GitHub Apps don't have any permissions by default. When you create a GitHub App, you can select the permissions it needs to access end user data. Permissions can also be added and removed. For more information, see "Editing a GitHub App's permissions."
Setting permissions for GitHub Apps
When you create a GitHub App, you set the permissions that define the resources the app can access via the REST API.