11 Practical Privacy Tips for Your Android Phone

Why: Two-factor authentication adds a second layer of security to your account, in this case requiring a one-time-use code alongside your password for you to log in from an unfamiliar device. This step in turn protects your account—in this case your Google account—if your password is leaked, breached, or hacked.

What to do: If you haven’t set up two-factor authentication for your Google account, you should. To enable it:

1. Head to the myaccount.google.com/security page on your phone, and then sign in to your Google account.
2. Select 2-Step Verification and sign in again.
3. Tap Try It Now and then follow the on-screen directions to approve the login and get backup codes.

Now your Google account is linked to your Android phone, and you’ll need to verify access with your phone if someone tries to log in to your account from somewhere else. You should also set up either an authentication app or a security key, as well.

Why: If you lose your phone, you don’t want a stranger going through its contents, whether that consists of sensitive emails from work, mobile banking apps, or personal messages and photos.

What to do: Determining which of the various options to use for unlocking your phone is a complicated decision and depends on your circumstances. Most people can use biometric locks (a fingerprint or face scan) to unlock their phones, but if you are in a circumstance where someone may try to unlock your phone with your fingerprint, or if you have sensitive data on your phone that you don’t want police to access, consider disabling that feature and using only a passcode. In 2019, a judge in Northern California ruled that law enforcement can’t force you to unlock your phone with your face or fingerprint, but that same year a judge in Illinois ruled the opposite. Until this issue is resolved, it’s best to stick with a passcode in light of these scenarios. Even without your phone, law enforcement can gain access to some information stored online through third parties, so be mindful of what you do with your data.

If you haven’t set a passcode on your phone, it’s time to set one up. Go to Settings > Security > Screen Lock.

Why: Every time you install an app, it asks for permissions to access hardware and system services such as the microphone, your location, the camera, and more, and it’s easy to mindlessly tap through these notifications. For example, some apps that don’t need location data to function still record it so that they can sell the data—alongside other information they collect about you—to marketing firms. From Android 11 on, the operating system automatically resets permissions for apps you haven’t used for a long time, but it’s still always good to perform the occasional audit to ensure that the permissions are set as you like them.

What to do: Go to Settings > Privacy > Permission Manager and read through each section to make sure no apps have access to services they don’t need. If you’re running Android 12 or above, you can also go to Settings > Privacy > Privacy Dashboard to see an overview of what things your apps have accessed recently. Location services rank among the most overreaching requests apps can make, but it’s worthwhile to check each permission type. Consider setting some apps to have access limited to “approximate location,” which means an app will know only the general area you’re in, not the exact place. This is a great option for increased privacy in something like a weather app, though you should still use exact location for navigation, as in a mapping app. While you’re here, take some time to delete apps you don’t use or need anymore.

Consider also disabling Google’s built-in location history, which keeps track of everywhere you go with your phone. You can turn it off under Settings > Privacy > Google location history.

Why: Both the operating system and the apps you download often receive updates containing security and privacy fixes. Enabling automatic updates ensures that those fixes happen without your needing to do anything.

What to do: To automatically keep apps up to date, open the Google Play Store app and tap Menu > Settings > Network preferences > Auto-update apps. The operating system is set to update automatically by default, so you don’t need to worry about that.

Why: If you lose your phone, enabling the Find My Device function gives you a chance to locate it. Even if you can’t retrieve the phone, the feature at least makes it easy for you to remotely wipe your private data from it.

What to do: Android has a way to both locate and remotely wipe a phone if you think it has fallen into the wrong hands. Open Settings > Security > Find My Device and make sure it’s toggled to On. Once the feature is enabled, you can track your phone or remotely wipe it from any browser on the Find My Device page.

Why: Notifications may contain information you don’t want someone peeking at over your shoulder or a stranger to find if you lose your phone, such as text message conversations or email subject lines.

What to do: To disable the potentially revealing text, go to Settings > Privacy > Notifications on the lock screen, and then choose Show sensitive content only when unlocked.

Why: Ad tracking is a method that companies use to serve you personalized ads, but such tailored campaigns based on marketing profiles can be off-putting. Both Google and individual apps gather a lot of data about you, and they can more easily track you between apps using a unique advertising ID. Some apps might then turn around and sell the information they gather, often without your realizing it. You can put a stop to some of this data sharing.

What to do: Head to Settings > Privacy > Ads and tap Delete advertising ID, and then tap again on the next page to confirm. You can disable ad personalization across your entire Google account on the ad settings page. We also suggest giving the DuckDuckGo App Tracking Protection feature a try, which blocks third-party trackers in every app, similar to (but more powerful than) Apple’s similar feature.

Why: Google gobbles up a ton of data about everything you do, some of which you might not be comfortable with the company storing.

What to do: It’s nearly impossible to stop Google’s data collection completely if you’re using a device running a Google operating system, but Google does provide some control over what it collects and how long it stores that data. All of these settings are tied to your Google account, not to your phone specifically, so going through and changing them offers the added benefit of making your entire account more private. Google collects so much information across different services, you’ll need to take a while to go through it all. You can use Google’s Privacy Checkup feature or go through each setting directly from your phone (by opening Settings > Privacy > Activity controls).

• Web and app activity: Google bundles a lot of data under this setting, including Maps data, Search history, and Assistant usage. When enabled, Google uses factors such as search history and location to serve you specific results or ads. When it’s disabled, you may notice less relevant results. If you don’t mind the data collection but dislike the retention, you can ask Google to delete the data every few months. If you use Google Assistant, you’ll also find the option to delete audio recordings here.
• Location history: Google keeps track of everywhere you go with your phone. The benefits of this feature include improved search results and Google’s ability to let you know when to leave for an event on your Google Calendar. But most people can disable location history entirely with little effect on how they use Google Maps or associated apps.
• YouTube search and watch history: YouTube tracks everything you watch and search for; if you don’t like this function, you can pause it. Other YouTube data, including comments and survey answers, is buried on the “Other Google activity” page.
• Google Photos settings: Google Photos doesn’t have a ton of privacy options, but you should at least enable the Remove geolocation in items shared by link option, which strips location information from your photos.
• Ad settings: If you’re not a fan of personalized ads on Google’s services, you can disable them.
• Everything else: Tucked away inside the “Other Google activity” page is a collection of nearly every bit of data you’ve provided through Google’s various platforms. Some items to consider deleting or looking through include Place answers, news preferences, and product survey responses. You may also want to delete data such as product price tracking, interests and notifications, and YouTube survey answers.

Why: You’ve long been able to grant or deny access to the camera or microphone on Android per app, but sometimes it’s nice to know exactly when they’re being used or to temporarily restrict access in general.

What to do: Pull down the Quick Settings menu to find the option to block the camera and mic. This is useful if you don’t want to futz around with the mute or camera buttons in different software, or if you’d just like some peace of mind when you need to step away from a call.

Why: When an app accesses your phone’s clipboard, it might snag anything there, such as a website URL, a photo, a note, or even a password. If you’re worried about this possibility, you can set up an alert to see when an app accesses your clipboard.

What to do: Head to Settings > Privacy and make sure Show clipboard access is enabled. Afterward you’ll see a message whenever an app accesses your clipboard, though you can’t block or change the app’s behavior.

Why: Some messages in Google’s Messages have end-to-end encryption, a feature that ensures that only you and the recipient can view the contents of a message. End-to-end encryption is available only on conversations you’re having with someone else who is using the Messages app. You can tell that a chat is end-to-end encrypted when the banner above a message and the send icon both have a lock icon. This feature works only on the dark-blue RCS messages, as encryption is not available for SMS messages, which include any conversations you have with iPhone users.

What to do: Your phone likely already has this feature enabled, but you can double-check. Open the Messages app, tap the three-dot icon > Settings > Chat features, and then confirm that the toggle is enabled. You might also consider using an alternative, encrypted-messaging app that works across platforms, such as Signal or WhatsApp.