Normalised Behaviour & Gradual Boundary Erosion
The most effective manipulation does not feel like manipulation. It arrives in steps small enough that no single one triggers resistance.
The App That Grew
Two years ago, Sanjana downloaded a free fitness tracker. She gave it her name and allowed it to access her step count.
A month later: heart rate monitoring. Then sleep tracking. Then it asked for her location to log outdoor runs. Then location always-on. Then microphone, for voice-activated logging. Then contacts, to connect with friends. Then her camera, for meal photo tracking.
Each request came weeks apart. Each was framed as a feature improvement. Each seemed reasonable in context.
Two years later, the app had continuous access to her location, microphone, camera, contacts, sleep patterns, exercise data, and heart rate. It had sold anonymised health data to two insurance data brokers and one advertising network.
Sanjana had not consented to a surveillance package. She had consented to twelve individual features over two years. The result was the same.
What Is Actually Happening: The Boiling Frog Effect
68%
of users grant all permissions requested by an app they use regularly, regardless of what those permissions are.
Trust built through habitual use is the mechanism. The app earned that trust through the step-by-step approach.
Source: Privacy International App Permissions Study, 2025Familiarity Replaces Scrutiny
Regular use builds trust. Each permission that came after a period of ordinary use arrived inside an established relationship. The brain evaluates the request against the trusted source, not against the objective data access it enables.
Each Step Sets the New Normal
Once a permission is granted, it becomes the baseline. The next request is evaluated against the new baseline, not against the original starting point. Granting location-while-using makes always-on location feel like a small additional step. It is not.
Surveillance Becomes Invisible
Continuous location tracking, always-on microphones, and contact harvesting are now standard features of consumer apps. Normalisation means people stop noticing what they have already accepted. The absence of visible harm feels like the absence of harm.
Same Pattern, Different Context
Gradual boundary erosion is also the mechanism in coercive relationships, workplace harassment, and financial exploitation. Recognising the pattern - each step small, each step normalising the next - transfers across contexts.
Recognising Incremental Erosion
The difficulty with gradual change is that it is invisible at each step. The way to see it is to compare against the original baseline - not against the most recent step.
Useful questions:
- If this app had asked for all its current permissions on day one, would I have granted them?
- What am I now comfortable with that I would have refused 12 months ago?
- Which data-sharing behaviours do I no longer think about - and when did I stop thinking about them?
The goal is not to refuse every request. It is to make each decision deliberately rather than by default.
Try It: The Boiling Frog Timeline
A new app requests permissions month by month over 12 months. Each request looks reasonable. Decide at each step: allow or deny.
What That Just Showed You
1. The end state is not visible from any single step. Each permission request was framed as a feature. No single request seemed unreasonable. Together, they produce a comprehensive data collection profile that most people would refuse if asked for it all at once.
2. Trust built through use is systematically exploited. The longer you have used an app, the more likely you are to grant new permissions. This is not a coincidence - it is why the requests are spaced across months rather than asked upfront.
3. The correct evaluation unit is the total, not the marginal step. When deciding on a new permission, the right question is not "is this a reasonable addition to what I have already given?" - it is "is this permission something I want this company to have?"
Three Things Worth Doing
1. Do a quarterly permission audit. Open your phone settings and review what each app currently has access to. The question for each permission: "Is this active access necessary, or is it a past grant I never revisited?" Remove what is not actively needed.
2. Evaluate new permissions against the full data profile, not the marginal step. Before granting a new permission to an established app, list what it already has. Then ask: "Does this additional access feel appropriate given what they can already do with what I have given them?"
3. Apply the day-one test. For any permission request, ask: "If this app had asked for this on the day I downloaded it, would I have granted it?" If the answer is no, the only thing that has changed is normalisation - not the actual risk of the permission.
One Question Before You Continue
Sanjana ended up with an app that had comprehensive surveillance access, despite never intending to consent to surveillance. What made this possible?