diff --git a/core/server/services/apps/loader.js b/core/server/services/apps/loader.js
index 68bb10d540..144ef800ab 100644
--- a/core/server/services/apps/loader.js
+++ b/core/server/services/apps/loader.js
@@ -5,7 +5,6 @@ const config = require('../../config');
 const common = require('../../lib/common');
 const AppProxy = require('./proxy');
 const Sandbox = require('./sandbox');
-const AppPermissions = require('./permissions');
 
 // Get the full path to an app by name
 function getAppAbsolutePath(name) {
@@ -29,13 +28,11 @@ function loadApp(appPath) {
     return Sandbox.loadApp(appPath);
 }
 
-function getAppByName(name, permissions) {
+function getAppByName(name) {
     // Grab the app class to instantiate
     const AppClass = loadApp(getAppRelativePath(name));
     const proxy = new AppProxy({
-        name,
-        permissions,
-        internal: true
+        name
     });
 
     // Check for an actual class, otherwise just use whatever was returned
@@ -50,19 +47,15 @@ function getAppByName(name, permissions) {
 module.exports = {
     // Activate a app and return it
     activateAppByName: function (name) {
-        const perms = new AppPermissions(getAppAbsolutePath(name));
+        const {app, proxy} = getAppByName(name);
 
-        return perms.read().then(function (appPerms) {
-            const {app, proxy} = getAppByName(name, appPerms);
+        // Check for an activate() method on the app.
+        if (!_.isFunction(app.activate)) {
+            return Promise.reject(new Error(common.i18n.t('errors.apps.noActivateMethodLoadingApp.error', {name: name})));
+        }
 
-            // Check for an activate() method on the app.
-            if (!_.isFunction(app.activate)) {
-                return Promise.reject(new Error(common.i18n.t('errors.apps.noActivateMethodLoadingApp.error', {name: name})));
-            }
-
-            // Wrapping the activate() with a when because it's possible
-            // to not return a promise from it.
-            return Promise.resolve(app.activate(proxy)).return(app);
-        });
+        // Wrapping the activate() with a when because it's possible
+        // to not return a promise from it.
+        return Promise.resolve(app.activate(proxy)).return(app);
     }
 };
diff --git a/core/server/services/apps/permissions.js b/core/server/services/apps/permissions.js
deleted file mode 100644
index b299616726..0000000000
--- a/core/server/services/apps/permissions.js
+++ /dev/null
@@ -1,56 +0,0 @@
-const fs = require('fs-extra');
-const Promise = require('bluebird');
-const path = require('path');
-const packageJSON = require('../../lib/fs/package-json');
-
-function AppPermissions(appPath) {
-    this.appPath = appPath;
-    this.packagePath = path.join(this.appPath, 'package.json');
-}
-
-AppPermissions.prototype.read = function () {
-    var self = this;
-
-    return this.checkPackageContentsExists().then(function (exists) {
-        if (!exists) {
-            // If no package.json, return default permissions
-            return Promise.resolve(AppPermissions.DefaultPermissions);
-        }
-
-        // Read and parse the package.json
-        return self.getPackageContents().then(function (parsed) {
-            // If no permissions in the package.json then return the default permissions.
-            if (!(parsed.ghost && parsed.ghost.permissions)) {
-                return Promise.resolve(AppPermissions.DefaultPermissions);
-            }
-
-            // TODO: Validation on permissions object?
-
-            return Promise.resolve(parsed.ghost.permissions);
-        });
-    });
-};
-
-AppPermissions.prototype.checkPackageContentsExists = function () {
-    var self = this;
-
-    // Mostly just broken out for stubbing in unit tests
-    return new Promise(function (resolve) {
-        fs.stat(self.packagePath, function (err) {
-            var exists = !err;
-            resolve(exists);
-        });
-    });
-};
-
-// Get the contents of the package.json in the appPath root
-AppPermissions.prototype.getPackageContents = function () {
-    return packageJSON.parse(this.packagePath);
-};
-
-// Default permissions for an App.
-AppPermissions.DefaultPermissions = {
-    posts: ['browse', 'read']
-};
-
-module.exports = AppPermissions;
diff --git a/core/server/services/apps/proxy.js b/core/server/services/apps/proxy.js
index 409e6e6775..f5de644d3c 100644
--- a/core/server/services/apps/proxy.js
+++ b/core/server/services/apps/proxy.js
@@ -79,10 +79,6 @@ function AppProxy(options) {
         throw new Error(common.i18n.t('errors.apps.mustProvideAppName.error'));
     }
 
-    if (!options.permissions) {
-        throw new Error(common.i18n.t('errors.apps.mustProvideAppPermissions.error'));
-    }
-
     _.extend(this, generateProxyFunctions(options.name));
 }