'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
your device keeps prompting for new system permissions after an update and it feels wrong
Short answer
Pause and deny anything you don’t clearly recognise or need right now. Then use your device’s privacy settings to revoke sensitive permissions (camera, mic, location, contacts, photos/files) from any app that seems connected to the prompts.
Do not do these things
- Don’t keep tapping “Allow” just to make the prompts stop.
- Don’t install a random “permission manager”, “cleaner”, or “security” app to fix it.
- Don’t sign in to your bank, email, or password manager until you’ve stabilised what’s happening.
- Don’t click links from pop-ups or messages that claim your device is “infected” or needs “urgent verification”.
- Don’t factory reset in a panic until you’ve noted what you need to keep and you’ve tried safer containment steps first.
What to do now
-
Stop risky activity for a few minutes.
Put the device down briefly. Avoid logging in, paying, or entering passwords until you’ve reviewed what’s asking for access. -
Deny/close the prompt unless you are completely sure it’s expected.
If the prompt names an app you don’t recognise, choose Don’t allow. If it keeps returning, treat that as a signal to investigate, not to comply. -
Identify what is asking (this is the key step).
- iPhone/iPad: Settings → Privacy & Security and review which apps have access to Microphone, Camera, Location Services, Contacts, Photos, Bluetooth, Local Network. If available, turn on and review App Privacy Report.
- Android: Settings → Security & privacy (or Privacy) → Permission manager and check each sensitive permission type (camera, mic, location, contacts, files/photos) to see which apps currently have access.
-
Remove the highest-risk permissions first (containment).
For any app you don’t fully trust (or don’t use), set sensitive permissions to Don’t allow / Never / While using only (if available). Prioritise: Microphone, Camera, Location, Contacts, Photos/Files. -
Find the likely “trigger” app and disable it temporarily.
If the prompts appear when you open a particular app, force close it and turn off its notifications. If you can’t tie it to any one app, review recently installed and recently updated apps first. -
Update and remove apps safely.
Update apps only through the official app store. Uninstall anything you don’t recognise, don’t need, or that has a confusing “lookalike” name/icon. -
If you suspect compromise, secure your most important account from a different device.
Use a trusted computer/phone to change the password for your primary email (because email controls password resets). Turn on two-step verification if you can do it calmly. -
If money was taken or accounts were accessed, report it promptly.
- If you live in England, Wales, or Northern Ireland, report cyber crime and fraud to Report Fraud (the UK national reporting service).
- If you live in Scotland, contact Police Scotland on 101 (non-emergency) or use their online reporting options.
-
If this started with a suspicious message, report the message (without engaging with it).
- Emails: forward to report@phishing.gov.uk.
- Texts: forward the message to 7726 (free) to report it to your mobile provider.
If you clicked through to a website, you can also report scam websites to the UK’s national phishing reporting service.
What can wait
- You do not need to decide today whether this was “definitely malware” or “just a normal update”.
- You do not need to factory reset immediately unless you can’t regain control of permissions and behaviour.
- You do not need to contact every service you use—start with your primary email and any account that shows unusual activity.
- You do not need to diagnose the exact technical cause before you take simple containment steps (revoking permissions, removing suspicious apps).
Important reassurance
Feeling alarmed is reasonable: permission prompts are designed to interrupt you, and “permission fatigue” makes it easy to approve something you don’t really want. Denying first and reviewing access in settings is a safe, reversible way to regain control.
Scope note
These are first steps to stabilise the situation and prevent irreversible mistakes. If the behaviour continues after you revoke permissions and remove suspicious apps, you may need device-specific help (manufacturer support or a trusted repair shop) to check for deeper issues.
Important note
This is general information, not legal, financial, or technical professional advice. If you have strong reason to think your device or accounts were compromised, prioritise protecting your primary email, banking, and important accounts, and use official reporting and support channels.
Additional Resources
- https://support.apple.com/en-gb/102188
- https://support.apple.com/guide/iphone/control-access-to-information-in-apps-iph251e92810/ios
- https://support.google.com/android/answer/9431959?hl=en-GB
- https://support.google.com/googleplay/answer/2812853?hl=en-GB
- https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email
- https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-text-message
- https://www.reportfraud.police.uk/reporting-a-fraud/
- https://www.scotland.police.uk/advice/internet-safety/cybercrime/