Thanks to the apps that power our mobile devices, no two smartphones or tablets are identical. Besides making our devices function exactly the way we need them to, apps are what make every single device a completely unique minicomputer, perfectly suited to its owner’s needs.

Unfortunately, those apps are the doorway to your security, too. If you stripped every single app off of your smartphone, there would be very little that a hacker or scammer could do to get into it and violate your safety. That’s why it’s so important that you understand the permission you’re giving to your apps, and why it wants that permission in the first place.

One of the more notorious app-based security threats was in the flashlight apps that appeared in the different app stores. These simple, free apps turned your phone’s camera flash into a sustained light. So what’s wrong with that? First of all, a lot of smartphones have flashlight functions already included, so downloading another app to do the same thing just takes up memory space. Also, these apps were free; if the developer doesn’t make any money on it, what could possibly be the incentive for creating it? The easy answer is advertising. Many free apps have innocuous little header or footer ads, and the company makes its money that way.

However, here’s the real threat: a lot of the flashlight apps were found to request super-user access to your device, such as connecting to your contacts list, when you downloaded it. Why would a flashlight need to know how to contact your friends? Because it was going to spam them with offers, links, or possibly even viruses. At the very least the developer made money by selling those phone numbers or email addresses to spammers, and at worst they were able to spread viruses to lots of people.

This is just one scenario involving one type of app, but it speaks to the big picture: be very careful about the types of permission your apps can have. Apps will ask to send you notifications, to access your contacts list, to access your photographs, even to post on your behalf on social media through your accounts. Make sure you trust the app to do these things, and deny that permission if you can’t determine why the app should be given that capability.

But what about the apps you’ve had stored in your device for years? Do you know what permission you’ve granted in the past?

Luckily, finding out what your apps can do is pretty simple. Depending on the type of phone you have, look in your phone’s settings and find the tab for privacy. Scroll down until you can see your list of apps. Under each separate one, you can grant or deny permission to certain features of your phone. Remember, this can impact how the app functions; if the app no longer works correctly because you’ve removed some of its access, you can undo it in the settings in the same way.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.