Android has a powerful permission system that forces apps to declare the exact permissions they require — whether it’s displaying notifications, reading your contacts, or accessing your location. Controlling these permissions as a user is possible, but more complicated.
The permission system seems powerful, but there’s one big problem for Android users: By default, it’s a take-it-or-leave-it offer. You can choose to install the app and grant the permissions or not install it.
Update: Google removed the AppOps feature from Android 4.4.2, claiming it was released accidentally. There’s now no way to easily manage most permissions without rooting your device or installing a custom ROM.
Restrict Notification Permissions
The only permission Android allows you to easily manage is the notification permission. If you want to use an app but it’s abusing notifications — maybe it’s a free-to-play game hassling you to come back or a free app showing advertisements in your notification drawer — you can choose to revoke its notification permissions.
To do this, open the Settings app, tap Apps, and tap the name of the app. Uncheck the Show notifications box and the app won’t be allowed to display notifications anymore.
AppOps, Android’s Hidden Permissions Manager [Android 4.3+]
Google added a new permission manager in Android 4.3, and it’s still present in Android 4.4. Unfortunately, this feature is hidden and Android doesn’t provide an easy, built-in way of getting at it. If we’re lucky, Google will one day expose this feature so all Android users can have control over what their apps can do. For now, this feature should be regarded as unstable and not final. However, many Android users have reported that it works well. Better yet, it can be used very easily without rooting or installing a custom ROM. All you need is a device with Android 4.3 or newer.
This feature is named AppOps. It allows you to choose which permissions (or “operations”) an app is allowed to use. To prevent apps from force-closing, the system will return empty data if they request it. For example, if an app tries to access your contacts but you’ve removed the contacts permission, the app will receive an empty list of contacts rather than receiving a “PERMISSION DENIED” error and crashing.
There are many apps that do this in Google Play, some of which try to take credit for the permission manager and add additional features. But all you really need is a shortcut that allows you to launch the hidden AppOps screen. To get this, just download the AppOps app. With it installed, you can launch the AppOps shortcut from your app drawer to access the hidden App ops screen.
You’ll see a list of apps and can swipe between tabs to access Location, Personal, Messaging, Media, and Device lists. These lists will show you which apps are using which permissions and when they used the permission. For example, here we can see that the Google Maps app used its location permission to access our current location 22 minutes ago.
Tap an app and you can see which permissions it has, when it used those permissions, and you can disable those permissions if you like. For example, we can see that Evernote accessed our location two days ago, but has never accessed our contacts or call log, even though it has permission to do so.
Set a permission’s slider to Off to revoke that permission from the app. For example, here we’ve prevented Angry Birds from accessing our location.
Note that this feature is available on Nexus devices like the Nexus 5, Nexus 4, Nexus 7, Nexus 10, and Galaxy Nexus. It may or may not be available on other manufacturer’s devices, such as Samsung and HTC devices. It’s up to the manufacturer whether to include or exclude this feature.
Root App Permission Managers
Historically, permission management apps on Android have required root access. Many of these apps only worked in Android 2.3 Gingerbread and broke on newer versions of Android, such as Android 4.0. Many permission management apps in Google Play now simply provide a frontend that allows you to access the permission manager built into Android 4.3, which is why they require Android 4.3.
The one missing piece is that AppOps doesn’t allow you to control which apps can access the Internet. To do this, you’ll need “firewall” apps from Google Play that require root access. For example, avast!’s free Android security app includes a firewall, but using it requires root access.
CyanogenMod and Other Custom ROMs
Custom ROMs often offer permission management features, too. CyanogenMod includes Privacy Guard, an interface that allows you to restrict app permissions.
As of Privacy Guard 2.0, this feature simply provides an interface to the AppOps permission manager integrated into Android. Like the various apps available in Google Play, CyanogenMod is simply using the AppOps feature built into Android. CyanogenMod provides easier access and a different interface, but the functionality is the same.
You can’t prevent an app from accessing the Internet in Android with AppOps, but you can restrict an app’s mobile data usage. To do so, open the Settings screen, tap Data usage, and tap the app’s name. Scroll down and enable the Restrict background data option. The app won’t be allowed to use any mobile data unless you’re actively using it. It won’t be allowed to use mobile data in the background.