The Washington PostDemocracy Dies in Darkness

What those creepy-sounding app permissions mean — and when to be wary

Should you download that app? There are some things to think about first. Photo by Brent Lewin/Bloomberg

Facebook Messenger is the most-downloaded free app on Apple's App Store, yet many users are worried that the app is invading their privacy -- helping to earn it a one-and-a-half star average rating. Here's why: When you download it, the app asks for access to your microphone and your camera, spawning false rumors that Facebook will be able to record your activities using your own phone.

It's hard to download any app these days without being asked some mysterious questions asking for access to your phone's microphone, camera and contacts. But there are often some perfectly logical reasons for many of the scariest-sounding permissions.

Here's how to make sense of what to do when an app requests access to a particular part of your phone:

Your microphone: Many people look at this app permission and stop immediately, assuming that downloading an app that accesses the microphone means giving a company like Google or Facebook the greenlight to eavesdrop on all of your conversations. Before you jump to conclusions, though, think about the basic features of the app you're using. Is there an option to record audio? Send voice memos? Does the app have  to listen to your surroundings to function?

An app such as Shazam, which identifies songs playing around you, would necessarily have to access your microphone to work. So, too, do apps with voice control, which are listening -- though not recording -- in order to hear their trigger phrases such as "Okay Google." Facebook Messenger, by the way, wants access to your microphone so you can use its audio chat feature.

Your camera and photos: If you were nervous about having your microphone accessed, then you're probably even more concerned when you see a request to access your camera. But, again, there are reasons for an app such as Messenger to connect with your camera. The most obvious, of course, is if the app you're using is a photo-based app like Instagram. Without access to the camera, the app can't do anything with your pictures--in the case of Facebook Messenger, send photos to your friends. And without access to your photo folder or camera roll, these apps can't save those photos for you either.

Remember, too, that there may be some less obvious reasons that an app would need access to your camera. Scanning apps (for barcodes) or some games that incorporate  your real surroundings as part of a level would also need to be able to see with your phone's eyes.

Your "phone status and identity": This is, admittedly, one of the creepier permissions that comes up on the permissions list, and one that can certainly set heads scratching. But this can just mean that the app in question needs to know when your phone is about to ring, so that your game doesn't keep going while you're chatting away.

As for the identity portion, many app developers want to read your device's identity to make sure you're not pirating their software -- using the same app on multiple devices without permission. But it's harder for the average downloader to assess exactly why a developer may want access to this information, and granting access to your phone's individual identification number could make some people understandably wary. If you're not comfortable with the idea, this is a good time to do a little more research and read the developers' full terms and conditions to see if you can figure out what, exactly, they want to do with your information -- you could also contact the developer if you're feeling proactive.

Your contacts: Another permission that often catches people's attention is when apps ask for access to your contacts -- and, quite frankly, it should. Certainly some social apps like Facebook or Twitter have legitimate reasons to peer into your address book to do some matchmaking and check if you have friends already using their apps.

But there are a couple of additional things to consider when you grant an app access to your contact list. For one, when you share access to your contacts, you're basically granting this app access to other people's personal information -- even if it's just to check e-mails against their own databases of existing users. Another thought is that companies often encourage you to send messages to people in your address book in order to encourage your friends to also download the app. It's not always clear when an app is going to send a message like this -- LinkedIn is the prime example of a service that sends invite e-mails users may not have intended -- so you should be very protective of your contacts.

Your location: This is probably one of the most common permissions, and also one of the most personal pieces of information that you can grant to an app. In fact, one flashlight app didn't tell users that it sold their location information--and was officially warned by the Federal Trade Commission.

Obviously, if you're working with a mapping app, a check-in app or any sort of location-based service, those apps have a good reason to know where you are so they can do their jobs. But you should make sure you understand how much location information is getting pulled into your app -- Foursquare's new app, for example, keeps collecting location data even when it's closed. And companies may also want to know your location so they can tell their advertisers or sponsors when you're down the street -- and possibly interested in a sale.

If that makes you uncomfortable, then you can opt not to share your location data with that app, by heading to your location settings and disabling that function. The location of this setting varies by phone, but you can often find it in the privacy menu.