The Privacy Enthusiast's Guide to Using Android

With everyone from local scammers to government agencies trying to get hands on your data, there’s never been a better time to beef up your privacy game. Fortunately, there are a ton of options out there to keep your messages, files, and phone safe on Android.

Before we begin, we should point this out: using a smartphone is always going to be a risk. Especially one running services from Google. You can use these tips and apps to protect some of your communication, but you’re never going to be totally off the grid as long as you’re using an Android phone. That doesn’t mean you have to make it easy on an attacker, though.

Change These System Settings to Protect Your Privacy

When you first get your phone, it’s a good time to start protecting yourself. During the setup, make sure you disable any options asking to track your data. After that (or if you’ve already set up your phone), there are a number of precautions you can and should take. We recommend everything on the following list, but they all come with some convenience sacrifice, so decide for yourself which ones you need:

Setup Timeout Error: Setup took longer than 30 seconds to complete.

• Set a strong alphanumeric password. Android gives you the option to use a pattern or PIN to lock your phone, but to be safe, you should use a strong alphanumeric password. Open the Settings app and head to Security > Screen Lock. Set a password that includes numbers and letters.
• Don’t use your fingerprint to sign in. Fingerprint sensors are convenient, but the law around them is complicated. While it’s still being hashed out in the courts, currently police can compel you to use your fingerprint to unlock your phone. It’s better to just not use it at all. On Nexus and Pixel devices, head to Settings > Security > Pixel Imprint and delete any fingerprints you’ve saved.
• Encrypt your phone (if it isn’t already). Some manufacturers don’t encrypt your phone by default. If you have to enter a PIN before the phone boots up, it’s probably encrypted already. Just to be sure, head to Settings > Security. Under Encryption, you should see “Encrypt phone.” If it says “Encrypted” below that, you’re good. Otherwise, tap it and follow the instructions to encrypt your phone. This may take a while and it may slow down some older phones, but it’s worth it to protect your data.

• Hide notification information from the lock screen. Android will show notifications even when your phone is locked, but you can hide sensitive information if you don’t want prying eyes to see. Head to Settings > Notifications then tap the gear icon at the top. Finally, tap “On the lock screen.” You can either choose “Hide sensitive notification content” to conceal things like messages and email contents, or “Don’t show notifications at all” to ensure no one sees anything.
• Disable Google’s tracking activity. Google is the biggest glutton for data around, so disabling their tracking is almost a Sisyphean task, but you can at least turn off as much as you can. Head to this link, click the menu button at the top, and choose “Activity Controls.” Here, you can disable location tracking, search tracking, voice tracking, and even your YouTube history. Note, Google may still keep some anonymized info about you, but this can minimize how much they have.
• Turn off Google backup. Google backs up a ton of information about your device, including call history, apps, and even what Wi-Fi network you’re connected to. If you’d rather Google not have that info, head to Settings > Backup & reset > Backup. You can either disable backups entirely (or make your own) or selectively disable the data you don’t want to store.

• Turn off any unnecessary app permissions. As of Android 6.0 (Marshmallow), Google finally lets you pick which permissions to give to apps. For starters, that means you should probably get an Android phone running Marshmallow if you’re concerned for your privacy. Then, head to Settings > Apps and tap the gear icon at the top. Then tap “App permissions.” Here you’ll be able to see permissions for things like Calendar, Contacts, Location, and Microphone. Tap each one and disable any apps you don’t trust. Keep in mind, this may break some apps if you’re not sure why they need that permission. If you’re really not sure you can trust an app, you might be better off uninstalling it.
• Turn on two-factor authentication. Your account is only as safe as your password (which isn’t very safe) unless you enable two-factor authentication. You can turn it on for your Google account here, and then for any of your other accounts on this list. It’s also a good idea to use an app like Authy to manage your authentication tokens, since it lets you lock apps with a PIN. This protects your tokens in the event someone steals and unlocks your phone.
• Enable Android Device Manager. ADM can find your phone remotely, so it might be a bit of a toss-up from a privacy standpoint. On the one hand, it means Google will have information about where you are. However, you can also use it to locate or wipe your phone remotely. If you want that nuclear option in case you lose your device, this might be a good tool to have.

That should handle a lot of the data and vulnerabilities that come with having an Android phone (though you should still assume there’s some kind of data being tracked from your account). However, that’s only part of the equation. Next, you’ll need to take a look at the apps you use every day.