A weather app asking for 11 permissions might sound absurd, but the figure isn't random.

You've probably wondered why a simple free app wants your location, contacts, camera, and microphone. It's frustrating, and it's not obvious what they're doing with that data.

It depends on who's really asking. The app itself may only need a couple of those. The rest are demanded by the advertising and data-collection systems that pay for the free download.

But understanding why apps ask for so much is only half the story. The real question is whether you can still use them without handing over everything.

Why do free apps ask for so many permissions?

Take a weather app. It doesn't need your contact list to forecast rain. But the free version bundles an ad network like Google's AdMob, which requires access to your device's advertising ID, location for targeted ads, and often contacts to build audience segments. The developer didn't choose those extra requests. The ad library demanded them. If the app refuses, it can't show targeted ads and loses its revenue stream.

This is why the permission list looks so long. App makers aren't just building features; they're hosting third-party SDKs that each come with their own data appetites. Facebook's Audience Network, for example, can harvest precise location even when the app doesn't use location. The business model is simple: you paid for the app with your privacy.

Which permissions are actually dangerous?

Android groups permissions into normal (like internet access) and dangerous (contacts, location, camera, microphone, storage). Dangerous ones can expose personal information. The permissions screen isn't a list of what the app needs; it's a list of what the data market wants.

  1. If an app requests contacts but isn't a messaging or dialer app, that's a red flag for data harvesting.
  2. Check whether the app's privacy policy mentions sharing data with 'partners' or 'advertisers'.
  3. Deny location permission unless the core function demands it (navigation needs it, weather and flashlights don't).

When you see a permission like 'read call log' on a game, the game isn't using it. The analytics SDK inside the game is logging your activity to sell to data brokers. In the US, federal law doesn't require apps to justify every permission request. That's why you see so many.

Why would a flashlight app need my location?

A flashlight app with location permission isn't trying to brighten your path. It's building a profile of where you go, how long you stay, and what kind of places you visit. That location data gets packaged and sold to companies that study foot traffic and consumer behavior.

Many people think these permissions are just for showing you ads. That understates it. The bigger business is collecting and reselling your location data, often through SDKs like Facebook's or Google's, which operate across thousands of apps. A single flashlight can feed your movement patterns into a multi-billion-dollar ad-tech supply chain.

What if denying permissions makes the app useless?

Some apps really do need permissions. A QR code reader without camera access can't scan anything. A ride-hailing app that can't see your location won't pick you up. Over-denying can break the app you wanted to use.

That's when you try the web version. For many services, the mobile website needs nothing beyond an internet connection. You lose a bit of convenience, but you keep your privacy. Banking apps often have web portals that don't ask for contacts or microphone access.

Another option: search for a privacy-focused alternative. Open-source flashlight apps exist. DuckDuckGo's browser blocks trackers by default. If an app's only justification for location is ad targeting, you have better choices.

Immediately: open your phone's permission manager and revoke anything you don't remember granting. Android and iOS let you see which apps can access your camera, microphone, and location in one place.

Same day: for the apps you must keep, check their privacy policies or research whether a privacy-focused alternative exists. If a weather app demands location and contacts, switch to a browser-based forecast.

Near-term: support stronger privacy laws. California's CCPA gives residents some control, but the US still lacks a federal law that forces apps to minimize data collection. Vote with your downloads and uninstalls.