Microphone, contacts, location: The app permissions that could put your data at risk

SHAH ALAM – A shopping app asking for access to a microphone, contact list or call logs may be a warning sign that consumers should not overlook, cybersecurity experts say.

As online shopping continues to grow, many Malaysians download discount, rewards and e-commerce applications without paying close attention to the permissions they approve during installation.

Universiti Sains Malaysia Cybersecurity Research Centre director Professor Dr Selvakumar Manickam said one of the simplest ways to assess an application's trustworthiness is to examine whether its permissions match its intended purpose.

“One of the biggest warning signs is when an app requests permissions that do not appear necessary for its core function.

“A simple shopping or coupon app generally does not need constant access to a user's contacts, microphone, Short Message Service (SMS) messages, call logs or precise location,” he told Sinar Daily.

Selvakumar said consumers should ask themselves a straightforward question before granting access.

“Does this permission make sense for what the app is supposed to do?

“If a calculator app wants access to your contacts, that should immediately raise questions,” he said.

He added that app store approval should be viewed as a first layer of screening rather than a guarantee of safety.

Universiti Malaya Faculty of Computer Science and Information Technology professor Dr Ainuddin Wahid Abdul Wahab agreed, describing a mismatch between function and permission as one of the clearest cybersecurity red flags.

“Why does the app need ‘Always Allow’ background location tracking when ‘Only While Using the App’ is more than enough to deliver a parcel?” he said.

He also advised consumers to be cautious of apps that request microphone access, call logs or permissions unrelated to the services being offered.

Beyond permissions, Ainuddin said users should investigate app developers, review user feedback and monitor unusual behaviour after installation.

“One clear warning sign is an app demanding excessive permissions.

“Be wary of apps that drain your phone's battery unusually fast by constantly transmitting data in the background,” he said.

Ainuddin added that consumers should consider using e-wallets as a buffer between merchants and their primary bank accounts.

He emphasised that protecting yourself online does not mean avoiding e-commerce entirely, but rather shopping more wisely and taking appropriate precautions.

Both experts also cautioned consumers against assuming that applications available on official app stores are automatically safe.

To reduce risks, they recommended reviewing permissions regularly, enabling two-factor authentication, using separate email accounts for shopping platforms and avoiding unnecessary storage of payment card details.

As more consumers chase discounts and promotions online, they also stressed that a few extra seconds spent reviewing permissions could help prevent far bigger problems later.