Permissions are the activities that the app can perform on your phone or device. These include access to your calendar, camera, contacts, microphone, phone, and even your location. The permissions asked by apps vary depending on the purpose where the data collected are to be used.
The following are some common app permissions as described by Exodus Privacy:
- Read contacts – allows the app to read the data about your contacts stored in your phone, including frequency with which you’ve called, emailed or communicated. It allows the app to save your contact data, and share the same without your knowledge.
- Camera – allows the app to take pictures and videos with the camera. This allows the app to use the camera at any time without your knowledge.
- Record Audio – allows the app to record audio with the microphone at any time without your confirmation.
- Access fine location – allows the app to get your precise location using the Global Positioning System (GPS).
- Get accounts – allows the app to get the list of accounts known by the phone.
Transparency is the key. It is required that apps should declare permissions in the app manifest whenever they need it in running their app. Apps should explain why they need permission. The data subject should be made aware how his/her data is being processed or if the same is being disclosed to a third party.
According to Android Developers, android apps must request permission to access sensitive user data (such as contacts and SMS), as well as certain system features (such as camera and internet). This rule is consistent with the common criteria of consent as one of the means by which a controller can lawfully process a personal data.
If the user accepts the permissions, the app requests are granted. If the user denies the permissions, the system cancels the installation of the app. The app must however explain to the user the implications of the denial like the app won’t work without said permission. It is required that the app should identify the specific consequence if permission is denied. This will give the user the opportunity to make an informed decision.
Android Developers further explained that even if users grant a permission, users have the option to enable and disable permissions one-by-one in the system setting. This practice acknowledges the right of the data subject to withdraw consent which is recognized under data privacy laws.
How do you manage your permissions?
If you are using a Huawei device, you can follow these steps:
Step 1. Go to and click the settings icon at your phone.
Step 2. Click Apps & Notifications
Step 3. Here, there are two options.
Select the permission that you want to manage. Example, click camera.
Once inside, select the app where you want the camera to be disabled by sliding the button to the left.
Select the app that you want to manage. Example, click viber.
Then select the permission that you want to disable.
In sum, app permissions must comply with the requirements of data privacy. Apps should follow the data privacy principles, must observe the rights of the data subject, and should comply with the criteria to lawfully process personal data. Users or data subjects on the other hand, can control how their data is being used by exercising their privacy rights.
About the author: Atty. Arnel D. Mateo is the President and CEO of ADM & Partners Data Privacy and Consulting Inc. He is a Senior Partner at Mateo & Gimenez Law Offices, a professor of law in various universities, and a privacy consultant to several organizations in the government and in the private sector. He is a member of IAPP and NADPOP, and a certified DPO ACE by NPC.