Redditors ask, Cybernews answers: How can you protect your privacy on Android?

Android promises choice and control, but how much real privacy can you achieve by removing built-in surveillance features? Every week, our team selects one pressing and common reader issue and deconstructs it to help you stay safe online.

DeGoogling might be on the minds of many privacy-conscious internet users, but is it really possible? Especially on Android devices, which are very much intertwined with Google services.

“Just wondering what is a good method for trying to maintain some privacy on Android devices, specifically Samsung,” asked a Redditor on one privacy thread.

“I understand that not going to do much, but I'd rather try to do something than nothing.”

This week at Cybernews, we picked up this question and will lay down the steps Android users can take to reduce tracking.

“Generally, improving privacy on an Android device can be a challenge because of Google's integrations alone,” admitted the Cybernews research team.

However, while total privacy may indeed be impossible, minimizing data collection is still attainable. And worthwhile, too.

Get your Android’s guts out, if you dare

Advanced privacy seekers advise changing the operating system (OS) of your Android device. Most alternative Android-based operating systems remove or limit Google services by default. This dramatically reduces background data collection.

Custom operating systems usually come debloated with fewer pre-installed apps. Also, custom OS often allow reaching system level and customizing firewall rules, DNS control, permission toggles, and system-wide ad blocking.

“Many people choose to de-google by installing GrapheneOS or CalyxOS, which keeps Android app compatibility while reducing Google’s footprint on the person’s device,”

commented the Cybernews research team.

“However, as these operating systems are currently only supported by Pixel or Motorola devices, for Samsung users, other measures can be chosen instead,” they added.

On the other hand, the installation process of an alternative OS might be complicated for less tech-savvy users. Also, a custom OS reduces app compatibility, as some apps might refuse to run.

Also, a custom OS might not keep up with security patches, posing other kinds of risks, which is not privacy.

If you don’t want to ditch Android OS, there’s still something you can do.

Review and restrict app permissions

Apps tend to have access to a large amount of your device data, so it is an easy first step to review which permissions each app has. Permissions control what apps can see or do on your device. Denying unneeded access cuts off a major source of app tracking.

“It is important to evaluate the current apps the user has, double-check their permissions, and restrict them where needed and possible,” explained Cybernews researchers.

1. Open Settings
2. Go to Privacy
3. Pick Permission Manager
4. Review each permissions category, such as Location, Camera, Microphone, Contacts, etc.
5. Change permissions to “Only while using” or “Deny” for apps that you consider do not need such access

Also, it is important to restrict access to your location. GPS and network location are prime ways apps and services infer your movements even when you’re not actively using them.

1. Go to Settings
2. Go to Location
3. Go to App permissions
4. Set most apps to “Don’t allow” or “Ask every time”

At the same place, you can also disable WiFi and Bluetooth scanning. These scans might allow apps and Google to approximate your location via nearby networks.

Remove or disable preinstalled apps, or if possible, avoid all apps

Android comes with many preinstalled applications from both Google and the device manufacturer. Research into the Android ecosystem has shown that preinstalled apps can present significant privacy risks.

Many of these apps come bundled into the operating system and can’t be fully uninstalled without rooting or installing a custom ROM.

Curious what others think about this story? Contribute your thoughts to the debate below.

Because they’re installed at the system level, they often are granted intrusive permissions by default, giving them deep access to your device from the moment you first boot up.

Many of them have access to sensor data, contact lists, location, and device identifiers without explicit user consent.

They often embed third-party libraries from ad networks or analytics services that collect and transmit user data to external companies. Some preinstalled apps harvest and share data, including geolocation information, call metadata, and contact lists.

To increase your privacy, you should remove or disable as many preinstalled apps as possible. For those that can not be uninstalled, you can revoke their permissions to limit access to your data. You can also use the Android Debug Bridge tool to debloat your Android system.

Because these apps run at the system level, regular uninstall options are often unavailable. They may only be disabled, or in some cases, not even that.

A more drastic step is to avoid apps entirely when possible. While it is not possible to achieve completely, in some cases, it is worthwhile trying to use a browser instead of an application, as a browser collects and processes less data than an application.

Opt out of Google ad personalization and Google activity tracking

You can opt out of personalized apps on your Google account.

1. Go to Settings on your device
2. Go to Google
3. Press Manage your Google Account
4. Pick Data & privacy
5. Scroll to Personalized ads
6. Turn “Personalized ads” off

To be even more sure, turn off Google activity tracking by disabling the Google account Web & App Activity, Location History, and YouTube History. This will stop Google from constantly tracking your web searches and app use.

Also, you can remove the ad identifier used across apps for personalized ads, slowing down cross-app profiling. This way, apps will not be able to use the device’s advertising ID to show personalized ads. You can do that by following these steps:

1. Go to Settings
2. Pick Privacy and Security
3. Press More privacy settings
4. Toggle off personalization for Samsung and Google services
5. Go to Ads, and delete the advertising ID.

However, there is a flipside. Some users report that “opting out” of ad personalization doesn’t stop all tracking, as Google might still collect data through other means.

Use app tracking protection on your device

One more step that you could take towards privacy is installing apps that block trackers on your device.

For example, the DuckDuckGo Android app includes an App Tracking Protection feature that operates at the system level to block third-party trackers in your apps.

When an app tries to send data to a known tracking service such as Google, Facebook, Amazon, or other advertising and analytics companies, such blockers block that connection. Unlike browser-based tracker blocking, it monitors network traffic from all apps on your device, not just web browsing.

Use private DNS

One of the ways to reduce tracking on Android is to change how your phone resolves internet requests.

On Android 9 and newer devices, Google added support for Private DNS that allows users to route all domain lookups through a chosen provider rather than the default network DNS.

Before an app can load advertisements or connect to tracking endpoints, it must first resolve the destination domain through a DNS server. By switching to a privacy-focused DNS provider, you can filter ad trackers at the DNS level and protect your privacy.

To change your DNS settings, you need to take these steps:

1. Go to Settings
2. Pick Connections, scroll down to more connection settings
3. Open Private DNS, pick a private DNS provider hostname and enter the hostname of custom DNS

Choose privacy-friendly apps

Google apps and services often collect data even when not in use. Replacing them where possible lowers the amount of tracking data generated.

“Every day, Google services such as Gmail, Google Drive, Chrome, and others can be replaced with open-source alternatives, which are more privacy-focused,” our researchers explain.

Use browsers like DuckDuckGo or Firefox instead of Chrome. For communication, consider privacy-focused alternatives, such as ProtonMail and Signal. Google Maps also has alternatives, like for example OsmAnd, while Google Drive could be replaced by a Proton application.

You can also use alternative open-source app stores like F-Droid to avoid Google’s app ecosystem and download apps without logging in to Google accounts. Aurora Store is another option for those looking to avoid using Google accounts to download apps while still having access to mainstream options.

Use a secure folder for essentials

One way to increase privacy is to use secure vaults. They have an additional level of authentication, and apps inside Secure Folder run in their own isolated environment, helping to save sensitive data from leaking.

“Secure folder may be used as well for apps that handle sensitive data by default, such as messaging or banking apps,” said the Cybernews research team.

However, it is not a silver bullet. Secure vaults work best as part of a layered privacy strategy rather than a standalone solution.

Secure Folder encrypts and hides files locally, which helps to keep data away from the evil eye. However, it does not protect the device from Google, Samsung, or app-level tracking. Apps or files stored there are still going to be linked to the device unless those behaviors are explicitly restricted.

As previously reported by Android Authority, some system components didn’t treat Secure Folder as a truly isolated space, which violates the intended protection. Samsung has patched major issues with its secure folder in the newer One UI 8 release.

Avoid signing into a Google account on a mobile device

Effective privacy measures on Android are simply not signing in to a Google account on the device or limiting sign-ins as much as possible.

When you sign in, Android shifts from an operating system to a personalized data-collection environment, where activity across apps and services is continuously linked to a single identity. Without a Google account signed in, many forms of passive tracking are reduced.

This approach also changes how apps behave. Many apps rely on Google Play Services for analytics, push notifications, and advertising identifiers.

When no account is present, some features might fail, but many apps continue to function normally, particularly when installed via alternative stores like F-Droid or Aurora Store.

Some users keep one account signed in only for app downloads, while disabling nearly all Google activity tracking and avoiding Google apps entirely. Others create a minimal “throwaway” account with no personal information.

Of course, it is all a question of how much convenience you are willing to sacrifice for privacy.

Kick big tech out of your photo library

Photos, contacts, and media libraries are seen as high-value data sources that many system apps freely scan unless explicitly blocked.

Always limit what level of access the application has to your photos, even if it is an Android photo app. Instead of granting “Full access,” always grant “Limited access” just for selected photos. The system picker lets you share one file at a time without granting ongoing access to your gallery.

Many gallery and social apps default to full media access. Go to Permission Manager and revoke all photos and video permissions. Some gallery or cloud apps scan media in the background. To prevent apps from indexing and syncing when you’re not using the app, restrict background data usage.

You can do it following these steps:

1. Go to Settings, Apps and pick the desired gallery app
2. Tap Battery
3. Choose Restricted
4. Tap Mobile data & WiFi, and disable Background data

Also, revoke automatic synchronization for Google Photos and Samsung Photos.

1. Go to ​​Settings
2. Go to Backup
3. Turn it off

Bottom line. What are Redditors saying about making Android private?

Spend enough time reading Reddit threads about Android privacy, and a sobering consensus emerges. The tension between usability and exposure is where most Android privacy efforts ultimately live.

“Ultimately, there is none, but there's got to be a way to best minimize the collection of data while still maintaining a somewhat functioning system,” writes one Redditor.

That tension, between usability and exposure, is where most Android privacy efforts ultimately live.

“Don't log in to anything. Use a VPN. Don't save pictures to your phone. Don't allow the 'Gallery' app access to anything. Text or call with an encrypted app,” writes another, and it reads like a manifesto for digital minimalism.

Some users are far more pessimistic, especially when it comes to Samsung devices. This Redditor didn’t mince words:

“I don't think you can have any expectations of privacy on a Samsung Android phone. They come bundled with a ton of software that has every imaginable access granted to everything, and cannot be uninstalled or disabled. That's a huge attack surface.”

The critique goes beyond Samsung, pointing at Android itself: “In addition, Google is harvesting as much data from Android devices as they can possibly get away with to sell advertising and train their AI.”

Yet not all voices are that critical.

“I see ‘privacy’ as a spectrum, and also what’s your threat model? eg. what is your objective?” one user writes. They outlined their own piece of advice:

• Remove or neuter preinstalled apps
• Rely on Secure Folder
• Use a locked-down Gmail account only for Play Store access
• Switch daily communication to Proton Mail and Signal
• Encrypt Samsung sync data

---

Unlock more exclusive Cybernews content on YouTube.