First, delete the apps you do not need — legacy utility apps, performance-boosting apps, and duplicate apps. Most utility tools like a calculator, converter, weather, clock, calendar, torch, notepad, nearby share, translator, compass, scanner, app locker, and screen recorder are pre-installed on most modern Android phones. Basic apps — alongside finance apps and VPNs — are the prime target for scammers and shady developers since users commonly search for them on the Play Store (via Wired).
Naturally, things like a calculator app don’t need access to call logs, microphone, calendar, location, or files. Go to the permission manager to monitor what each app is allowed to do, and uninstall or restrict any apps with suspicious permissions.
Google has thwarted these apps to a great extent with the fragmented, sandboxed approach to app permissions (via Google). Apps are walled off from system resources by default until the user grants the requested permissions. If you install a fake app, it’ll request as much access as possible, which is generally a sign of suspicion.
Some can request elevated system privileges called special app access that grants them control over Wi-Fi, SMS, usage, notifications, battery, device administration, and more. They can even modify system settings and install apps with the proper permissions.
Certain legitimate apps need these elevated permissions to work, but malware with special accessibility can display pop-up ads everywhere that can’t be disabled, lock you out of the app uninstaller, and crash and slow down your device. Be wary and grant app permissions with caution.