How to Check What an App Can Access on Android

Start with the Permission Manager. On most phones running current Android you get there by opening Settings > Security & privacy > Privacy > Permission manager. The exact wording shifts a little by brand. Samsung, Pixel and Motorola all keep it under Security & privacy now, but if you cannot find it, pull down the search bar at the top of Settings and type "permission manager" directly.

Inside, permissions are grouped by type rather than by app: Camera, Microphone, Location, Contacts, Photos and videos, Body sensors, SMS, Phone, Calendar and a handful of others. Tap any one and you see two lists, the apps you have allowed and the apps you have denied. This is the fastest way to answer a specific worry. If you are wondering "which apps can hear me?", open Microphone and read the allowed list. Anything there that has no business listening, you change.

The Permission Manager tells you what an app can do. The Privacy Dashboard tells you what apps actually did. Find it at Settings > Security & privacy > Privacy > Privacy dashboard.

It opens on a donut chart covering the last 24 hours, broken out by Location, Camera and Microphone, with a count of how many apps touched each. Tap a category and you get a timeline showing which app accessed it and when. Android 13 introduced this 24-hour dashboard; on Android 15 and later you can switch to a 7-day view, which is more useful for catching an app that wakes up your location once a night. If you see a flashlight app pinging your GPS at 3 a.m., that is your signal to go revoke it.

Treat the dashboard as a checkup, not a one-time fix. Apps update, and an update can ask for new access you never reviewed.

You do not have to dig through Settings to catch an app red-handed. Look at the top-right of your status bar. A green dot means an app is using your camera right now (and it also shows when the camera and microphone are in use together). An orange dot flags microphone use specifically. A faint location arrow shows when location is being read.

When the indicator appears, swipe down and tap it. Android names the app that is using the sensor. Since the indicator counts access as active if it is running or less than five seconds old, you will sometimes see it flash after you close a camera, which is normal. What is not normal is a note-taking app showing the green dot while it sits in the background. That is worth investigating.

When you tap a permission for a single app, you get a set of choices that matter more than most people realize:

• Allow all the time appears for Location only. Give this to maps, weather and fitness trackers, almost nothing else.
• Allow only while using the app is the right default for the camera, the mic and location in the vast majority of cases. The app gets access while it is open on screen and loses it the moment you leave.
• Ask every time grants a one-session pass and forgets it afterward. Good for an app you barely trust but occasionally need.
• Don't allow blocks it outright.

For photo and video access you will also see a "Select photos" option that hands over only the images you pick instead of your whole library. Use it for any app that just needs one picture for a profile.

Android quietly cleans up after you. If you have not opened an app in a few months (the system uses a window of around 90 days), it automatically resets that app's permissions and clears its temporary files. The next time you launch it, the app has to ask again. This is on by default for apps targeting modern Android.

You can confirm it per app: open Settings > Apps, pick the app, and look for "Pause app activity if unused." Keep it on for almost everything. The one exception is a background tool you rely on but rarely open, say a tasker automation or a smart-home bridge, where a permission reset would silently break it. Turn the toggle off for those few, and leave the rest alone. If you would rather just remove dead weight entirely, a good cleaner app can surface apps you have not touched in months so you can uninstall instead of merely revoking.

Most permissions only matter for one feature. Two are different, because granting them hands over far more control than their names suggest.

Accessibility. An app with an Accessibility service can read everything on your screen and tap things for you. That is exactly why banking trojans and stalkerware beg for it, often dressed up as a "speed booster" or "screen filter." Genuine uses exist, screen readers, password managers that autofill, automation tools, but the list of apps that legitimately need it is short. Check it at Settings > Accessibility > Installed apps (wording varies; some phones list it under Downloaded services). If something is there that you do not recognize, turn it off. Google has tightened this over recent releases, blocking sideloaded apps from gaining accessibility access through Restricted Settings, and Android 17's Advanced Protection Mode limits the API to verified accessibility tools only. Even so, the toggle is yours to police.

Display over other apps. This lets an app draw on top of whatever else is running, the mechanism behind chat-head bubbles, but also behind overlay attacks that fake a login screen over your bank. Review it at Settings > Apps > Special app access > Display over other apps. Allow it for the few apps where you clearly see the overlay (a messenger bubble, a screen recorder) and deny the rest.

If you want a second layer beyond Android's own controls, a reputable antivirus app will flag apps that quietly request accessibility or overlay access, and an app lock adds a gate in front of anything sensitive even when permissions are tidy.

Pulling a permission is not free. Cut camera access from a banking app and the check-deposit scanner stops. Deny location to a ride app and you have to type your pickup spot by hand every time. Block contacts on a messenger and it cannot show you who is already on the service. None of this damages your phone, but it does change how the app behaves, and the app rarely explains why a feature went dark.

So the realistic approach is not "deny everything." It is "match the permission to what the app is for, and prefer the narrowest option that still works." When a feature breaks after you tighten a setting, you will usually know which one to loosen, because you just changed it. The fixes for more cluttered or sluggish phones, by contrast, live over in our wider tools and utilities guides.

Set a recurring reminder and run the same short pass once a month:

1. Open the Privacy Dashboard and switch to the 7-day view. Scan Location, Camera and Microphone for any app whose access surprises you.
2. For each surprise, drop it to Allow only while using the app, or revoke it if you cannot justify the access at all.
3. Open Permission Manager > Microphone and > Location specifically, since those are the two most worth keeping short.
4. Check Accessibility and Display over other apps for anything new you do not recognize.
5. Uninstall apps you have not opened since last month rather than leaving them to auto-revoke.

Five minutes, once a month, and your phone stops leaking access you forgot you handed out. That beats a single heroic cleanup you do once and never repeat.