Skip to content
Back to Security Center

Understanding App Permissions

What Are App Permissions?

App permissions are the access rights that mobile applications request in order to use certain features of your device. When you install or first use an app, it may ask for permission to access your camera, microphone, location, contacts, storage, and other device functions. Granting these permissions allows the app to interact with hardware and data on your phone. Whilst many of these requests are legitimate and necessary for the app to function, some apps request far more access than they actually need.

Understanding what each permission allows and why an app is requesting it puts you in control of your personal data and device security. The National Cyber Security Centre (NCSC) recommends reviewing app permissions regularly as part of good digital hygiene.

Camera Access

When you grant camera access, the app can take photos and record video using your device's front or rear camera. Legitimate uses include video calling, scanning QR codes, uploading profile photos, and listing items with images on marketplace platforms.

The risk arises when apps with camera access are poorly secured or deliberately malicious. In theory, an app with camera permission could capture images or video without your active knowledge, although modern operating systems now display indicators when the camera is in use. Be cautious about granting camera access to apps that have no obvious reason to use it.

Microphone Access

Microphone permission allows an app to record audio through your device's built-in microphone. This is necessary for voice calls, voice messages, voice search, and video recording with sound.

Concerns about microphone access are common and understandable. Whilst there is limited evidence that mainstream apps actively listen to private conversations for advertising purposes, the technical capability exists once permission is granted. Only allow microphone access for apps where audio functionality is a core feature.

Location Access

Location permission can be granted at different levels: "While Using the App", "Always", or "Never". This permission allows the app to determine your geographical position using GPS, Wi-Fi networks, and mobile phone masts.

Legitimate uses include navigation, finding nearby services, local weather forecasts, and connecting with people or listings in your area. On marketplace platforms, location data can surface relevant local listings and facilitate proximity-based meetups for transactions.

However, continuous location tracking ("Always" permission) creates a detailed record of your movements, daily routine, and frequently visited places. Grant "Always" access only to apps where it is genuinely necessary, such as navigation or fitness tracking apps. For most apps, "While Using the App" is sufficient.

Contacts Access

Contacts permission gives an app the ability to read your phone's address book, including names, phone numbers, email addresses, and sometimes physical addresses. Apps commonly request this to find friends who are already on the platform, making it easier to connect with people you know.

The risk is that your entire contact list is uploaded to the app's servers, where it may be stored, analysed, or even shared with third parties. This means you are not just sharing your own data but the personal information of everyone in your address book, most likely without their consent. Consider whether the social discovery feature is worth the privacy trade-off.

Red Flags in Permission Requests

Certain permission patterns should raise your suspicion:

  • Excessive permissions: A simple calculator app requesting camera, microphone, and contacts access has no legitimate reason for those permissions.
  • Permissions unrelated to functionality: If an app's core function does not require a particular permission, question why it is being requested.
  • Immediate requests: Apps that demand all permissions upon first launch, before you have even used the app, may be prioritising data collection over user experience.
  • Vague explanations: Legitimate apps usually explain why they need a permission at the point they request it. Apps that provide no context are less trustworthy.

Why KF.Social Requests Certain Permissions

KF.Social requests a limited set of permissions, each tied to a specific feature:

  • Camera: To allow you to take profile photos, upload marketplace listing images, and participate in video verification.
  • Location (While Using): To show you nearby marketplace listings and community events in your area. KF.Social does not track your location in the background.
  • Notifications: To alert you about messages, transaction updates, and community activity.
  • Storage: To allow you to select existing photos from your gallery for uploads.

KF.Social does not request access to your contacts, microphone (outside of video calls), or other sensitive device features that are unrelated to core platform functionality.

How to Manage Permissions

Both iOS and Android allow you to review and change app permissions at any time:

  • On iOS: Go to Settings, then Privacy & Security. You can view permissions by category (Camera, Microphone, Location) and see which apps have access.
  • On Android: Go to Settings, then Apps, select an app, and tap Permissions. You can also view by permission type under Settings, then Privacy, then Permission Manager.

Make it a habit to review your app permissions every few months. Revoke access for apps you no longer use or that do not need a particular permission. For detailed guidance on managing device permissions and staying safe on mobile, visit the NCSC's website.

How Data Brokers Collect and Sell Your Information

Data brokers are companies that collect, compile, and sell personal information about individuals, often without their knowledge or meaningful consent.

Read article

Your Rights Under GDPR and Data Protection Laws

UK data protection laws give you powerful rights over your personal data. Understanding these rights allows you to take control of how organisations collect, use, and store your information.

Read article

What Is Identity Theft and How to Prevent It

Identity theft occurs when someone uses your personal information without your consent, typically for financial gain. Understanding how it works is the first step to protecting yourself.

Read article
Back to Security Center