CSC Warns about the risks associated with application permissions on mobile

As part of the weekly awareness campaign of the "Cyber Pulse" initiative launched by the Cybersecurity Council (CSC), the Council warned in its weekly awareness message about cyber risks related to application permissions on mobile devices and the dangers of leaving them unchecked. It noted that such permissions may allow fraudsters to spy on users, steal their data, and share their information. The council also stressed that these permissions could expose individuals to various forms of fraud, as the information they provide can be used to design targeted and personalized scam operations.

CSC emphasized that protecting privacy is no longer a complex technical matter limited to specialists, but rather a shared responsibility that falls on every smartphone user. It noted that simple steps taken by users today can provide greater protection for their privacy and personal data, particularly amid the widespread proliferation of applications that request multiple permissions beyond what is actually required for their core functions.

The council further warned that application permissions may, in some cases, become a gateway exploited by fraudsters to spy on users and steal their personal data. Many applications request access to sensitive components of the phone, such as location, the camera, the microphone, or contact lists. If misused, this access may enable the collection of large amounts of personal information that can later be used for fraudulent schemes or extortion.

Despite the risks associated with such permissions, CSC pointed out that a large number of users fall into the trap of granting them automatically without careful review. Recent estimates indicate that around 65% of mobile phone users do not review application permissions after installation, which allows applications to gain access to sensitive data that may not be related to their primary function.

The weekly awareness campaign highlighted location data as one of the most prominent examples. Choosing the "Allow Always" option enables an application to continuously track a user’s movements even when the application is not actively in use. In other cases, some applications request permission to access the microphone or camera, meaning they may have access to these sensitive tools even when the user is not directly using the application.

Contact lists also represent a valuable source of information for fraudsters, as they can be exploited to carry out scams or extortion attempts by reaching out to the victim’s friends or acquaintances, or by using such data in large-scale phishing campaigns. The council reiterated in its weekly awareness message that data indicates approximately 62% of applications request unjustified permissions that could grant access to personal data or essential phone functions without a genuine need.

It added that the risks of excessive permissions go beyond privacy violations and may lead to a range of other digital threats. Every permission granted to an application carries a certain level of risk if misused, potentially resulting in the leakage of personal data, the monitoring of a user’s movements without their knowledge, or even partial control over device functions. In more serious cases, this could lead to direct financial losses or the spread of malware on the device.

CSC emphasized that reducing these risks does not necessarily require complex measures but rather greater digital awareness. Reviewing application permissions regularly, deleting unnecessary applications, and ensuring that apps are downloaded only from trusted sources are among the essential steps to protect personal data.

The council also advised limiting sensitive permissions whenever possible and choosing the "Allow only while using the app" option instead of "Allow always" when applications request access to location services, the camera, or the microphone. Such simple measures, it concluded, can serve as a first line of defense against digital surveillance attempts and data theft, helping users safeguard their privacy in an era of rapidly growing cyber threats.

CSC concluded that cybersecurity has become a major challenge in the digital space and that these preventive measures and responsible behaviors, alongside ongoing government efforts, contribute significantly to addressing current digital challenges arising from rapid technological advancements. In this context, the "Cyber Pulse" awareness campaign, launched by the Cybersecurity Council for the second consecutive year on social media platforms, supports the UAE’s continuous efforts to build a secure cyberspace that protects users from growing digital risks and keeps pace with rapid technological developments. This initiative aligns with a comprehensive national vision aimed at strengthening trust in the country’s digital ecosystem, promoting a culture of cybersecurity, enhancing digital awareness among families and individuals, and reinforcing cybersecurity practices to safeguard the safety and privacy of citizens and residents in an era of accelerated digital transformation.