PTKDMobile App Security
Knowledge base / PTKD-PRIV-PERMS
low M6 MASVS-PRIVACY-1 static analysis PTKD-PRIV-PERMS

Dangerous runtime permissions requested

The app requests sensitive permissions. Each one is an attack surface and a privacy exposure if not strictly needed.

How it's exploited

Dangerous permissions (SMS, contacts, fine location, call log) expand what any bug in your app can be escalated into, and stores increasingly reject apps whose permissions exceed their purpose.

Why it matters

Bigger blast radius on compromise, privacy findings in review, and store rejections.

How to fix it

  1. Remove permissions the current feature set does not use (check SDK-merged ones in the merged manifest).
  2. Request at time of use with clear rationale; prefer scoped alternatives (photo picker, approximate location).

References