How to Audit Camera Permissions on Android

Privacy on your smartphone isn't a set-it-and-forget-it affair; it requires regular maintenance to ensure your hardware isn't being exploited. Managing your android camera permission is perhaps the most critical step in this process because, unlike location data which identifies where you are, camera access allows apps to see your private life, your home, and your face. It is far too common for a utility or shopping app to request permanent access to your lenses when a one-time permission would have sufficed. Whether you are worried about "creepy" advertisements or genuine spyware, auditing which apps can see through your viewfinder is the first line of defence.

I have spent the last week testing these privacy controls across a Google Pixel 8 Pro running the Android 15 beta, a Samsung Galaxy S24 with One UI 6.1, and a Xiaomi 14 Ultra powered by HyperOS. While the core mechanics of Android remain consistent, each manufacturer hides these toggles in slightly different menus. In this guide, I will show you how to identify which apps have used your camera in the last 24 hours, how to revoke access for greedy software, and how to use the "nuclear option" to disable your camera hardware entirely at the system level. By the end of this article, you will have a lean, secure device where only the apps you trust have your permission to film.

Check the Privacy dashboard

The Privacy dashboard is the most underrated feature introduced in Android 12 and refined in Android 13 and 14. It provides a chronological timeline of every single instance an app accessed your camera, microphone, or location. This is where I always start my audits because it exposes "ghost" usage—times when an app opened the camera in the background without you ever seeing a viewfinder on your screen. On most modern devices, you can find this by going to Settings > Security & privacy > Privacy > Privacy dashboard. If you are on a device running Android 15, the path is identical, though the interface looks slightly cleaner and groups system services more effectively.

Once you tap on the "Camera" category within the dashboard, you will see a 24-hour chart. On a Samsung device, this is often found under Settings > Security and privacy > Privacy > View all permissions. This list is revealing; if you see Instagram or TikTok accessing your camera at 3:00 AM while you were asleep, it is a massive red flag. When you tap on a specific app entry in this timeline, Android allows you to jump directly to that app's permission settings to revoke access immediately. I recommend checking this dashboard once a week to spot patterns. For example, some retail apps might trigger the camera to prepare for a QR code scan even if you haven't tapped the scan button yet.

In Android 14 and 15, the dashboard has become more granular. It distinguish between "foreground" and "background" usage more clearly. If an app is using your camera while the screen is off or while you are using a different app, Android will now flag this more aggressively. For Xiaomi users on HyperOS, the dashboard is integrated into the "Security" app under the "Privacy" tab. Xiaomi's implementation is particularly aggressive, showing you how many times an app high-jacked the camera and offering a "Privacy protection" score that drops if you have too many apps with "Always allow" status. Regardless of your brand, if an app appears in this dashboard without a logical reason, revoking its android camera permission should be your next move.

Permission manager walkthrough

While the dashboard shows you the past, the Permission manager controls the future. This is the central database where every installed app is categorised by what hardware it can touch. To access this on a stock Android 14 or 15 device (like a Pixel or Motorola), follow this path: 1. Open Settings. 2. Tap Security & privacy. 3. Select Privacy. 4. Tap Permission manager. 5. Choose Camera. Here, you will see apps sorted into three buckets: "Allowed all the time" (which is rare for cameras), "Allowed only while in use," and "Not allowed."

Your goal is to move as many apps as possible to the "Not allowed" or "Ask every time" categories. Android 13 introduced a significant change where apps are nudged toward the "While in use" permission by default, but I find that many users still accidentally grant permanent access during initial setup. When you tap on an app like Facebook or WhatsApp, you should ensure it is set to "Ask every time" if you rarely use the camera in those apps, or "Allow only while using the app" for your primary communication tools. Specifically, check the "See all [App Name] permissions" link at the bottom of the screen to ensure the app hasn't also gained access to your microphone or files, as these often go hand-in-hand with camera usage.

Samsung One UI 6 users will find this under Settings > Apps > Triple-dot menu (top right) > Permission manager > Camera. Samsung’s layout is a bit more vertical but functions similarly. One specific tip for Android 14 users: look for the "Remove permissions if app is unused" toggle at the bottom of each app's permission page. Enabling this is a brilliant safety net. If you don't open a specific photo editing app for three months, Android will automatically strip its android camera permission, preventing it from being exploited if the app developer's servers are ever compromised. This automatic hibernation is one of the most effective ways to manage a large library of apps without manual intervention.

The global camera kill-switch

There are times when you want absolute certainty that no app, not even the stock system camera, can see anything. Android 12 introduced a global "Camera access" toggle that acts as a hardware-level kill-switch. When this is turned off, any app that attempts to open the camera will simply receive a black feed or a system error. This is perfect for high-security meetings or private moments where you want to ensure total privacy without turning off your phone. On a Pixel or any stock-adjacent device, swipe down twice from the top of your screen to open the Quick Settings tiles. If you don't see the "Camera access" tile, tap the pencil icon to edit your tiles and drag it into your active grid.

On Samsung devices, this is often called "Camera access" as well, but it might be hidden deep in the Quick Settings layout. On Xiaomi HyperOS, you may need to enable "Privacy input protection" within the Security app to get a similar effect, though HyperOS usually follows the standard Android tile method for the camera kill-switch. When you tap this tile to "Off," the icon will turn grey or have a line through it. If you then try to open an app like Instagram and hit the "Story" button, Android 14/15 will show a system pop-up asking if you want to "Unblock" the camera. This prevents accidental blocks while ensuring no background process can bypass the restriction.

It is important to understand that this global switch is a software-enforced hardware block. It is much more effective than a physical camera slider for many users because it also notifies you if an app is trying to break the seal. I recommend using this "nuclear option" whenever you are in a sensitive environment. In Android 15, Google has even hinted at making this toggle accessible via "Lockdown mode," which would further harden the device against unauthorised surveillance. If you find yourself frequently worried about your android camera permission being bypassed by sophisticated malware, keeping this tile in your top four Quick Settings is the most practical solution available.

OEM differences: Samsung, Pixel, Xiaomi

While the underlying code is Android, the way Samsung, Google, and Xiaomi present privacy settings varies significantly. On Google Pixel devices (Android 14/15), the focus is on the "Security & privacy" hub. It is a unified page that uses a color-coded "safety check" to tell you if your settings are optimal. Pixel users also get "Private Space" in Android 15, which allows you to install apps in a separate, encrypted container. Apps inside Private Space have their own separate android camera permission settings, meaning you can allow your work-profile Zoom app to use the camera while keeping it strictly blocked for your personal-profile apps.

Samsung's One UI 6.1 and the upcoming One UI 7 take a more "hand-holding" approach. In the "Security and privacy" menu, Samsung includes a "Privacy" dashboard that is arguably more detailed than Google’s. They also offer "Auto Blocker," which prevents apps from taking control of administrative commands, indirectly protecting your camera. A unique Samsung feature is the "Secure Folder." If you move a camera app into the Secure Folder, its permissions are sandboxed. If you are a Samsung user, you should check Settings > Security and privacy > Permission manager specifically for "Sensors off," a "Developer Option" that Samsung makes easier to access, which kills the camera, mic, and accelerometer in one tap.

Xiaomi’s HyperOS (and older MIUI versions) is the most radical departure. Xiaomi includes a "Flare" feature within their privacy settings. When an app uses the camera, HyperOS doesn't just show a green dot; it can be configured to show a prominent notification that says exactly which app is active. Xiaomi also has a "Virtual ID" system to prevent apps from tracking your device ID when they request permissions. To manage your android camera permission on a Xiaomi device, I suggest using the "Security" app rather than the Settings menu; the "Privacy" tab inside the Security app is much more aggressive and provides a clearer "Risky permissions" list that highlights any app with 24/7 camera access.

Third-party camera apps to avoid

Not all apps requesting your android camera permission are created equal. The most dangerous category of apps I’ve encountered during testing are those that offer "Free Filters," "X-Ray Vision," or "Night Vision" capabilities. More often than not, these are simple wrappers for the standard camera API that exist solely to collect data or serve aggressive ads. If an app requires you to grant camera access before you can even see the main menu, delete it immediately. Legitimate apps, like Open Camera or Adobe Lightroom, will only ask for the permission when you actually trigger a photographic function.

Another area of concern is "QR Code Scanners." Since Android 13, a dedicated "QR Code Scanner" tile has been built directly into the Quick Settings of almost every phone. There is absolutely no reason to download a third-party app to scan a menu or a website link. Third-party scanners are notorious for requesting "Always Allow" camera permissions and then running in the background to track location via Wi-Fi scanning. If you have any app named "QR Scanner 2024" or similar, go to Settings > Apps and uninstall it. Use the built-in system scanner or the Google Lens shortcut instead; these are part of the system image and are much more strictly audited for privacy.

Lastly, be wary of "Beauty Cameras" from unknown developers. Many of these apps have been caught in the past sending images back to external servers for "processing" without user consent. If you want to use filters, stick to well-known developers or the native software provided by Samsung or Xiaomi. If you must use a third-party camera app for professional manual controls, I highly recommend "Open Camera" (available on F-Droid and Play Store). It is open-source, so its code is publicly auditable, and it respects the android camera permission protocols perfectly, never requesting access to your data or performing background activity.

Verifying the green indicator

Ever since Android 12, Google has mandated a visual "Privacy Indicator" that appears whenever the camera or microphone is active. This is a small green dot in the top-right corner of your screen (it may appear as a camera icon briefly before shrinking into a dot). This is handled by the SystemUI, meaning an app cannot hide it or paint over it. If you see that green dot and you aren't intentionally taking a photo, recording a video, or on a video call, your privacy is being compromised in real-time. You can swipe down on the notification shade while the dot is visible to see exactly which app is responsible.

To verify this is working on your device, simply open your stock camera app. 1. Look at the top-right corner for the green dot. 2. Swipe down from the top. 3. Tap the green icon in the notification tray. 4. Ensure it says "Being used by Camera." If you see a different app name there—for example, a "File Manager" or a "Battery Saver"—you have found a malicious process. In Android 14 and 15, the system has become even faster at displaying this indicator, reducing the lag between the camera turning on and the dot appearing to just a few milliseconds.

For those on Xiaomi HyperOS, the indicator might appear as a blue or green bubble on the left side of the status bar depending on your theme, but the function remains the same. Samsung users can actually tap the green dot to see a more detailed pop-up that allows them to "Close App" directly from the notification. This is an excellent shortcut. As we look toward Android 16 and beyond, we can expect Google to add even more context to these indicators, such as whether the camera feed is being stored locally or being streamed over the network. For now, staying vigilant about that little green dot is the most effective way to ensure your android camera permission is being respected. Staying informed and performing a bi-monthly audit of these settings will keep your personal data exactly where it belongs: in your control.