I always change these 7 phone privacy settings on every new device - here's why

Kyle Kucharski/ZDNET

Follow ZDNET: Add america arsenic a preferred source connected Google.

ZDNET's cardinal takeaways

• Smartphone permissions tin softly invade your privacy.
• Reviewing app permissions tin assistance forestall information exposure.
• Check these permissions first, past audit them regularly.

Your smartphone, whether you favour Android, iOS, oregon a niche mobile operating system, tin permission trails that those who cognize however to travel tin track.

Every app I usage requires immoderate level of permission. When you privation to bid a takeaway, you mightiness request to let GPS to pinpoint your location; a inferior app for speeding up mobile show whitethorn request entree to files and folders; oregon a societal media level whitethorn request support to nonstop propulsion notifications.

Also: This soundless Android diagnostic scans your photos for 'sensitive content' - however to uninstall it

While convenient, unless smartphone permissions are decently managed, you mightiness beryllium granting apps acold much power than they request -- and this opens the doorway to your backstage information being exposed.

You tin determine precisely what your smartphone reveals astir you, and when. By moving a wellness cheque and tweaking the permissions below, you tin drastically trim your integer footprint and debar unnecessary information exposure.

Where bash I find my telephone permissions?

Before I research each support and what you should alteration oregon disable, you should cognize wherever you tin find the support settings.

The nonstop determination volition beryllium connected the marque and exemplary of your smartphone, whether you person an Android oregon iOS handset, and the mentation of its operating strategy your instrumentality is running.

Also: How to wide your Android telephone cache - the 30-second regular each idiosyncratic should beryllium doing

However, connected Android, you typically request to spell to Settings > Security and privateness > More privateness settings > Permission manager. On iOS, you volition apt find what you request nether Settings > Privacy and Security, oregon Settings > the app you privation to examine.

Charlie Osborne/ZDNET

Which permissions should I reappraisal oregon dsable?

When you instal an app oregon it receives a large update, you volition beryllium asked which permissions to assistance the app. For example, a upwind exertion mightiness inquire for determination information "all the time" to springiness you close upwind reports, and a transportation work mightiness inquire you for the aforesaid to assistance its transportation unit successful uncovering you.

Also: The champion mode to support your telephone from a warrantless hunt successful 2026

If an app asks for a support that is considered sensitive, specified arsenic entree to your determination oregon to your smartphone's microphone, you volition beryllium asked whether to let it "all the time," "while utilizing the app," "ask each time," oregon "never."

To sphere your privacy, arsenic a wide rule, apps you usage lone casually should beryllium constricted to "while utilizing the app" permissions -- but I volition spell into much item connected each support beneath and erstwhile it whitethorn beryllium due to assistance wider permissions, oregon nary astatine all.

1. Location settings

As determination permissions trust connected GPS and tin beryllium utilized to way you straight oregon pinpoint your predominant haunts implicit time, determination settings are the archetypal you should audit.

Also: These informing signs could mean spyware is connected your telephone - and 9 ways to support it secure

If you permission this support connected each of the time, you whitethorn beryllium broadcasting wherever you are astatine home, astatine work, and successful areas you often visit. This tin beryllium particularly unsafe successful cases of stalking oregon home abuse, though immoderate of america bash permission determination sharing connected truthful friends and household cognize wherever I am.

In general, permission this 1 to "only erstwhile utilizing the app," oregon crook it connected manually arsenic and erstwhile you request to.

2. Camera settings

There's nary request for your smartphone camera to beryllium connected each of the time. Not lone volition this drain your battery, but it's a gross penetration of privateness to beryllium watched oregon recorded erstwhile you don't expect it.

Also: 7 ways to fastener down your telephone earlier heading to a protest

I urge allowing permissions lone "when utilizing the app." This goes for camera filter apps, video calling, and societal media. I person yet to brushwood a azygous mobile app that could warrant always-on entree to your camera.

3. Microphone settings

Unbridled entree to your microphone is different captious support that could exposure your information oregon invade your privacy.

Unless the app you've downloaded has an evident request for entree to your microphone, specified arsenic for calls oregon dependable assistance and controls, either accidental "ask each time" oregon "never." For example, a quality app should ne'er request to beryllium connected to your microphone oregon audio recordings.

Also: How to alteration Advanced Protection connected Android 16 - and wherefore you shouldn't skip it

This tin beryllium particularly concerning if an app besides asks for camera access, unless it is simply a dedicated and trusted app for purposes specified arsenic video calls. Together, they could grounds your environment, your movements, and what you are saying.

4. Contacts and SMS

Contact and SMS messaging permissions are often requested by a assortment of mobile apps, ranging from societal media platforms to automotive features, specified arsenic Android Auto. Be cautious astir allowing this, arsenic it tin uncover information astir your adjacent household ties, work, friends, and much -- arsenic good arsenic what you are saying to each other.

Also: How to crook connected Lockdown Mode connected iPhone - truthful adjacent the FBI can't get in

For example, Instagram oregon TikTok mightiness inquire for support to sync with known contacts and supply person recommendations -- but this information could beryllium utilized for profiling and targeted demographic advertising.

It's up to you whether you let this, and you tin ever disable this support aboriginal on.

5. Calendars

Granting each app connected your handset entree to your calendar could beryllium asking for trouble. Apps similar Google and Microsoft services, email, video conferencing, and strategy apps often necessitate this, but you tin opt for "ask each time" oregon "only portion utilizing this app" to bounds the travel of your data.

Also: Your telephone is sharing information without your cognition - however to halt it ASAP

If you aren't controlling entree to your calendar, this could uncover your schedule, wherever you volition apt be, immoderate question -- perchance exposing erstwhile you volition beryllium distant from location -- and immoderate aesculapian appointments you person booked.

6. Health information access

Your wellness and fittingness accusation is simply a golden excavation for companies that whitethorn usage it for insurance, marketing, and adjacent training ample connection models.

Also: What is antivirus bundle and bash you inactive request it successful 2026?

You should workout utmost caution successful allowing apps entree to this data, particularly if determination doesn't look to beryllium immoderate crushed for it. For example, wherefore would a buying app, telephone utility, oregon crippled inquire for it?

By default, accidental no, unless the petition is made by apps specifically focused connected wellness and fittingness services.

7. More permissions to check

• Photos & videos: Our photos and videos tin beryllium idiosyncratic and sensitive, and immoderate whitethorn incorporate metadata that reveals accusation astir america and our location. Opt for nary oregon constricted entree erstwhile you can.
• Physical activity: Access to your carnal information and activity, specified arsenic what representation apps sometimes request, should beryllium treated the aforesaid mode arsenic entree to aesculapian and fittingness information, arsenic it tin beryllium conscionable arsenic delicate and personal.
• Notifications: Watch retired for immoderate app that mightiness inquire for notification permissions. While immoderate conscionable privation this support to nonstop you notifications and alerts, others mightiness inquire for this to intercept 2FA codes and information messages.
• Bluetooth, adjacent devices: Bluetooth and adjacent devices permissions are often needed for Bluetooth-connected products similar location speakers oregon astute doorbells, but to support a choky lid connected these connections, lone let them erstwhile successful use.

What should I bash erstwhile apps inquire for extended permissions?

Before you instantly hold to each support petition successful bid to commencement utilizing your caller software, instrumentality a measurement backmost and deliberation astir wherefore an app wants a circumstantial permission.

Also: The champion information removal services of 2026: Expert tested and reviewed

Demands for overextended app permissions could bespeak that the mobile exertion you person downloaded is harboring a malicious concealed -- particularly if it asks for worrying combinations, specified arsenic entree to your files and folders, camera, and microphone. Or, malware aside, the app's developer simply wants entree to arsenic overmuch of your information arsenic possible.

Using a mobile app oregon smartphone work is your choice, arsenic is the measurement of information you share. If it's excessively much, uninstall and delete specified software, oregon disable definite features connected your handset.

How often should I cheque permissions?

I urge that you reappraisal your app permissions each fewer months. The much apps you instal and use, the much often you should tally a permissions check.

Also: The champion mobile antivirus bundle of 2026: Expert tested and reviewed

Even if you don't often instal caller software, it's inactive worthy making definite you recognize what apps person entree to your information and why. If you haven't utilized an app for a while, you should delete it.

As a last note, support your operating strategy and apps updated, and instal caller versions arsenic soon arsenic they are available. An app mightiness beryllium trustworthy, but older bundle could incorporate vulnerabilities that tin beryllium exploited. You should besides instrumentality enactment by deleting bundle if an app abruptly starts acting strangely, arsenic determination person been cases of apps starting disconnected innocent, but aboriginal being updated to go malicious.