App permissions: Which iOS and Google Play Store app is the most invasive?

Mobile app permissions
Mobile app permissions

In the last two decades, the leap in personal technology ownership has been extreme. The advent of smartphones, and the subsequent rapid developments made to keep devices thin, reliable and cheap, has meant that 6.6 billion people around the world own and use a smartphone (according to Statista).

Smartphone users want to increase the functionality of their devices by downloading apps from stores such as iOS and the Google Play Store. With these apps, users can make accounts on social media, monitor their online banking, connect with others through games, and so much more. Your smartphone can help you access the world, but at a price: Each app will have its own specific permissions needs.

Social media sites like Facebook and Instagram let you upload pictures and videos, watch content and communicate with others all around the world for free. Their price is access: they use your data to curate a customer profile of you, analysing your likes and dislikes, which then feeds into targeted digital advertising for products or services it believes you’ll be interested in.

With 85% of the world’s current population owning and using smartphones, the business of digital advertising has exploded in the past ten years, with the market now worth an estimated $0.7 trillion.

When purchasing an app in Google Play or iOS, it specifies exactly what downloading the app gives access to. The ‘data linked to you’ consists of 14 different permissions, which include a vast amount of personal information, including location, picture and video files, health and fitness details, financial information, private messages, and so much more.

So, which of the top global apps are the most data-invasive?? We have researched the top 100 apps on both the iOS and Google Play Store platforms and ranked them based on the amount of permissions you are allowing access to when you download the app.

iOS: Top 20 apps as per their required permissions

The latest data reveals that 1.36 billion people globally use iOS and its services.

Social media service Facebook requires the joint-most permissions of any application in the iOS top 100 apps. There are 14 separate permissions needed for Facebook to function, meaning the platform has access to everything from search history to payment information and even your personal location. The app ranks 3rd on the iOS app store and 4th on Google Play, with the latter seeing over 5 billion downloads since the app’s introduction in September 2009.

The other two apps with 14 permissions required to function are Instagram and Messenger, which are both part of the Meta family that owns and operates Facebook. TikTok, the main rival social media to Meta services -and the most downloaded iOS app – needs only 11 permissions to operate.

Of the top 20 iOS data requirements, the vast majority of apps need 11 permissions to operate. These range from the aforementioned TikTok to Google and Google Chrome, as well as music service Spotify and language education app Duolingo.

Google Play Store: Top 20 apps as per their required permissions

Thanks to a wider range of mobile devices, alongside a lower average cost than iPhones, Android (and therefore Google Play) sees over 2.5 billion active users around the world, according to Android statistics.

Given the popularity and proliferation of Meta services, the apps that require the most permissions are once again owned by the Meta group; Facebook, Instagram, and Messenger, with 14 required data permissions. Downloads data shows that over 5 billion Google Play accounts have downloaded Facebook since its inception, with the same number attributed to Instagram and Messenger. This highlights just how many people have handed over their sensitive information to social media organisations looking to profit.

TikTok once again has just 11 permissions, showing that social media apps can retain full functionality whilst simultaneously not requiring as many permissions as that seen in the Meta family.

Within the top 20 apps that require the most permissions, the majority (13) need 11 permissions to function.

Do data permissions differ between app stores?

X, the app formerly known as Twitter, requires 11 different permissions to function on the Android app store. However, on the rival service iOS, X needs just seven permissions. The same can be said for Google: on the iOS platform, the search giant accesses 11 different types of data to function, whereas that number increases to 13 on the Google Play Store.

Cybersecurity industry experts AVG believe this difference is derived from the Google Play Store’s more relaxed auditing of what permissions are truly required for an app to function. For example, a gaming app will most likely not use your camera, and yet it may request access regardless. We recommend only allowing access to device features that the app truly needs, or else you risk your data becoming misused or stolen.

Energy consumption of apps

Recent research from Decluttr revealed that Social media apps, streaming services and some games are among the worst offenders for draining phone batteries.

The most damaging apps to a smartphone’s battery life are ones which are constantly running in the background – even when they are not actively being used.

Their research showed, similarly to the permissions we found in our own research, that Meta-owned Facebook and Instagram are some of the most draining, as they have access to your location, microphone, camera and contacts at all times. This also included Twitter, Snapchat and TikTok.

Aside from social media apps, streaming apps including Spotify and Netflix are also among the worst offenders for depleting your phone battery – and the Amazon app.

The app for taxi service Uber also drains battery life as, like social media apps, it has access to your location, microphone and media, as well as financial information.

It’s worth noting that whilst a large number of permissions on both platforms are labelled ‘optional’, the app and its services strongly encourage you to comply with their data requests. Some permissions are mandatory, such as name, age, and contact information (email or phone number).

In this age of digital information being shared around the world, the primary concern by cybersecurity experts is that of data security. According to mobile experts, the average smartphone owner has 80 apps on their device, all of which require some level of data permission to function. Having that many organisations access your personal data means that very little is actually private anymore.

For Q1 2023, there were a reported 6.1 million independent data breaches across the globe, with almost 700 million records leaked (source: Statista and ITgovernance respectively). The general laissez-faire attitude of people towards cybersecurity is contributing to a scenario in which no data is truly safe on your phone.

Cloud vs. data centers

As shown with the number of data breaches and leaks, once you allow an app to have access to your personal data, there is no guarantee as to how well it is protected. This is largely down to how the companies contain the private information.

If they use cloud, it will be the priority of the cloud provider to ensure it has the most up-to-date security certifications. If their cloud resides on several data centers in different locations, each location will need the proper cybersecurity measures.

Anyone with the proper credentials can access cloud data from anywhere with an internet connection. Whilst this is convenient, it opens an array of access points, all of which must be protected to ensure that data transmitted through them is secure.

Despite the growing popularity and benefits of cloud storage, many organizations have retained traditional data center. A data center is physically connected to a company’s local network which makes it easier to ensure that only people with company-approved credentials and devices can access stored apps and information. However, it does mean that the companies are responsible for their own security which could lead to cutting corners in some instances.


  • Information on the top 100 apps was scraped from both the iOS app store and the Google Play Store. From there, the app permissions required by each top 100 app were established. For comparison, each app’s download position was also noted in the ranking (this data was unavailable for iOS).
  • Once the data was collected, apps were ranked based on the number of permissions for each app on each platform.
  • Data is correct as of November 2023.