Android has grown over the last decade to become the most popular computing platform on Earth, and it’s an open source project. However, the version of Android you get on most smartphones is bundled with proprietary components, some of which plug into advertising services. It can seem intimidating, but you can gain some semblance of mobile privacy with a few quick tweaks.
A Simpler Approach
If you had unlimited time and some familiarity with the Android platform, you could go to extremes like rooting to disable system components, flashing custom ROMs, or even building your own privacy-focused ROM. For most people, that’s not feasible. Not only are such activities incredibly complex, but they also make your phone less useful.
The fact of the matter is, most Android users want access to the Play Store, Google apps, and high-security apps (e.g. banking) that rely on Google’s TrustZone system. However, you can make some simple but not always obvious changes to Android phones to preserve your privacy.
One of Google’s motivations in making Android freely available is that it can gather more data about your habits and target ads. You can opt out of this feature rather easily right from your phone. Go to Settings > Google > Ads, and activate the “Opt out of Ads Personalization” toggle.
This turns off the unique advertising ID that Google and Play Store apps use to track you. You will still see ads, but they’ll be generic.
A new phone will become a treasure trove of personal data very quickly, so you should take a few basic steps to make sure it keeps your data secure. Always make sure you configure a secure lock screen, ideally with a strong password. Android phones with fingerprint sensors won’t force you to type that in every time, but it ensures no one will be able to brute force your phone. You can also turn off lock screen notification snippets to make sure your messages aren’t revealed. Likewise, make sure Smart Lock (automatic phone unlocking based on connected devices, locations, and so on) is disabled unless you are extremely confident in your other security practices.
Browsers and Search
Even shutting off Google’s advertising ID won’t shield you from some of the more nefarious aspects of the modern internet. Cookies can follow you around and help advertisers piece together your internet activity, and the things you search for remain in your Google account unless you take steps to prevent that.
Consider using a privacy-oriented browser like Firefox Focus instead of the stock browser on your device. It blocks trackers and won’t save your browsing history. For search, you can use something like DuckDuckGo. If you prefer Google’s search, you can turn off web history in the “Activity history” settings (see below).
Introduced several years ago, Android’s app permission model lets you block apps from accessing certain system features. When apps open for the first time, many of them will ask for permissions (storage, camera, microphone, location, and so on). You can deny them at that time, but some apps might refuse to start if you deny necessary permissions.
Android also makes permissions accessible in the app settings (under the main system settings). Each app info page includes toggles for all its permissions. So, you can turn off Facebook’s location tracking even if you accidentally allowed it in the past. There are also apps like Bouncer that clear permissions after each app use.
Almost everything you do on your Android phone ends up in your Google activity log, which can be handy for troubleshooting. It includes websites you visit, apps you open, and all the voice commands issued to your phone. If that makes you a bit uncomfortable, it’s another easy fix.
This feature is a bit more buried than other Google controls. You’ll find it in Settings > Google > Google Account > Data & personalization. Here, Google provides granular controls for which aspects of your usage show up in the log. The most pertinent to your mobile usage are “Device information,” “Web & app activity,” and “Voice & audio activity.” There are a few more controls here, including another place to turn off Location History.
One of the best ways to preserve your online privacy is to run your traffic through a VPN that you trust, and Android has system-level support for VPNs. A VPN routes all your traffic through an encrypted connection before it hits the open internet. That means the VPN sees all your traffic, so it’s important to go with a reputable company.
Some popular VPN options include NordVPN and PIA, both of which cost a few bucks per month. You should never use a free VPN since they’re probably just selling your data. Install the app of your choice, allow it system access to create a VPN, and you’re all set. VPNs don’t protect you from top to bottom, so don’t neglect the above steps just because you’re using one.