11 Practical Privacy Tips for Your Android

Phone
By Thorin Klosowski
Updated November 17, 2022

Save

Illustration: Sarah MacReading

FYI
We’ve added information about DuckDuckGo’s App Tracking
Protection feature to the disabling personalized ads section for
those who want to block trackers.
November 2022
Your Android phone likely includes records of everywhere you go alongside most, if
not all, of your digital communication and internet search history. Although it’s
impossible to have perfect privacy on any smartphone, there are plenty of settings
you can adjust to minimize the amount of data that companies collect about you.
Being privacy aware on an operating system run by Google—a company that makes
money in part by mining data about its users—might seem like a silly endeavor, but
the Android OS provides you with tools to control some of your data. Although you’ll
never be totally off the grid from your cell provider, and it’s nearly impossible to
 block everything that tracks you across every platform, it is possible to at least
approach your smartphone’s privacy settings practically. Some of these settings come
at the cost of convenience, so consider the trade-offs before you disable (or enable)
the items we detail below. (These settings will vary depending on which version of
Android you have and which phone you have.)
If you have a phone running Android 13, many of these suggestions are also available
under Settings > Security, where you’ll find a dashboard recommending
improvements you can make to your phone’s security. This is a great place to start if
you don’t want to spend a lot of time messing with options.

The research

 Enable two-factor authentication

 Set a strong passcode (and consider disabling fingerprint or face
login)
 Audit app permissions
 Enable automatic updates
 Enable Find My Device
 Keep sensitive notifications off the lock screen
 Disable personalized ads
 Give your Google account a privacy check-up
 Quickly block access to the camera or mic
 Keep an eye on your clipboard
 Use end-to-end encryption in Messages
Sign up for our newsletter
Get Wirecutter’s independent reviews, expert advice, and intensively
researched deals sent straight to your inbox.

For information about our privacy practices, including how to opt out
of marketing emails, see our Privacy Policy. For general
questions, contact us anytime.
Enable two-factor authentication
Why: Two-factor authentication adds a second layer of security to your account, in
this case requiring a one-time-use code alongside your password for you to log in
from an unfamiliar device. This step in turn protects your account—in this case your
Google account—if your password is leaked, breached, or hacked.

What to do: If you haven’t set up two-factor authentication for your Google account,
you should. To enable it:

1. Head to the myaccount.google.com/security page on your phone, and then sign

in to your Google account.
2. Select 2-Step Verification and sign in again.
3. Tap Try It Now and then follow the on-screen directions to approve the login
and get backup codes.
Now your Google account is linked to your Android phone, and you’ll need to verify
access with your phone if someone tries to log in to your account from somewhere
else. You should also set up either an authentication app or a security key, as well.

Set a strong passcode (and consider disabling fingerprint or

face login)
Why: If you lose your phone, you don’t want a stranger going through its contents,
whether that consists of sensitive emails from work, mobile banking apps, or personal
messages and photos.

What to do: Determining which of the various options to use for unlocking your
phone is a complicated decision and depends on your circumstances. Most people can
use biometric locks (a fingerprint or face scan) to unlock their phones, but if you are
in a circumstance where someone may try to unlock your phone with your
fingerprint, or if you have sensitive data on your phone that you don’t want police to
access, consider disabling that feature and using only a passcode. In 2019, a judge in
Northern California ruled that law enforcement can’t force you to unlock your phone
with your face or fingerprint, but that same year a judge in Illinois ruled the opposite.
Until this issue is resolved, it’s best to stick with a passcode in light of these scenarios.
Even without your phone, law enforcement can gain access to some
information stored online through third parties, so be mindful of what you do with
your data.

If you haven’t set a passcode on your phone, it’s time to set one up. Go to Settings >
Security > Screen Lock.

Audit app permissions

Why: Every time you install an app, it asks for permissions to access hardware and
system services such as the microphone, your location, the camera, and more, and it’s
easy to mindlessly tap through these notifications. For example, some apps that don’t
need location data to function still record it so that they can sell the data—alongside
other information they collect about you—to marketing firms. From Android 11 on,
the operating system automatically resets permissions for apps you haven’t used for a
long time, but it’s still always good to perform the occasional audit to ensure that the
permissions are set as you like them.

What to do: Go to Settings > Privacy > Permission Manager and read
through each section to make sure no apps have access to services they don’t need. If
you’re running Android 12 or above, you can also go to Settings > Privacy >
Privacy Dashboard to see an overview of what things your apps have accessed
recently. Location services rank among the most overreaching requests apps can
make, but it’s worthwhile to check each permission type. Consider setting some apps
to have access limited to “approximate location,” which means an app will know only
the general area you’re in, not the exact place. This is a great option for increased
privacy in something like a weather app, though you should still use exact location for
navigation, as in a mapping app. While you’re here, take some time to delete apps you
don’t use or need anymore.

Consider also disabling Google’s built-in location history, which keeps track of
everywhere you go with your phone. You can turn it off under Settings > Privacy
> Google location history.

Enable automatic updates

Why: Both the operating system and the apps you download often receive updates
containing security and privacy fixes. Enabling automatic updates ensures that those
fixes happen without your needing to do anything.

What to do: To automatically keep apps up to date, open the Google Play Store app
and tap Menu > Settings > Network preferences > Auto-update apps. The
operating system is set to update automatically by default, so you don’t need to worry
about that.

Enable Find My Device

Why: If you lose your phone, enabling the Find My Device function gives you a
chance to locate it. Even if you can’t retrieve the phone, the feature at least makes it
easy for you to remotely wipe your private data from it.

What to do: Android has a way to both locate and remotely wipe a phone if you
think it has fallen into the wrong hands. Open Settings > Security > Find My
Device and make sure it’s toggled to On. Once the feature is enabled, you can track
your phone or remotely wipe it from any browser on the Find My Device page.

Keep sensitive notifications off the lock screen

Why: Notifications may contain information you don’t want someone peeking at
over your shoulder or a stranger to find if you lose your phone, such as text message
conversations or email subject lines.

What to do: To disable the potentially revealing text, go to Settings > Privacy >
Notifications on the lock screen, and then choose Show sensitive content
only when unlocked.

Disable personalized ads

Why: Ad tracking is a method that companies use to serve you personalized ads, but
such tailored campaigns based on marketing profiles can be off-putting. Both Google
and individual apps gather a lot of data about you, and they can more easily track you
between apps using a unique advertising ID. Some apps might then turn around and
sell the information they gather, often without your realizing it. You can put a stop to
some of this data sharing.

What to do: Head to Settings > Privacy > Ads and tap Delete advertising
ID, and then tap again on the next page to confirm. You can disable ad
personalization across your entire Google account on the ad settings page. We also
suggest giving the DuckDuckGo App Tracking Protection feature a try, which blocks
third-party trackers in every app, similar to (but more powerful than) Apple’s similar
feature.

Give your Google account a privacy check-up

Why: Google gobbles up a ton of data about everything you do, some of which you
might not be comfortable with the company storing.

What to do: It’s nearly impossible to stop Google’s data collection completely if
you’re using a device running a Google operating system, but Google does provide
some control over what it collects and how long it stores that data. All of these
settings are tied to your Google account, not to your phone specifically, so going
through and changing them offers the added benefit of making your entire account
more private. Google collects so much information across different services, you’ll
need to take a while to go through it all. You can use Google’s Privacy Checkup
feature or go through each setting directly from your phone (by opening Settings >
Privacy > Activity controls).

 Web and app activity: Google bundles a lot of data under this setting, including
Maps data, Search history, and Assistant usage. When enabled, Google uses
factors such as search history and location to serve you specific results or ads.
When it’s disabled, you may notice less relevant results. If you don’t mind the data
collection but dislike the retention, you can ask Google to delete the data every few
months. If you use Google Assistant, you’ll also find the option to delete audio
recordings here.
 Location history: Google keeps track of everywhere you go with your phone. The
benefits of this feature include improved search results and Google’s ability to let
you know when to leave for an event on your Google Calendar. But most people can
disable location history entirely with little effect on how they use Google Maps or
associated apps.
 YouTube search and watch history: YouTube tracks everything you watch and
search for; if you don’t like this function, you can pause it. Other YouTube data,
including comments and survey answers, is buried on the “Other Google activity”
page.
 Google Photos settings: Google Photos doesn’t have a ton of privacy options, but
you should at least enable the Remove geolocation in items shared by
link option, which strips location information from your photos.
 Ad settings: If you’re not a fan of personalized ads on Google’s services, you can
disable them.
 Everything else: Tucked away inside the “Other Google activity” page is a collection
of nearly every bit of data you’ve provided through Google’s various platforms.
Some items to consider deleting or looking through include Place answers, news
preferences, and product survey responses. You may also want to delete data such
as product price tracking, interests and notifications, and YouTube survey answers.

Quickly block access to the camera or mic

Why: You’ve long been able to grant or deny access to the camera or microphone on
Android per app, but sometimes it’s nice to know exactly when they’re being used or
to temporarily restrict access in general.

What to do: Pull down the Quick Settings menu to find the option to block the
camera and mic. This is useful if you don’t want to futz around with the mute or
camera buttons in different software, or if you’d just like some peace of mind when
you need to step away from a call.

Keep an eye on your clipboard

Why: When an app accesses your phone’s clipboard, it might snag anything there,
such as a website URL, a photo, a note, or even a password. If you’re worried about
this possibility, you can set up an alert to see when an app accesses your clipboard.

What to do: Head to Settings > Privacy and make sure Show clipboard
access is enabled. Afterward you’ll see a message whenever an app accesses your
clipboard, though you can’t block or change the app’s behavior.

Use end-to-end encryption in Messages

Why: Some messages in Google’s Messages have end-to-end encryption, a feature
that ensures that only you and the recipient can view the contents of a message. End-
to-end encryption is available only on conversations you’re having with someone else
who is using the Messages app. You can tell that a chat is end-to-end encrypted when
the banner above a message and the send icon both have a lock icon. This feature
works only on the dark-blue RCS messages, as encryption is not available for SMS
messages, which include any conversations you have with iPhone users.

What to do: Your phone likely already has this feature enabled, but you can double-
check. Open the Messages app, tap the three-dot icon > Settings > Chat features,
and then confirm that the toggle is enabled. You might also consider using an
alternative, encrypted-messaging app that works across platforms, such
as Signal or WhatsApp.