<div>
Unfortunately, Apps need to be vetted. &nbsp;Apps can be quite insecurely set up and there have been cases where apps are malware. &nbsp;Basically, you should not download apps from untrusted devs.
</div>

<div>
Indeed only download apps from official app store. 
 
Of course one still has to be vigilant on permission granted to apps. It can be subjective to each and differs across everyone. 
 
Bu I do see certain permissions are more likely to put your security at risk than others. 
 
These permissions include: 
 
1. Finding or using accounts – Beware of apps that ask for permission to find and/or use accounts connected to the device. 
&gt;&gt;&gt;&nbsp;This permission can be dangerous because it may allow the app to impersonate the individual using these accounts. 
 
2. Permissions related to text messages – Beware of an app that asks for permission to read, edit or send messages with your device. 
&gt;&gt;&gt;&nbsp;These permissions not only put their privacy at risk, but they can also cost you money. 
 
3. Reading or modifying contacts – Beware 
of apps with a social component that require access to contact information. 
&gt;&gt;&gt;&nbsp;If the access seems unfounded, the app may be malicious. Don’t allow an application to access or modify your contact list unless you trust it completely. 
 
4. Access phone status and identity - Beware of apps that ask for access to contacts, access to the phone’s status and sometimes for identity for the proper functioning of the app. 
&gt;&gt;&gt;&nbsp;If it doesn’t seem like a logical request, ask yourself again before allowing an app access to this information. Err on safe side and continue to disallow and monitor again. 
 
5. Access to your location information – Beware of apps that use this permission to pinpoint your exact location at any given time. 
&gt;&gt;&gt;&nbsp;This permission may be necessary for some apps, even like the popular Pokémon GO or apps related to looking at driving through local traffic, but it can be dangerous to provide this information to an unknown third-party app. 
 
Always read fine prints and err on safe side. 
 
Be careful about granting any of the permissions typically identified as “risky,” those that are mentioned earlier. 
 
Don’t agree to the app requests unless they’re absolutely necessary for the app’s function and you’re confident that the app is safe. No 100% assurance but you can always monitor the apps usage and see if it is expected of it's normal doing.
</div>

<div>
I believe in the newer Android I can manually override each one of these permissions. Am I right? 
 
But, from the time the app is installed, if it takes me 5 to 10 minutes to drill down to each permission and turn it off, by that time couldn't a bad actor have pretty much imaged my phone with all the permissions seen here?
</div>

<div>
Yes you can override in newer version. App permissions for the Android versions prior to Marshmallow were on an all-or-nothing paradigm. 
 
On newer Android, you can review app permissions by visiting Settings &gt;&nbsp;Apps &amp;&nbsp;notifications &gt;&nbsp;App permissions. Here you can check all apps you have installed, grouped by permission. Go into each category and review each app permission and you can switch on or off. 
 
Yes indeed tedious for tedious checks. This is why there is also apps that can help the verification process. You can check out MyPermissions Privacy Cleaner which shows you whether you’re exposing yourself to privacy and security risks. It scan your apps permissions by reading their settings from your profile. 
 
For info, this apps claims not to collect or store any personal information about you or your browsing history. 
 
<a href="https://mypermissions.com/faq/" rel="ugc">https://mypermissions.com/faq/</a>
</div>

<div>
With the level of permissions described above couldn't a bad actor have pretty much imaged my phone by the time I get the permissions turned off? 
 
Is there any way to set all permissions PERMANENTLY off? &nbsp;So that, I'd need to turn them ON after the app was installed? 
 
Have you ever chosen not to install a &quot;popular&quot; based on the permissions? 
 
Many thanks!!! 
 
OT
</div>

<div>
<blockquote>
With the level of permissions described above couldn't a bad actor have pretty much imaged my phone by the time I get the permissions turned off?
</blockquote>
Imaging the phone is not straightforward and it takes time, so if you lost or misplaced your phone or left it unattended, you are setting yourself with bigger risk with loss of physical control. Also even if someone access your phone, I presume you will screen lock and have set your strong password, 2FA or biometric to deter direct access to use the phone. Also don't root your phone as it just open easier path to gain access to your phone. All that said, if someone can get your phone, access to the apps is trivial. 
 

<blockquote>
Is there any way to set all permissions PERMANENTLY off? &nbsp;So that, I'd need to turn them ON after the app was installed?
</blockquote>
I don't see there is a default deny all as the apps may also malfunction if certain permission is given. Google will need the developers to make the permission explicit to the user to be aware of the threat. But what I can find more reassuring is the Google play will check the apps regularly so just make sure they are checked (which is the default state). E.g. Settings -&gt; Google -&gt;Security -&gt; Google Play Protect-&gt; make sure &quot;Scan device for Security threats&quot; and &quot;Improve harmful app detection&quot; are checked. 
 

<blockquote>
Have you ever chosen not to install a &quot;popular&quot; based on the permissions?
</blockquote>
If I need the apps I will then allow though I be wary on the permission required, otherwise I would not even bother to have it install in the first place. &nbsp;I will &nbsp;make sure the apps come from known sources.
</div>

oaktrees

<div>
Thank you BOTH! &nbsp;Amazing, detailed EXPERT answers! 
 
:)))))))))))))))))))))))))))))))))))))))
</div>

<div>
<div class="content wysiwyg-content">
When I read the number of permissions some Android apps need, I fee stunned. &nbsp;How do you experts react when you see this much authority being asked for? &nbsp;Looking at the list below, for a VERY popular app, seems like, if the developed wanted to, from his keyboard he could open up my phone and very nearly know everything that's on it. &nbsp;Am I right? &nbsp;What's the risk here? &nbsp;And, how do you manage it? &nbsp; 
 
I believe in the newer Android I can manually disable each one of these permissions. &nbsp;I'm guessing that will affect the app performance in the long run. &nbsp; 
 
But, from the time the app is installed, if it takes me 5 to 10 minutes to drill down to each permission and turn it off, by that time couldn't a bad actor have pretty much imaged my phone with all the permissions seen here? 
 
This app has access to: 
Device &amp;&nbsp;app history 
retrieve running apps 
read sensitive log data 
Phone 
directly call phone numbers 
Photos/Media/Files 
read the contents of your USB storage 
modify or delete the contents of your USB storage 
Storage 
read the contents of your USB storage 
modify or delete the contents of your USB storage 
Camera 
take pictures and videos 
Wi-Fi connection information 
view Wi-Fi connections 
Other 
modify secure system settings 
pair with Bluetooth devices 
access Bluetooth settings 
change network connectivity 
connect and disconnect from Wi-Fi 
full network access 
close other apps 
change your audio settings 
control Near Field Communication 
run at startup 
reorder running apps 
control vibration 
prevent device from sleeping 
modify system settings
</div>
</div>

When I read the number of permissions some Android apps need, I fee stunned.  How do you experts react when you see this much authority being asked for?  Looking at the list below, for a VERY popular app, seems like, if the developed wanted to, from his keyboard he could open up my phone and very nearly know everything that's on it.  Am I right?  What's the risk here?  And, how do you manage it?  

I believe in the newer Android I can manually disable each one of these permissions.  I'm guessing that will affect the app performance in the long run.  

But, from the time the app is installed, if it takes me 5 to 10 minutes to drill down to each permission and turn it off, by that time couldn't a bad actor have pretty much imaged my phone with all the permissions seen here?

This app has access to:
Device & app history
retrieve running apps
read sensitive log data
Phone
directly call phone numbers
Photos/Media/Files
read the contents of your USB storage
modify or delete the contents of your USB storage
Storage
read the contents of your USB storage
modify or delete the contents of your USB storage
Camera
take pictures and videos
Wi-Fi connection information
view Wi-Fi connections
Other
modify secure system settings
pair with Bluetooth devices
access Bluetooth settings
change network connectivity
connect and disconnect from Wi-Fi
full network access
close other apps
change your audio settings
control Near Field Communication
run at startup
reorder running apps
control vibration
prevent device from sleeping
modify system settings

Are App Permissions an Identity Theft Risk?  Or, Worse? Or, Not at All?

Identity theft

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Android is a mobile operating system developed by Google, based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets. Android's user interface is based on direct manipulation, using touch gestures that loosely correspond to real-world actions, such as swiping, tapping and pinching, to manipulate on-screen objects, along with a virtual keyboard for text input. In addition to touchscreen devices, variants of Android are also used on notebooks, game consoles, digital cameras, televisions, automobiles and other electronics. Applications are usually developed in Java programming language using the Android software development kit (SDK), but other development environments are also available, including Delphi, Ruby and Visual Studio (using C++).