7+ phone privacy settings to check and turn off ASAP - to avoid exposing your personal data

Kerry Wan/ZDNET

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

• Smartphone permissions can quietly invade your privacy.
• Reviewing app permissions can help prevent data exposure.
• Check these permissions first, then audit them regularly.

Your smartphone, whether you favor Android, iOS, or a niche mobile operating system, can leave trails that those who know how to follow can track.

Every app I use requires some level of permission. When you want to order a takeaway, you might need to allow GPS to pinpoint your location; a utility app for speeding up mobile performance may need access to files and folders; or a social media platform may need permission to send push notifications.

Also: This silent Android feature scans your photos for 'sensitive content' - how to uninstall it

While convenient, unless smartphone permissions are properly managed, you might be granting apps far more control than they need -- and this opens the door to your private data being exposed.

You can decide exactly what your smartphone reveals about you, and when. By running a health check and tweaking the permissions below, you can drastically reduce your digital footprint and avoid unnecessary data exposure.

Where do I find my phone permissions?

Before I explore each permission and what you should enable or disable, you should know where you can find the permission settings.

The exact location will depend on the make and model of your smartphone, whether you have an Android or iOS handset, and the version of its operating system your device is running.

Also: How to clear your Android phone cache - the 30-second routine every user should be doing

However, on Android, you typically need to go to Settings > Security and privacy > More privacy settings > Permission manager. On iOS, you will likely find what you need under Settings > Privacy and Security, or Settings > the app you want to examine.

Charlie Osborne/ZDNET

Which permissions should I review or dsable?

When you install an app or it receives a major update, you will be asked which permissions to grant the app. For example, a weather application might ask for location data "all the time" to give you accurate weather reports, and a delivery service might ask you for the same to assist its delivery staff in finding you.

Also: The best way to protect your phone from a warrantless search in 2026

If an app asks for a permission that is considered sensitive, such as access to your location or to your smartphone's microphone, you will be asked whether to allow it "all the time," "while using the app," "ask every time," or "never."

To preserve your privacy, as a general rule, apps you use only casually should be limited to "while using the app" permissions -- but I will go into more detail on each permission below and when it may be appropriate to grant wider permissions, or none at all.

1. Location settings

As location permissions rely on GPS and can be used to track you directly or pinpoint your frequent haunts over time, location settings are the first you should audit.

Also: These warning signs could mean spyware is on your phone - and 9 ways to keep it secure

If you leave this permission on all of the time, you may be broadcasting where you are at home, at work, and in areas you frequently visit. This can be especially dangerous in cases of stalking or domestic abuse, although some of us do leave location sharing on so friends and family know where I am.

In general, leave this one to "only when using the app," or turn it on manually as and when you need to.

2. Camera settings

There's no need for your smartphone camera to be on all of the time. Not only will this drain your battery, but it's a gross invasion of privacy to be watched or recorded when you don't expect it.

Also: 7 ways to lock down your phone before heading to a protest

I recommend allowing permissions only "when using the app." This goes for camera filter apps, video calling, and social media. I have yet to encounter a single mobile app that could justify always-on access to your camera.

3. Microphone settings

Unbridled access to your microphone is another critical permission that could expose your data or invade your privacy.

Unless the app you've downloaded has an obvious need for access to your microphone, such as for calls or voice assistance and controls, either say "ask every time" or "never." For example, a news app should never need to be connected to your microphone or audio recordings.

Also: How to enable Advanced Protection on Android 16 - and why you shouldn't skip it

This can be especially concerning if an app also asks for camera access, unless it is a dedicated and trusted app for purposes such as video calls. Together, they could record your environment, your movements, and what you are saying.

4. Contacts and SMS

Contact and SMS messaging permissions are often requested by a variety of mobile apps, ranging from social media platforms to automotive features, such as Android Auto. Be cautious about allowing this, as it can reveal data about your close family ties, work, friends, and more -- as well as what you are saying to each other.

Also: How to turn on Lockdown Mode on iPhone - so even the FBI can't get in

For example, Instagram or TikTok might ask for permission to sync with known contacts and provide friend recommendations -- but this data could be used for profiling and targeted demographic advertising.

It's up to you whether you allow this, and you can always disable this permission later on.

5. Calendars

Granting every app on your handset access to your calendar could be asking for trouble. Apps like Google and Microsoft services, email, video conferencing, and system apps often require this, but you can opt for "ask every time" or "only while using this app" to limit the flow of your data.

Also: Your phone is sharing data without your knowledge - how to stop it ASAP

If you aren't controlling access to your calendar, this could reveal your schedule, where you will likely be, any travel -- potentially exposing when you will be away from home -- and any medical appointments you have booked.

6. Health data access

Your health and fitness information is a gold mine for companies that may use it for insurance, marketing, and even training large language models.

Also: What is antivirus software and do you still need it in 2026?

You should exercise extreme caution in allowing apps access to this data, especially if there doesn't appear to be any reason for it. For example, why would a shopping app, phone utility, or game ask for it?

By default, say no, unless the request is made by apps specifically focused on health and fitness services.

7. More permissions to check

• Photos & videos: Our photos and videos can be personal and sensitive, and some may contain metadata that reveals information about us and our location. Opt for no or limited access when you can.
• Physical activity: Access to your physical data and activity, such as what map apps sometimes request, should be treated the same way as access to medical and fitness information, as it can be just as sensitive and personal.
• Notifications: Watch out for any app that might ask for notification permissions. While some just want this permission to send you notifications and alerts, others might ask for this to intercept 2FA codes and security messages.
• Bluetooth, nearby devices: Bluetooth and nearby devices permissions are often needed for Bluetooth-connected products like home speakers or smart doorbells, but to keep a tight lid on these connections, only allow them when in use.

What should I do when apps ask for extensive permissions?

Before you immediately agree to every permission request in order to start using your new software, take a step back and think about why an app wants a specific permission.

Also: The best data removal services of 2026: Expert tested and reviewed

Demands for overextended app permissions could indicate that the mobile application you have downloaded is harboring a malicious secret -- especially if it asks for worrying combinations, such as access to your files and folders, camera, and microphone. Or, malware aside, the app's developer simply wants access to as much of your data as possible.

Using a mobile app or smartphone service is your choice, as is the volume of data you share. If it's too much, uninstall and delete such software, or disable certain features on your handset.

How often should I check permissions?

I recommend that you review your app permissions every few months. The more apps you install and use, the more frequently you should run a permissions check.

Also: The best mobile antivirus software of 2026: Expert tested and reviewed

Even if you don't often install new software, it's still worth making sure you understand what apps have access to your data and why. If you haven't used an app for a while, you should delete it.

As a final note, keep your operating system and apps updated, and install new versions as soon as they are available. An app might be trustworthy, but older software could contain vulnerabilities that can be exploited. You should also take action by deleting software if an app suddenly starts acting strangely, as there have been cases of apps starting off innocent, but later being updated to become malicious.