THE PRIVACY AUTHORITY
Cover image for guide: Best Privacy Settings for Android
Guide12 min read

Best Privacy Settings for Android

Android phones are Google's biggest data pipeline. Here's how to tighten every setting without breaking anything.

By The Privacy Authority

The Reality

Android is made by Google. It's an operating system built by an advertising company. That doesn't mean you can't use it privately, but it does mean the defaults are configured to enable broad data collection. Every toggle that's on by default is on for Google's benefit, not yours.

This guide goes through every setting worth changing. Most of these work on stock Android, Samsung, and Pixel devices. Menu names might be slightly different on your phone, but the options are the same.

Google Account Settings

Before touching your phone settings, lock down your Google account. This is where the most invasive tracking lives.

Open Settings > Google > Manage your Google Account > Data & Privacy and turn off:

  • Web & App Activity: Tracks every Google search, Maps lookup, Assistant command, and website you visit through Chrome. Turn it off. Tap "Delete activity" and select "All time."
  • Location History (Timeline): Records everywhere your phone goes with GPS precision. Turn it off and delete all history.
  • YouTube History: Logs every video you watch and search for. Turn it off.
  • Ad Personalization: Builds an advertising profile from everything above. Turn it off.

This is the same stuff from our Google tracking guide, but it's worth repeating because it's the single highest-impact change.

Permissions Audit

Settings > Privacy > Permission Manager

Go through each permission category:

  • Location: Set everything to "Allow only while using the app" or "Deny." The only apps that legitimately need "Allow all the time" are navigation apps running in the background. That weather widget? "While using" is fine.
  • Camera & Microphone: Only messaging, video calling, and camera apps. Revoke everything else.
  • Contacts: Messaging apps and your phone dialer. That's it.
  • Phone: Some apps request this to read your phone number or call state. Most don't need it.
  • Files and Media: Only file managers, photo editors, and media players. If a game wants access to your files, that's a red flag.
  • Nearby Devices: Used for Bluetooth and local connections. Deny for anything that doesn't connect to hardware.
  • Body Sensors: Only fitness apps.

Pro tip: On Android 12+, go to Settings > Privacy > Privacy Dashboard. This shows a timeline of which apps accessed your camera, microphone, and location in the last 24 hours. Check it occasionally. You'll catch apps misbehaving.

Advertising ID

Settings > Privacy > Ads

  • Tap "Delete advertising ID." This removes the unique identifier that apps use to track you across different services and build advertising profiles.
  • On older Android versions, this might say "Opt out of Ads Personalization" and "Reset advertising ID." Do both.

Location Settings

Settings > Location

  • Turn off Wi-Fi scanning and Bluetooth scanning (under "Location services" or "Improve accuracy"). These let Google and apps scan for nearby Wi-Fi networks and Bluetooth beacons to determine your location even when Wi-Fi and Bluetooth are "off." Most people don't know this exists.
  • Turn off Google Location Accuracy (also called "Improve location accuracy"). This sends Wi-Fi, cell tower, and sensor data to Google. Your GPS still works without it.
  • Review Recent location requests to see which apps are actively using your location.

Network and Connectivity

Settings > Network & Internet

  • Private DNS: Set to a privacy-respecting DNS provider. Tap "Private DNS provider hostname" and enter dns.quad9.net or one.one.one.one. This encrypts your DNS queries so your ISP can't see which websites you visit.
  • VPN: If you use a VPN, turn on "Always-on VPN" and "Block connections without VPN" (kill switch). Check our VPN comparison for recommendations.

Wi-Fi settings:

  • Make sure "Randomized MAC" is enabled for each network you connect to. This prevents Wi-Fi networks from tracking your device's hardware address across visits.
  • Turn off "Wi-Fi auto-connect" for open networks. Your phone shouldn't auto-join random coffee shop Wi-Fi.

Google Chrome (or Why You Should Switch)

Chrome on Android sends a lot of data back to Google. If you must use it:

Chrome > Settings > Privacy and Security:

  • Turn off "Help improve Chrome" (sends usage data)
  • Turn off "Make searches and browsing better" (sends URLs in real-time)
  • Turn off "Access payment methods" (shares with websites)
  • Block third-party cookies
  • Turn on "Send a 'Do Not Track' request"
  • Turn on "Always use secure connections" (forces HTTPS)

Better option: Switch to Firefox or Brave. Unlike iOS, Android lets you use actual different browser engines. Firefox with uBlock Origin is the one of the strongest privacy setups on mobile. Check our browser comparison.

Samsung-Specific Settings

If you're on a Samsung phone, there's extra tracking to disable:

  • Settings > Privacy > Customization Service: Turn this off. Samsung tracks your app usage, contacts, and Calendar to "personalize" their apps. It's Samsung's version of what Google does.
  • Settings > Privacy > Samsung Analytics: Turn off sending diagnostic data.
  • Galaxy Store > Menu > Settings: Turn off "Personalized recommendations."

Lock Screen and Security

Settings > Security

  • Use a PIN of at least 6 digits or an alphanumeric password. Avoid pattern locks (they're easy to shoulder-surf and leave smudge traces).
  • Turn on biometric unlock (fingerprint or face) for convenience, but know that a PIN/password is legally stronger. In many jurisdictions, you can be compelled to provide biometrics but not passwords.
  • Set auto-lock to 30 seconds or 1 minute.

Settings > Lock Screen

  • Set notifications to "Hide content" or "Show alerting notifications only." This prevents your messages from being readable when your phone is on a table.
  • Turn off lock screen widgets and shortcuts that show personal info.

App Installation

Settings > Apps > Special Access > Install Unknown Apps

  • Make sure no app has permission to install from unknown sources (unless you specifically need it for F-Droid or similar). This prevents apps from silently installing other apps.

Google Play Store

  • Settings > General > App install optimization: Turn this off. It shares data with Google about your app installations.
  • Play Protect: Keep this on. It scans for malware. This is one Google feature that's genuinely worth having.

Notifications

  • For sensitive apps (banking, messaging, health), go to Settings > Notifications > App and turn off lock screen previews. Set to "Show silently" or "Alerting" without content.

Analytics and Diagnostics

Settings > Privacy > Usage & Diagnostics

  • Turn this off. It sends detailed device usage data to Google.

Settings > Google > Ads

  • We covered this above, but double-check it's done.

The Nuclear Options

If you want to go further:

  • Use F-Droid instead of the Play Store for open-source apps. No tracking, no Google account needed.
  • Install a custom ROM like GrapheneOS (Pixel phones only) or LineageOS. These strip out Google entirely. GrapheneOS in particular is considered widely regarded as one of the most secure Android distributions.
  • Use Shelter or Island to create a work profile that isolates apps from your personal data. Run social media apps in the work profile so they can't access your contacts, photos, or main account.
  • Disable Google Play Services entirely if you're comfortable troubleshooting. This breaks some apps (notifications, Google Pay, some login systems) but eliminates Google's deepest integration point.

What You Can't Fully Escape

Even with perfect settings:

  • Your mobile carrier tracks your location through cell towers. There's no way around this while your phone has service.
  • Google Play Services runs in the background and communicates with Google periodically even with most settings off.
  • Many apps include Google's Firebase SDK, which sends analytics regardless of your phone settings. An ad blocker or Pi-hole can help here.
  • Your phone's IMEI is a permanent hardware identifier that carriers log.

Stock Android is unlikely to match the privacy of a de-Googled phone running GrapheneOS. But an Android phone with these settings changed is dramatically better than one running defaults.