RASIMENE
Blog
Android·April 3, 2026·7 min read

Android permissions: what it really means when an app asks for your microphone.

Android does a poor job explaining permissions. We've translated the seven most dangerous ones into plain language — with the questions to ask before tapping 'Allow'.

ME
Mohamed ESSID
Founder — Trasimène

Microphone

Microphone access allows an app to record audio at any time when it's in the foreground — and in the background if it also holds RECORD_AUDIO with a foreground service.

In practice, legitimate apps only need the microphone for three purposes: voice/video calls, explicit voice recording, and on-demand speech recognition. A weather, delivery, or gaming app that requests microphone access is an immediate red flag.

On Android 12+, an orange indicator in the top-right corner lights up when an app uses the microphone. Learn to recognise it.

Precise location

Android distinguishes between approximate location (ACCESS_COARSE_LOCATION, roughly 3 km accuracy — equivalent to the city) and precise location (ACCESS_FINE_LOCATION, GPS to within a few metres).

Precise location lets apps track your movements with a fidelity that reveals your home address, workplace, commute habits, and medical visits. This data is extremely valuable on advertising markets — and even more so in the wrong hands.

Grant precise location only to navigation apps (Google Maps, Waze), delivery, and transport apps. Always choose 'Only while using the app' rather than 'Always'.

Contacts, SMS, Phone

These three permissions together form what security researchers call the 'social graph': a complete map of your human network. Contacts gives access to all names, phone numbers, emails, and notes for everyone in your address book. SMS exposes the text content of all your conversations — including 2FA codes. Phone reveals your complete call history.

A gaming, photo editing, or weather app that requests these permissions has no legitimate reason to do so. The only acceptable exception: messaging and telephony apps where these accesses are functionally justified.

The 4 questions to ask

Before granting any permission, ask yourself these four questions:

  • Does the app need this permission to function? (A PDF reader doesn't need your microphone.)
  • If I decline, does the app crash or refuse to start? (This strongly indicates abusive permission-grabbing or malware.)
  • Does the app belong to a known developer with a verifiable privacy policy?
  • Can the permission be granted 'only while using the app' rather than permanently?
Trasimène monitors in real time any apps using permissions in the background without a legitimate reason, and alerts you if suspicious behaviour is detected.

The golden rule is least privilege: only grant what is strictly necessary for the app to function. If in doubt, refuse and observe whether the app works anyway. You'll often be surprised to find it didn't need it.

Trasimène — Mobile security

Analyse your apps

Download Trasimène →
Back to blog