Skip to main content

Safeguarding Your Privacy: Understanding App Permissions and Privacy Risks

In today's interconnected world, our smartphones serve as gateways to a wealth of information and services, offering convenience and connectivity at our fingertips. However, with this convenience comes the responsibility to protect our privacy and personal data from potential threats and intrusions. One significant aspect of safeguarding our privacy is understanding the risks associated with granting app permissions on our smartphones. In this blog, we'll explore the privacy landscape that delves into the dangers of unchecked app permissions, and provide actionable steps to protect your privacy and data security. I am writing this blog based on my research and a few case studies from both India and the USA. However, it applies to everyone who is exposed to any form of digital platform. 

Privacy Landscape in India:

India's digital transformation has been nothing short of remarkable, with a burgeoning population of smartphone users embracing the convenience of mobile apps for various purposes. According to, India is home to over a billion internet users making it one of the largest digital markets globally. With the proliferation of smartphones and smart devices comes increased concerns about data privacy and security, particularly in the context of app permissions on your smartphones.

Until recently, India did not have a standalone law or framework to govern data protection. The IT Act, of 2000 was the basis for all the privacy rules till recent times. However, in 2017, a constitutional bench of nine judges of the Supreme Court of India in Justice K.S.Puttaswamy (Retd.) v. Union of India [Writ Petition No. 494/2012] upheld that privacy is a fundamental right, which is entrenched in Article 21 [Right to Life & Liberty] of the Constitution of India. This led to the process of formulation of a comprehensive data protection framework in India. 

On August 11, 2023, the Government of India under the leadership of Shri Narendra Modi, the prime minister of India, published the Digital Personal Data Protection Act, 2023, which is part of the personal data protection and regulatory regime in India. This Act introduces several compliances concerning the collection, processing, storage, and transfer of digital personal data. Rules and Regulations required for effective implementation and enforcement of this Act are still in progress. 

Privacy Landscape in the United States:

Similarly, in the United States, the proliferation of smartphones and mobile apps has led to growing concerns about data privacy and security. The United States lacks a comprehensive federal data protection law, resulting in a patchwork of state-level regulations and industry-specific privacy standards.

The California Consumer Privacy Act (CCPA) empowers Californians with control over personal data, including rights to know, opt-out, and deletion. In the U.S., no overarching federal privacy law exists currently, but sector-specific regulations like HIPAA and GLBA address certain data types. States such as New York and Washington have enacted their own privacy laws. This evolving landscape underscores the need for comprehensive data privacy measures to safeguard consumer rights and mitigate risks. 

Understanding App Permissions:

When you download and install a mobile app on your smartphone, you're often prompted to grant various permissions, allowing the app to access certain features and data on your device. These permissions range from innocuous requests such as access to your camera or microphone to more intrusive demands for your location, contacts, and personal information.

While some permissions are necessary for the app's core functionality, others may be excessive or unnecessary, posing significant privacy risks. For example, at the time of writing this blog, below are a few random apps on my iPhone, that I think are requesting excessive permission.

1. FlashLight - Requesting my Location and Performance Data. Why does a Flashlight App need to track my location?

2. Youtube - Requesting my contacts list, Photos, Videos, and Audio Data

3. Ola cabs - Requesting contacts list, Photos, Videos, Search History, Local Network, and Location (requests Always by default, you can customize this)

Many other apps request unnecessary/excessive permissions. Obviously, I have denied all such excessive accesses that were not relevant for the core functioning of such apps. By far the most requested data access types are Photos, Camera, Location, Microphone, and Contact List. 

Privacy Risks of Unchecked App Permissions:

Granting excessive permissions to mobile apps exposes users to several privacy risks, including:

Data Collection and Profiling: App developers may collect and analyze users' personal data to create detailed profiles for targeted advertising, user profiling, and data monetization purposes. This data may include sensitive information such as location data, browsing history, and social media interactions.

Third-Party Data Sharing: Many apps integrate third-party SDKs and services for additional functionalities, allowing third-party providers to access users' personal data. These third-party entities may have their own privacy policies and data collection practices, further complicating the privacy landscape and increasing the risk of data exposure.

Security Vulnerabilities: Granting apps access to sensitive device features and data increases the risk of security vulnerabilities and potential exploitation by malicious actors. Unauthorized access to personal information can lead to identity theft, financial fraud, and other forms of cybercrime.

Location Tracking: Apps that request access to users' location data may track their movements in real time, posing risks to personal safety, privacy, and security. Location tracking data can be misused by malicious actors for stalking, surveillance, or unauthorized monitoring purposes.

Data Breaches: Inadequate data security measures and lax privacy practices increase the likelihood of data breaches and unauthorized access to users' personal information. Data breaches can result in the exposure of sensitive data, financial losses, and reputational damage to affected individuals and organizations.

Protecting Your Privacy:

Given the privacy risks associated with app permissions, it's essential to take proactive measures to protect your personal data and safeguard your privacy. Here are some actionable steps you can take:

Review and Manage App Permissions: Regularly review and audit app permissions on your smartphone to identify and revoke unnecessary access. Disable permissions that are not essential for the app's core functionality to minimize privacy risks.

Install Apps from Trusted Sources: Download apps only from reputable app stores such as Google Play Store or Apple App Store. Exercise caution when downloading apps from third-party sources, as they may contain malicious or counterfeit apps that compromise your privacy and security.

Read Privacy Policies: Before installing an app, review its privacy policy to understand how your data will be collected, used, and shared. Look for apps that prioritize user privacy and provide transparent disclosures about their data practices.

Use Privacy-Focused Tools: Consider using privacy-focused tools and services such as virtual private networks (VPNs), ad blockers, incognito mode/private browsing and privacy-enhancing browser extensions to protect your online activities and minimize tracking.

Update Your Apps and Operating System: Regularly update your smartphone's operating system and apps to patch security vulnerabilities and protect against known exploits. Enable automatic updates whenever possible to ensure timely security fixes and enhancements.

Monitor App Permissions: Periodically review your app permissions and monitor app behavior for any signs of suspicious activity or data misuse. Report any concerns or violations of privacy policies to the relevant app developers or authorities.

Finally, I want to highlight the fact that, there were many frauds or scams that happened throughout the world due to poor data management or privacy breach. 

India has witnessed a surge in digital scams fueled by data privacy breaches and poor privacy management on smartphones. With over a billion mobile phone users, India is a lucrative target for cybercriminals seeking to exploit vulnerabilities in digital platforms and apps. One such prevalent scam in India is the SIM card swap fraud, where fraudsters use stolen personal information to convince telecom operators to issue a new SIM card linked to the victim's phone number. Once in control of the victim's phone number, scammers can bypass 2FA measures and gain access to sensitive accounts, leading to financial loss or identity theft. There were multiple cases of blackmailing by morphing personal photos. 

On the other hand, In the USA, data privacy breaches have led to numerous digital scams targeting unsuspecting individuals. According to the Federal Trade Commission (FTC), identity theft remains one of the most prevalent types of fraud, with millions of Americans falling victim to this each year. In te year 2020 alone, FTC received over a million reports of identity theft, resulting in financial losses totaling billions of dollars. FTC link

Also, check out this TED Talk video that explains how you are prone to identity theft. Ted Talk


"BIG DATA is prone to BIG PROBLEM"


Popular posts from this blog

The Art of Frugal Living: Mastering the Path to Financial Freedom

Smart Finance Zone is a place where we believe that financial well-being lies in mastering the art of frugal living. In today's fast-paced world, where consumerism often tempts us to spend beyond our means, adopting a frugal lifestyle can be a game-changer. Frugality isn't about depriving ourselves; it's about making mindful choices that lead to financial freedom and a more fulfilling life. Let's delve into the secrets of frugal living, exploring smart strategies to save money, cut unnecessary expenses, and achieve your financial goals without compromising on happiness. Our great Vedas give us more insights on how we can achieve these easily, here is one such excerpt from the Rigveda. Rigveda : Rigveda encourages simplicity and moderation in life. One of its key teachings is the concept of अपरिग्रह (Aparigraha) which translates to non-possessiveness or non-hoarding. It encourages individuals to avoid excessive materialism and to share resources with others. One can lear

WhatsApp Scams Unveiled: How to Protect Yourself from Digital Fraud

WhatsApp has become an integral part of our daily lives, connecting us with friends, family, and colleagues. However, as its popularity grows, so does the risk of falling victim to scams and fraudulent activities. We are seeing many cases these days where WhatsApp users are receiving messages/calls from an unknown number usually an international number with country codes +84 or +66 etc.,. These messages/calls lure the user to like certain videos and in turn the user gets a particular amount of money. However, you know what happens when you keep yourself engaged in talking with those numbers. Cyber police have warned people not to entertain them and block those numbers immediately and report them. In this blog post, we will explore various WhatsApp scams that target unsuspecting users and provide you with essential tips to safeguard yourself from falling prey to these digital fraudsters. Phishing Scams : Phishing scams on WhatsApp involve tricking users into revealing their personal inf

"Operation Clean Money" - Section 133(6) of Income Tax Act in India

India's Income Tax Act, 1961, contains several provisions that empower tax authorities to ensure efficient tax collection and compliance. Among these is Section 133(6), a powerful tool that grants the Income Tax Department the authority to gather information and evidence from various entities and individuals. Government calls it " Operation Clean Money " . In this blog post, we will explore the significance of Section 133(6) in the Indian tax framework, its scope, and the procedures involved. Understanding this provision is essential for taxpayers, as it highlights the importance of accurate record-keeping and adherence to tax laws. Especially the salaried class who sometimes take the benefit of various deductions/exemptions without any proper support. Overview of Section 133(6) : Section 133(6) of the Income Tax Act empowers tax authorities to gather information from certain individuals or entities for tax assessment purposes. Under this section, the Income Tax Officer

The Impact of Artificial Intelligence (AI) on Personal Finance

Artificial intelligence (AI) has emerged as a transformative technology across various industries, and personal finance is no exception. AI is revolutionizing the way we manage our finances, offering new possibilities for automation, analysis, and personalized services. In this blog post, we will explore the impact of AI on personal finance and how it is reshaping the way we budget, invest, and plan for the future. AI-Powered Personal Finance Tools : AI has enabled the development of advanced personal finance tools and applications that offer enhanced financial management capabilities. These tools leverage machine learning algorithms to analyze financial data, categorize expenses, and provide personalized insights. AI-powered budgeting apps can automatically track expenses, identify spending patterns, and offer recommendations for improving financial habits. Such tools empower individuals to gain a better understanding of their financial health and make informed decisions. Robo-Advisor