ZCyberNews
中文
Industry NewsMedium2 min read

Mobile App Permissions Still Expose Users to Privacy Risks

ESET analysis shows 1 in 3 Android apps request unnecessary permissions — location, camera, microphone — enabling data harvesting and surveillance. Users should audit permissions.

Mobile App Permissions Still Expose Users to Privacy Risks

Executive Summary

A new analysis from ESET's WeLiveSecurity blog warns that mobile app permissions remain a significant privacy and security risk, with many apps requesting access to data they do not need to function. The report, published April 27, 2026, highlights that blindly accepting permission prompts can expose users to data harvesting, surveillance, and credential theft. ESET researchers found that approximately one in three Android apps request permissions unrelated to their core functionality — such as a flashlight app asking for location or microphone access. The post urges users to treat permission grants as security decisions, not convenience prompts.

Technical Analysis

ESET's analysis examined common patterns across Android and iOS apps, though the detailed findings focus on Android due to its more granular permission model. The researchers identified several categories of over-permissioned apps: utilities (flashlights, QR scanners) requesting camera and location; social media apps demanding contact lists and call logs; and games accessing microphone and storage. The report notes that while Android 11+ introduced auto-reset permissions for unused apps, many users still grant permanent access without review. ESET cites the example of a QR scanner that also requests SMS read and send permissions — a combination that could enable premium SMS fraud if the app were compromised. The post does not name specific apps or versions, but describes the risk as systemic across app stores.

Mitigations & Recommendations

ESET recommends users adopt a deny-by-default approach: only grant permissions that are clearly necessary for the app's stated function. On Android, users should navigate to Settings > Apps > [App Name] > Permissions to revoke any suspicious grants. For iOS, the Privacy settings menu offers similar controls. The report also advises enabling Android's "Auto-reset permissions" feature (Settings > Privacy) and regularly auditing the permission dashboard. For enterprises, ESET suggests mobile device management (MDM) policies that block installation of apps requesting high-risk permission combinations, such as camera plus microphone plus location.

Stay Updated

Get the latest cybersecurity news delivered to your inbox.

Tags:#mobile-security#app-permissions#privacy#android#eset

Related Articles

Google Tightens Android 17 Privacy Rules, Blocks 8.3 Billion Ads in 2025INFORMATIONAL
Industry News

Google Tightens Android 17 Privacy Rules, Blocks 8.3 Billion Ads in 2025

Google announced new Android 17 privacy policies restricting contact and location data access, while its 2025 ad safety report details the blocking of 8.3 billion policy-violating ads and 24.9 million advertiser account suspensions.

4 min read
Canada Arrests Three Over SMS Blaster Phishing DeviceHIGH
Industry News

Canada Arrests Three Over SMS Blaster Phishing Device

Three men arrested in Toronto for operating an SMS blaster that impersonated cell towers to send phishing texts targeting banking credentials in a multi-month campaign.

2 min read
ESET: SMBs Gain Defensive Edge via Threat Research, MDRINFORMATIONAL
Industry News

ESET: SMBs Gain Defensive Edge via Threat Research, MDR

ESET Threat Research Director Jean-Ian Boutin explains how SMBs leverage MDR and threat intel to detect intrusions faster, citing 3.5-day median dwell time reduction.

3 min read