacts data. Unless an app explicitly states a specific feature that it would need to use your contact, there isn’t much of a reason to give an application this permission. |
Write Contact Data | android.permission.WRITE_CONTACTS | Allows an application to write (but not read) the user’s contacts data. Unless an app explicitly states a specific feature that it would need to use your contact, there isn’t much of a reason to give an application this permission. |
Read Calendar Data | android.permission.READ_CALENDAR | Allows an application to read the user’s calendar data. While most people would consider their calendar information slightly less important than their list of contacts, this permission should still be treated with care when allowing applications access. |
Write Calendar Data | android.permission.WRITE_CALENDAR | Allows an application to write (but not read) the user’s calendar data. While most people would consider their calendar information slightly less important than their list of contacts, this permission should still be treated with care when allowing applications access. |
Read Browser History & Bookmarks | com.android.browser.permission.READ_HISTORY_BOOKMARKS | Allows an application to read (but not write) the user’s browsing history and bookmarks. Browsing habits are often tracked through regular computers, but with this permission, you’d be giving access to more than just browsing habits. |
Write Browser History & Bookmarks | com.android.browser.permission.WRITE_HISTORY_BOOKMARKS | Allows an application to write (but not read) the user’s browsing history and bookmarks. Browsing habits are often tracked through regular computers, but with this permission, you’d be giving access to more than just browsing habits. |
Read Sensitive Logs | android.permission.READ_LOGS | Allows an application to read the low-level system and application logs. It’s can be used to read logs from other apps. This might include some personal formation collected from these apps as part of something called cross-app data collection. |
Modify Global System Settings | android.permission.WRITE_SETTINGS | Allows an application to read or write the system settings. Global settings are essentially anything you would find under Android’s main “Settings” window. However, a lot of these may be perfectly reasonable for an application to change. |
Read Sync Settings | android.permission.READ_SYNC_SETTINGS | Allows applications to read the sync settings. It mostly allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off. |
Automatically Start at Boot | android.permission.RECEIVE_BOOT_COMPLETED | Allows an application to receive a notice after the system finishes booting. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in and of itself, it can point to an applications intent. |
Restart Other Applications | android.permission.RESTART_PACKAGES | This permission is no longer supported in Android 10 and 11. It will allow an application to tell Android to ‘kill’ the process of another application. However, any app that is killed will likely get restarted by the Android OS itself. |
Retrieve Running Applications | android.permission.GET_TASKS | This allows an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data. |
Display System-Level Alerts | android.permission.SYSTEM_ALERT_WINDOW | This permission allows an app to show a “popup” window above all other apps, even if the app is not in the foreground. A malicious developer/advertiser could use it to show obnoxious advertising. |
Control Vibrator | android.permission.VIBRATE | Allows an app to control the vibrate function on your phone. This includes incoming calls and other events. |
Take Pictures and Videos | android.permission.CAMERA | It lets an app control the camera function on your phone. In theory, this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras. |
Access Location Extra Commands | android.permission.ACCESS_LOCATION_EXTRA_COMMANDS | Allows an application to access extra location provider commands. The specifics of the extra commands here are a bit unclear. However, the usage of this permission indicates that an app wants to know detailed information about your location. |
Access Mock Location | android.permission.ACCESS_MOCK_LOCATION | This is permission used for development of apps that make use of location-based services. By creating “mock” or fake locations, apps can test if their code works correctly depending on your location. |
Battery Stats | android.permission.BATTERY_STATS | Allows an application to collect battery statistics. |
Bluetooth Admin | android.permission.BLUETOOTH_ADMIN | Allows applications to discover and pair Bluetooth devices. Bluetooth is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-Fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. |
Broadcast Sticky (Intents) | android.permission.BROADCAST_STICKY | Sticky Intents are broadcasts whose data is held by the system so that applications can quickly retrieve that data without having to wait for the next broadcast. The permission has to do with how applications “talk” to each other using a communication method called “Intents”. While this permission is highly technical it is relatively low importance. There are no know obvious malicious uses for this permission. |
Change Configuration | android.permission.CHANGE_CONFIGURATION | Allows an application to modify the current configuration, such as locale. This is a permission that generally should not be granted to regular apps. Other than changing the locale (i.e. language), it is unclear what configuration changes this permission allows. As such, it should be treated with considerable caution. |
Clear App Cache | android.permission.CLEAR_APP_CACHE | Allows an application to clear the caches of all applications on the device. A cache is a place that application stores recently used data for faster access. Clearing the cache can sometimes (very rarely) fix bugs related to those files. |
Disable Keyguard (lock screen) | android.permission.DISABLE_KEYGUARD | It allows an application to disable the “lock screen” that most phones go into after going to sleep and been turned on again. This lock screen can sometimes be a password screen, or a PIN screen, or just a “slide to unlock” screen. |
Expand Status Bar | android.permission.EXPAND_STATUS_BAR | Allows an application to expand or collapse the status bar. This appears to be system permission, not for use by regular applications. If you come across this permission I would beware of any app requesting it that is not an Android system app. |
Flashlight | android.permission.FLASHLIGHT | This allows apps to turn on or off the LED “flash” light used by the camera. This is a handy tool but usually of no risk itself. |
Get Package Size | android.permission.GET_PACKAGE_SIZE | Allows an application to find out the space used by any application installed on the device. |
Kill Background Processes | android.permission.KILL_BACKGROUND_PROCESSES | This permission is often used by what are called “task killers”. These apps supposedly free system resources by closing apps running in the background. The usefulness of such apps is minimal at best. They can help close an app that is misbehaving, but a user can already do that themselves through the Android settings under “Apps” or “Manage Applications”. This permission has some potential to maliciously close anti-virus or other security related apps and should be treated with caution. Few users should ever need an app with this permission. Rather, it could be an indicator of malicious intent (especially if not requested by a task killer or system performance tuning app). |
Modify Audio Settings | android.permission.MODIFY_AUDIO_SETTINGS | Allows an application to modify global audio settings. Audio settings pose little to no risk to the device. |
Format File Systems | android.permission.MOUNT_FORMAT_FILESYSTEMS | Allows formatting file systems for removable storage. The primary danger with this permission is that it could be used to erase data from an SD card or other similar storage in your phone. This permission should not be allowed for any app aside from some sort of device formatting app. |
Mount / Unmount File Systems | android.permission.MOUNT_UNMOUNT_FILESYSTEMS | This permission allows for connecting to SD cards for reading and writing. While not a risk itself, this is typically not needed by most apps. |
NFC (Near Field Communication) | android.permission.NFC | Allows applications to perform operations over NFC. NFC stands for Near Field Communication. This is a technology like Bluetooth that enables short-range communication between two devices or the reading of NFC “tags” for some payment providers like Visa PayWave. |
Process Outgoing Calls | android.permission.PROCESS_OUTGOING_CALLS | Allows an application to monitor, modify, or abort outgoing calls. This would allow an app to see what numbers are called and other personal info. Generally, this permission should only be seen on apps for VOIP (Voice Over Internet Protocol) like Google Voice or dialer replacement apps. |
Read Sync Stats | android.permission.READ_SYNC_STATS | This permission is related to “Read sync settings” but not particularly dangerous itself. Sync, in this case, relates to the syncing of contacts and other types of media on the phone. There is a minor risk that some personal information could be gleaned from the sync stats, but the information is unlikely to be valuable. |
Record Audio | android.permission.RECORD_AUDIO | Allows an application to record audio. While this permission is not typically dangerous, it is a potential tool for eavesdropping. However, recording audio has legitimate uses such as note taking apps or voice search apps. |
Set Alarm | android.permission.SET_ALARM | Allows an application to broadcast an Intent to set an alarm for the user. This permission seems to be of low risk because it doesn’t allow the setting of the alarm directly. Rather it allows the opening of the alarm app on the phone. |
Set Time Zone | android.permission.SET_TIME_ZONE | Allows applications to set the system time zone. This permission poses little if any, risk |
Set Wallpaper | android.permission.SET_WALLPAPER | Allows applications to set the wallpaper. This permission poses little if any, risk. |
Subscribed Feeds Read | android.permission.SUBSCRIBED_FEEDS_READ | This would give an app access to RSS feed that you have subscribed to. If you don’t subscribe to any RSS feeds, this permission is of little risk. If you do, this permission is akin to letting an app have access to your browser history. |
Subscribed Feeds Write | android.permission.SUBSCRIBED_FEEDS_WRITE | This would give an app write access to RSS feed that you have subscribed to. If you don’t subscribe to any RSS feeds, this permission is of little risk. If you do, this permission is akin to letting an app have access to your browser history. |
Use SIP | android.permission.USE_SIP | Allows an application to use SIP service. SIP stands for Session Initiation Protocol. It is a technology mostly used for making video and voice calls over the Internet. While not a major security risk it should be treated with almost as much caution as the standard “make phone calls” permission. |
Write Secure Settings | android.permission.WRITE_SECURE_SETTINGS | Allows an application to read or write the secure system settings. This permission should only be seen on Android system apps (and possibly mobile carrier or hardware manufacturer per-installed apps). |
Read Profile | android.permission.READ_PROFILE | Allows an application to read the user’s personal profile data. This a new permission that relates to a special new “Me” contact you can create in your phone or tablet as your own profile. |
Install Shortcut (Android Launcher) | com.android.launcher.permission.INSTALL_SHORTCUT | This is custom permission for the default Android Launcher. This permission would allow an app to put an icon or shortcut on the home screen. While not dangerous, this can sometimes be a sign of a potentially malicious or adware app. |
Read External Storage | android.permission.READ_EXTERNAL_STORAGE | Allows an application to read from external storage. This permission is granted to almost all apps by default. |
Add Voicemail | com.android.voicemail.permission.ADD_VOICEMAIL | This seems to be new permission related to Android’s new centralized voicemail system. It would be an unusual means for an app to use this permission maliciously. However, a few apps should need it and, as always, it should be treated with caution. |
Authenticate Accounts | android.permission.AUTHENTICATE_ACCOUNTS | This permission is of high importance. It allows an app to authenticate credentials (such as passwords). Typical uses of this would be if an app had its own type of account on your phone and is closely related to the Account Manager permission. |
Read Email Attachments | com.android.email.permission.READ_ATTACHMENT | This is custom permission for any installed default Android email app (i.e. not Gmail). It should be treated with great caution. Many email attachments contain highly sensitive and personal or financial information. |
Read User Dictionary | android.permission.READ_USER_DICTIONARY | This would allow an app to read custom words added to your keyboard dictionary. Often, this is abbreviations like “brb” that you might add for typing text messages. Unless you save personal information in your dictionary, like phone numbers or email addresses, this permission is of almost no risk. |
Write User Dictionary | android.permission.WRITE_USER_DICTIONARY | This allows an app to add custom words to your keyboard dictionary. |
Install DRM | android.permission.INSTALL_DRM | DRM stands for Digital rights management. Typically, this permission is not dangerous itself. However, it is a permission related to controlling access to media such as books, audio video, and more. Due to its purpose to control access, I would be especially careful installing any app requesting it. |
Add System Service | android.permission.ADD_SYSTEM_SERVICE | This permission should only be given to Android System apps (and possibly to mobile carrier or hardware manufacturer pre-installed apps) |
Access WiMax State | android.permission.ACCESS_WIMAX_STATE | WiMax is a technology developed for “4G” data and internet speeds on mobile devices. This permission allows an app to see if it is currently connected to a wireless network that uses WiMax. There is no significant risk associated with this permission |
Change WiMAX state | android.permission.CHANGE_WIMAX_STATE | This permission allows an app to turn on or off the WiMax radio. WiMax is a type of “4G” wireless connection like LTE. |
Read Instant Messages (IM) | com.android.providers.im.permission.READ_ONLY | This is permission related to reading instant messages, such as those on Telegram. |