The most useful privacy check on Android is not a shiny new feature. It is opening the permissions panel and asking a very plain question: which apps still have access to location, photos, contacts, microphone, camera and notifications, and why? Android Police recently described a manual weekend audit of app permissions; the AndroidLab version turns that idea into a repeatable 20-minute procedure.
This guide is for doing an Android app permissions audit without installing third-party “permission manager” apps and without confusing practical security with decorative paranoia. Menu names vary between Pixel, Galaxy, Motorola, OnePlus, Xiaomi and other Android phones, but the logic is the same: review sensitive permissions first, then inspect suspicious apps one by one.
Before you start
You need the phone, a few quiet minutes and a little discipline. Android 13 or later makes the privacy and security panels easier to read, but most checks also apply to older versions. On Pixel phones, start from Settings, Privacy, Permission manager. On Samsung phones, look under Settings, Security and privacy, or search Settings for “permissions” or “privacy”. If the manufacturer renamed everything with creative enthusiasm, the Settings search box is your friend.
The first rule is simple: do not revoke everything at random. A navigation app without location becomes a very expensive ornament; a camera app without camera access will not suddenly discover philosophy. The goal is to remove permissions that are no longer justified, not to win a spiritual duel against every Android dialog.
Step 1: review the sensitive permissions first
Open Permission manager and check these categories first: Location, Camera, Microphone, Contacts, Photos and videos, Files, Calendar, Call logs, SMS and Notifications. For each category, ask one practical question: does this app still need this access today?
For location, prefer “Allow only while using the app” or “Ask every time” when possible. Background location should be reserved for a short list of apps: navigation, device tracking, weather if you truly use persistent updates, automation tools and a few safety services. If a coupon app, wallpaper app or PDF scanner wants always-on location, the problem is not your lack of trust; the app has simply stretched its privileges too far.
Step 2: inspect apps one by one
After checking permissions by category, reverse the view: Settings, Apps, pick an app, then Permissions. This takes longer, but it reveals combinations that look harmless in isolation and questionable together. Location plus contacts plus photos, for example, deserves more attention than any single permission alone.
Android Developers makes an important distinction: some permissions are granted at install time, while runtime permissions require an explicit user decision. Also, seeing a permission listed in an app’s full declaration does not always mean it is currently granted or actively used. Many lazy tutorials miss this point. A permission shown somewhere in the interface is not automatic proof that the app is spying on your living room.
Step 3: use auto-reset, but do not sleep on it
Android can automatically remove permissions from apps you have not used for a while. That is a useful safety net, not a replacement for a manual audit. Look at apps you have not opened in months and choose between two options: remove permissions or uninstall them. Uninstalling is often the cleanest patch: less code, fewer notifications, fewer updates and a smaller attack surface. Brutal, but elegant.
A sustainable rhythm is better than weekly obsession. Run this audit when you change phones, after a major Android update, after a period of installing many travel or work apps, and every few months if you test apps often.
Quick fixes for common problems
If an app stops working after you remove a permission, reopen it and grant only the permission requested at the moment it is actually needed. If an app asks for full photo access, look for Android’s option to select only specific photos and videos. If battery life worsens because too many apps have background location, go back to Location permissions and reduce always-on access. If an app keeps asking for permissions that do not match its purpose, replace it. Android is chaotic, but it is not a hereditary monarchy.
What actually changes
Modern Android gives users decent tools, but it still leaves a lot of judgment in human hands. Real protection comes from periodic review, not because every app is malicious, but because your habits change. The app you used for one trip, one event, one gym membership or one temporary job can remain installed with broad permissions long after it stopped being useful.
A quarterly Android permissions audit is not glamorous, but it reduces noise, exposure and blind trust. It also teaches you which apps behave like good citizens and which ones treat your phone as a buffet.
In brief
- Start with location, microphone, camera, contacts, photos/files and notifications.
- Prefer “only while using” or “ask every time” when the feature allows it.
- Do not confuse a declared permission with a permission actually granted.
- Uninstall unused apps instead of only revoking permissions.
- Repeat the audit after a phone change, major Android update or app-installing spree.