Users Are Limiting App Permissions to Enhance Data Security & Privacy

Think about the last app you downloaded.

During setup, were you asked to grant access to your camera, microphone, or contacts? Did those requests have anything to do with what the app actually does?

If you hesitated before tapping "allow," you're not alone.

Users are increasingly skeptical of how apps collect and use their data, and the rise of AI has intensified that skepticism. In fact, 96% of users are concerned about how apps are using their personal data, with 78% saying they are more cautious about granting permissions since the growing presence of AI.

Clutch surveyed 476 consumers to understand how they feel about app permissions, what concerns drive their decisions, and how AI is reshaping their expectations around data privacy. Here’s what we found:

• 96% of users are concerned about how apps are using their personal data, with 78% saying they are more cautious about granting permissions since the growing presence of AI.
• 95% of users are concerned about their data privacy, with 51% trying to limit the data they share.
• Only 24% of users read each permission request and decide on it individually.
• More than half of users (54%) say they only sometimes or rarely understand why an app is requesting a specific permission.
• 65% of users have granted apps permissions they weren’t comfortable with just to use the app.
• 56% of users have had an experience in which they believed an app was using their microphone or camera without their knowledge, and another 28% have heard others say it has happened to them.
• 74% of users have revoked app permissions because they believe it was being misused, and 71% have deleted an app altogether.  
• 39% of users are skeptical that apps use their data only for the reasons they say they do, but accept it as part of using apps.

What’s Driving Data Privacy Concerns

Only 9% of smartphone users trust apps completely with their data, likely because of growing awareness about how their data is being used and monetized.

High-profile cases and the rise of AI have helped people realize that apps are collecting far more data than they originally understood.

For instance, a lawsuit filed in January 2025 alleged that Allstate secretly paid app developers to embed tracking software into popular apps like Life360 and GasBuddy. Usually, people downloaded these apps expecting to save money on gas and improve safety, but the apps also collected location, accelerometer, and gyroscope data.

Allstate then used this information to build a massive database that cataloged driving behavior. They were able to profit from it by adjusting insurance rates and selling the data to other insurers and third parties.  

Cases like this erode trust precisely because data is being secretly funneled to completely different companies for purposes users would never have imagined when they tapped "allow location access."

This isn’t an anomaly, either. Many apps are secretly gathering and transmitting information even when users aren't actively using them and selling it to third parties.

AI has only raised the stakes in recent years, too. Since AI models perform better the more data they consume, apps have a built-in incentive to request as many permissions as possible.

AI has also made that data even more valuable than it has been in the past. For example, AI systems can now use location data to predict where you'll go next, what you're likely to buy, and what your daily routines look like. Then that can be used for more targeted advertising.

The result is that the app permissions users grant today carry far more weight than they did just a few years ago.

Constant Surveillance and Security Risks Have Users on High Alert

Users are most concerned about being tracked or monitored when they’re not using the app (75%), followed by their data being sold to third parties or advertisers without their knowledge (70%), personal information being exposed during a data breach (69%), and the app collecting more data than it actually needs (68%).

The fear of being tracked tops the list for good reason. Background data collection — when an app continues to gather information from your device even when you're not actively using it — alarms most users because it feels so intrusive.

Data collection can reveal patterns that people consider deeply personal, such as where they sleep, who they visit, and how often they leave the house. And because users don't know exactly what's being collected or when, it creates a constant, low-grade sense of vulnerability that's hard to shake.

This is a real threat, too. In 2019, The Weather App was famously accused of deceptively using location data for advertising and other commercial purposes. While most people granted location access because they wanted a local forecast, the app continued to monitor their location around the clock, even when they weren’t using the app.  

This revealed sensitive information like where users lived, worked, and visited, and then the app sold that data to third-party advertising agencies, further sowing distrust in how apps collect and use data.

Targeted Ads Are a Dead Giveaway User Data is Being Sold

Targeted ads are perhaps the most visible and unsettling reminder that personal data is being monetized, which is why 70% of users list that as a top concern.

As people scroll through social media or browse online, they’re constantly inundated by ads that seem to be curated just for them — because they are.

A prime example is when a user searches for flights in an airline’s app, and then they suddenly start to see ads for hotel deals in that city online and on social media. When users see this, it’s obvious that apps are collecting data and actively sharing it across a network of advertisers and third parties.

What makes it especially frustrating is how little control people have over the process. By granting certain app permissions, they lose control of how their data is shared. Even when users are aware of the permissions they've granted, it's nearly impossible to know how far that access actually extends or who ultimately ends up with the data.

Users Feel Like Their Phones Are Spying on Them

What’s perhaps even more alarming is that many users feel like their phones are monitoring everything they do. In addition to accessing the data they create in-app, users are concerned that their phones are being used to capture even more information about them.

56% of users have had an experience in which they believed an app was using their microphone or camera without their knowledge, and another 28% have heard others say it has happened to them.

It often starts with a moment that feels too specific to be a coincidence, like if someone talks about needing new running shoes and then immediately sees an ad for Nike on Instagram.

Even if experiences like this can be explained by other forms of data tracking, like search history, location patterns, or purchasing behavior, users feel like their phones are eavesdropping or spying on them.

Proceed With Caution: Consider App Permissions Carefully

More than half of users (54%) say they only sometimes or rarely understand why an app is requesting a specific permission.

Users become confused when a flashlight app requests access to their location or a social media site asks for access to their contacts because it’s unclear why they would need that data.

That confusion exists for a reason. Apps frequently request access to data they don't need to function, with the goal of collecting more information that can be monetized or sold. These overreaching requests are a major red flag that users need to watch for to protect their privacy.

That's why carefully reading and considering each permission matters so much. The good news is that many users are already taking a cautious approach. Nearly a third (31%) say they deny everything by default and only allow permissions later if they have to, and another 24% consider each request carefully before deciding.

However, not everyone is as vigilant: 18% skim permission requests quickly and accept most of them, and 12% accept everything without reading at all.

It's easy to understand why. Setting up a new app while limiting permissions can be frustrating, especially when denying access means losing functionality.

If there’s an app update, they may receive new permissions requests, too. Users may not think twice about granting the permissions to apps they’ve been using for years. They already trust the app and may believe that nothing has fundamentally changed, even if it has.

“One of the most meaningful steps an average user can take to reduce data exposure is to regularly review app permissions and remove access that is not truly necessary,” advises Gagan Singh Shekhawat, a Growth Marketing Manager at Konstant Infosolutions. “Many people grant permissions quickly while installing an app and rarely check them again afterward.”

Sometimes, these apps continue to access this data even if it’s no longer necessary. “Over time, apps may continue accessing sensitive information such as location, camera, microphone, contacts, photos, files, Bluetooth, or background activity even when those permissions are no longer required for the app’s core functionality,” explains Shekhawat. Unfortunately, this can put many users at risk.

How App Permissions Impact Data Security

Beyond feeling like user privacy has been violated, there is a real threat to sharing your data with apps. “[App] permissions are doing 90% of the data leakage, 24/7, in the background, with zero action required from the user,” says Ilya Budko, the CEO at Weelorum.

“Over the years at Weelorum, we've audited and maintained mobile products across e-commerce, logistics, and lifestyle, and the same pattern shows up every time: the analytics and ad SDKs embedded in the product access location and identifiers far more often than the business actually needs.” says Budko. “It's not some kind of developer malice — it's the default behavior of third-party SDKs.”

Poor security practices can put users at even greater risk in ways that often go unnoticed:

• Third-party SDKs and ad trackers embedded in apps introduce vulnerabilities that the app developer may not even be aware of.
• Weak or outdated encryption practices leave stored and transmitted data exposed to interception.
• Apps that retain data indefinitely rather than deleting it after use extend the window of opportunity for a breach.

A 2025 data breach highlights how this can impact users. Gravy Analytics, a data broker, had been quietly purchasing location data collected from popular apps like Tinder, Candy Crush, MyFitnessPal, and even VPN and period-tracking apps.

When a hacker broke into their cloud environment, they stole over 30 million location records revealing where people lived, worked, and traveled, including visits to healthcare clinics and places of worship.

That data was then posted on a cybercrime forum, allowing anyone with malicious intent to track the movements and routines of millions of everyday app users.

The takeaway is this: each permission granted expands your digital footprint, and with it, your exposure. More shared data means more vulnerabilities and more opportunities for that data to end up in the wrong hands.

Of course, there are steps every user can take to protect themselves. This is what Budko advises:

• On iOS — go to Settings → Privacy → Tracking and disable “Allow Apps to Request to Track.” That single switch globally cuts cross-app profiling and hits ad networks hard where it actually matters.
• Location — move 90% of apps from “Always” to “While Using.” Social apps, messengers, and shopping apps don't need GPS in the background — they use it for ad targeting and analytics.
• Contacts and photos — switch to “Selected Photos / None” for everything that's not a photo or messaging app. Most apps request full access “just in case” and then quietly upload the entire address book.

Users are Quick to Revoke Access

With data security and privacy top of mind, users are quick to revoke access if they believe their data has been leaked or sold without their consent. In fact, 74% of users have revoked app permissions if they believed it was being misused.

This just underscores how much users truly care about data privacy and security. They’re not complacent, and they will take action if necessary.

Some users are being proactive about it, too. Rather than waiting for something to go wrong, they’re limiting the data they share from the moment they download an app.

Data Minimization for Stronger Privacy and Security

The concept of data minimization — giving an app the least access it needs — is filtering into mainstream behavior. More than half (51%) of users are trying to limit the data they share.

The idea is that by restricting the data apps have access to, you reduce the attack surface and the likelihood of being attacked.

Think of it this way: every permission you grant is a door. The more doors an app can open — contacts, location, camera, microphone, files — the more pathways exist for that data to be compromised. By closing some doors, you can better protect your data.

So what data are users trying to limit access to?

Users are most hesitant to grant app permissions for payment methods (31%), followed by location data (23%) and contacts (19%), making these the permissions they're least likely to approve.

It's no surprise that payment methods top the list. Granting an app access to your financial information creates a direct line to your money, and users know it.

However, other permissions on this list also carry serious risk. Your location, contacts, and calendar may seem harmless on their own, but combined, they create a detailed behavioral profile that can be just as valuable to bad actors.

“Location data is uniquely dangerous because it's both highly personal and highly monetizable — it reveals where you live, work, worship, seek medical care, and spend your free time,” explains Anna Robaczewska-Arendt, Head of Growth Marketing & Partner at Nomtek. “Many apps that have zero functional need for your GPS coordinates (think calculators, flashlights, casual games) request it simply because that data can be sold to third-party brokers.”

Ivan Dulnyavka, a Senior Software Engineer at DevCom, agrees that background location access is a major threat, saying, “This is the single largest passive data collection stream most users never revisit after installation.”

Users seem to understand this. Half (50%) say they're uncomfortable granting location access unless there's a clear reason for it, and 60% only allow apps to access their location while actively using the app.

“The single highest-impact action is going into your phone's privacy settings and switching every app's location permission from ‘Always’ to either ‘While Using the App’ or ‘Never,’” says Robaczewska-Arendt.

Ultimately, limiting app permissions, unless it’s clear why they’re needed, helps users reduce their exposure.

Concern About Data Security & Privacy Has Users Rethinking What They Share with Apps

Users are no longer passively tapping "allow." They're reading permission requests more carefully, limiting access to sensitive data, and deleting apps that overstep. This isn't a passing trend. It's what happens when people realize their data has been collected, sold, and exposed in ways they never agreed to.

In this market, business apps that are upfront about what they collect and why will keep their users. The ones that aren't will lose them. 

About the Author

Hannah Hicklen Content Marketing Manager at Clutch

Hannah Hicklen is a content marketing manager who focuses on creating newsworthy content around tech services, such as software and web development, AI, and cybersecurity. With a background in SEO and editorial content, she now specializes in creating multi-channel marketing strategies that drive engagement, build brand authority, and generate high-quality leads. Hannah leverages data-driven insights and industry trends to craft compelling narratives that resonate with technical and non-technical audiences alike. 

See full profile