Your smartphone spends 24 hours a day with you. It knows where you sleep, where you work, who you call, what you search for, and — in all likelihood — which stores you walk past and how long you lingered there. The data it generates is extraordinarily detailed, and most of it flows to parties you’ve never consciously chosen to share with.
The good news: tightening up phone privacy takes about 30 minutes, and the settings that matter are not buried as deep as they used to be. Here’s what to address and in what order.
What Your Phone Is Actually Tracking
Modern smartphones log far more than most people realize:
Precise location history. Both iOS and Android maintain a record of everywhere you’ve been. On iPhone this is called “Significant Locations.” On Android, Google Timeline does the same. These logs often go back years and are accurate to within a few feet.
App-level location access. Every app with location permission can request your coordinates independently. Dozens of apps — weather, delivery, retail, games — hold location permission on the average phone, many of which have no functional need for it beyond their advertising value.
Your contacts and calendar. Apps routinely request access to your contact list — not to serve you, but because your social graph is extraordinarily valuable to advertisers. Your calendar tells a story about your professional life, health appointments, travel, and relationships.
Microphone and camera access. While persistent audio monitoring by apps is largely a myth (it’s expensive and battery-draining), apps that hold microphone permission can access it whenever they’re active in the foreground — or, on some platforms, in the background.
Advertising identifiers. Both Apple (IDFA) and Google (GAID) assign your phone a persistent advertising ID that follows you across apps and websites, allowing ad networks to build a behavioral profile without ever knowing your name.
App usage patterns. Your phone logs which apps you open, how long you use them, and in what order. This “digital behavior” data is valuable on its own and is frequently sold by both operating systems and app developers.
Who Sees It?
This data flows in several directions at once:
- Your carrier can see which cell towers you ping, which reveals your location even without GPS. Most carriers sell aggregated (and sometimes individual) location data.
- App developers receive whatever permissions you’ve granted, plus whatever their SDKs collect independently.
- Ad networks embedded in apps receive data even from apps you’re not actively using. The average app embeds 6-10 third-party SDKs.
- Operating system vendors (Apple and Google) collect significant telemetry, though Apple’s privacy model is meaningfully better than Google’s.
- Data brokers aggregate all of the above and sell profiles to employers, insurers, political campaigns, landlords, and anyone else willing to pay.
The Settings That Actually Matter
1. Audit Location Permissions
This is the single highest-impact change you can make.
On iPhone: Settings → Privacy & Security → Location Services
Set every app to “Never” or “While Using” — almost no app needs “Always On” location access. Review the list of apps with “Always” permission and revoke it from anything that isn’t navigation or a wearable device sync.
Also disable: Settings → Privacy & Security → Location Services → System Services → “Significant Locations.”
On Android: Settings → Apps → [App Name] → Permissions → Location
Switch apps from “Allow all the time” to “Only while using the app” or “Don’t allow.” Pay particular attention to Google’s own apps — Maps, Assistant, Chrome — which request persistent access.
2. Reset or Limit Your Advertising ID
On iPhone (iOS 14.5+): Settings → Privacy & Security → Tracking
Disable “Allow Apps to Request to Track.” This prevents apps from asking for your IDFA entirely. Apple prompts users individually, but this global toggle blocks all requests.
On Android: Settings → Privacy → Ads → “Delete advertising ID”
On Android 12 and later, you can delete your advertising ID entirely. This breaks cross-app tracking more effectively than simply opting out.
3. Review App Permissions Systematically
Settings → Privacy (iPhone) or Settings → Apps (Android) let you see which apps hold each type of permission. Work through:
- Microphone: Revoke from anything that isn’t a voice, video, or dictation app
- Camera: Revoke from anything that isn’t a camera or video app
- Contacts: Revoke from every app that doesn’t have a genuine functional need
- Calendars: Revoke broadly — almost no app needs calendar access
- Health data: Revoke from anything other than dedicated health apps
4. Disable Personalized Advertising at the OS Level
On iPhone: Settings → Privacy & Security → Apple Advertising → “Personalized Ads” → Off
On Android / Google account: myaccount.google.com → Data & Privacy → My Ad Center → “Personalized ads” → Off
This doesn’t stop tracking, but it removes one signal from the ad targeting pipeline.
5. Turn Off “Improve” Features That Upload Your Data
Both platforms include diagnostic and improvement features that regularly upload data to their servers.
On iPhone: Settings → Privacy & Security → Analytics & Improvements → disable all toggles
On Android: Settings → System → Advanced → Usage & Diagnostics → Off
6. Use a Privacy-Focused DNS
Your phone sends a DNS query (a lookup that translates website names into addresses) every time you connect to a new site. By default, this goes to your carrier or ISP and is logged. Switching to an encrypted, privacy-respecting DNS server prevents that logging.
- NextDNS — configurable filtering and logging, free tier available
- 1.1.1.1 by Cloudflare — fast, no query logging, simple setup
On both iPhone and Android, you can set a system-wide DNS under network settings or use the provider’s app.
A Note on iPhone vs. Android
For privacy, iPhone has genuine structural advantages: the App Tracking Transparency framework, on-device processing for Siri and photos, and more consistent enforcement of permission boundaries. iPhone is the better choice if privacy is a meaningful factor in your purchasing decision.
Android (particularly when paired with a Google account) is a more permissive advertising platform by design. That said, the Android privacy settings above materially reduce exposure — and privacy-focused Android builds like GrapheneOS exist for users who want maximum control.
What to Do Next
Privacy settings erode over time as apps update and request new permissions. Set a reminder to do a permission audit every six months — it takes about ten minutes once you’ve done it the first time.
If you’d like a hands-on privacy audit that covers your phone, computer, accounts, and network — schedule a free consultation. We’ll identify your actual exposure and walk you through every change worth making.