Is a mobile app asking for excessive permissions a security risk?
Yes. An app requesting permissions beyond what its function requires is a significant privacy and security red flag.
Last reviewed: 1 June 2026
Explanation
Malicious and data-harvesting apps are available on both the Google Play Store and Apple App Store, though Apple's review process is stricter. Red flags include a torch app requesting contact access, a calculator requesting location data, or a free game requesting access to your messages. These permissions can enable the app to harvest your contacts for spam, track your location for fraud or burglary intelligence, or intercept two-factor authentication codes. Always review permissions before installing, revoke unnecessary permissions after installation, and remove apps you no longer use. Permissions can be managed through your device's settings at any time.
Common red flags
- App requests access to contacts, messages, or camera without an obvious need
- Free app with very broad permission requests
- App developer has no web presence or published privacy policy
- App was downloaded from outside the official app store
What to do now
- Review permission requests before installing any app
- Deny unnecessary permissions during installation
- Review and revoke app permissions in your device settings regularly
- Delete apps that you no longer use
Frequently asked questions
Can I remove permissions from apps I already installed?
Yes — go to your device's Settings, find the app, and review its permissions. You can revoke individual permissions at any time without uninstalling the app.