Audit every app on your Android for dangerous permissions β via ADB, no root required. CLI + HTML report.
Stop wondering what your apps are doing behind your back. Android Permission Auditor scans every installed app and tells you exactly which dangerous permissions they've been granted β in seconds.
- π Scans all installed apps (third-party or all including system)
- π― Detects 30+ dangerous permissions (camera, microphone, location, SMS, etc.)
- π΄ Risk scoring β HIGH / MEDIUM / LOW per app
- π Beautiful HTML report with dark theme
- πΎ JSON export for scripting/automation
- ποΈ Filter by package name
- π± Multi-device support
- β‘ No root required β pure ADB
- Python 3.7+
- ADB (Android Platform Tools)
- USB Debugging enabled on your Android device
# Clone
git clone https://github.com/OutrageousStorm/android-permission-auditor
cd android-permission-auditor
# Connect your phone via USB, enable USB Debugging, then:
python audit.py
# Generate an HTML report too
python audit.py --html
# Include system apps
python audit.py --all --html
# Filter by a specific app
python audit.py --filter com.facebookπ Android Permission Auditor
Connected device: R3CN80XXXXX
Scanning 87 third-party apps
============================================================
AUDIT RESULTS β 2025-01-15 14:32
============================================================
π΄ HIGH β com.facebook.katana
ββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β’ π Precise GPS location
β’ ποΈ Use your microphone
β’ π· Use your camera
β’ π Read your contacts
β’ π¬ Read your SMS messages
β’ πΎ Read files/photos
π‘ MEDIUM β com.instagram.android
ββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β’ π Precise GPS location
β’ π· Use your camera
β’ ποΈ Use your microphone
| Permission | Risk |
|---|---|
ACCESS_FINE_LOCATION |
Precise GPS tracking |
RECORD_AUDIO |
Microphone access |
CAMERA |
Camera access |
READ_SMS |
Read all text messages |
SEND_SMS |
Send SMS (could cost money) |
READ_CONTACTS |
Access your contact list |
READ_CALL_LOG |
See all call history |
READ_PHONE_STATE |
Read IMEI & device identifiers |
ACCESS_BACKGROUND_LOCATION |
Track you even when app is closed |
PROCESS_OUTGOING_CALLS |
Intercept your calls |
| ... and 20+ more |
Run with --html to generate a beautiful dark-themed report you can open in any browser:
python audit.py --html --output my_audit.htmlusage: audit.py [-h] [--device DEVICE] [--all] [--filter FILTER]
[--html] [--output OUTPUT] [--json JSON]
Options:
--device, -d Target device serial (from adb devices)
--all, -a Include system apps
--filter, -f Filter packages by name substring
--html Generate HTML report
--output, -o HTML output filename (default: permission_audit.html)
--json, -j Save results as JSON
PRs welcome! Ideas:
- Watch mode (re-audit after installs)
- Permission diff between audits
- ADB over Wi-Fi support
- App store lookup integration
MIT β free to use, modify, and share.
Built with β€οΈ for Android privacy nerds. No data ever leaves your machine.