How to Audit Your Smartphone Privacy Settings and Reclaim Your Data
This post walks through a step-by-step privacy audit for iOS and Android devices—covering location tracking, app permissions, ad personalization, and data backups. Smartphones collect more information than most people realize, and default settings often favor convenience over confidentiality. By spending about thirty minutes adjusting key controls, you'll significantly reduce how much data leaves your device.
What Information Does Your Phone Collect About You?
Your smartphone gathers location history, app usage patterns, contact lists, microphone samples, and even Bluetooth scanning data. Both Apple iOS and Google Android maintain detailed logs—sometimes stretching back years—unless someone manually clears or disables them.
The scale is striking. Apple's Significant Locations feature (found under Settings > Privacy & Security > Location Services > System Services) keeps a record of places you visit frequently. Google's Location History does the same on Android, storing timestamps and GPS coordinates in your Google account. These services power features like traffic predictions and photo geotagging, but they also create a granular map of daily life.
Apps add another layer. A weather app might request constant location access. A flashlight app could ask for contact permissions (a red flag). Social platforms like Meta Facebook and TikTok often pull metadata from photos, read clipboard contents, and track activity across other apps. The result? A profile far more detailed than anything most users would knowingly consent to.
"Your phone is a tracking device that happens to make calls." — Electronic Frontier Foundation
How Do You Turn Off Location Tracking on iPhone and Android?
On iPhone, go to Settings > Privacy & Security > Location Services and either disable location entirely or set apps to "Never" or "While Using the App." On Android, head to Settings > Location > App Location Permissions and revoke background access for any app that doesn't need it.
Here's the thing: some apps throw tantrums when denied location access. Uber, for example, works fine with "While Using" but nags for "Always." Stand firm. Background location is rarely justified. For apps that genuinely need it—like Find My or trusted family trackers—keep it limited to those exceptions.
Don't forget system-level location features. On iOS, scroll to the bottom of Location Services and tap System Services. Disable "Significant Locations," "iPhone Analytics," and "Routing & Traffic" unless you use them daily. On Android, visit myactivity.google.com from a desktop browser, sign in, and pause Location History and Web & App Activity. This stops Google from building a timeline of movements.
Worth noting: disabling location tracking doesn't make a phone untraceable. Cell towers and Wi-Fi networks still provide rough location data to carriers. But shutting off GPS logging strips away the most precise layer of surveillance.
Which App Permissions Should You Revoke First?
Start with microphone, camera, contacts, and clipboard access—the four permissions most commonly abused for data harvesting. Both iOS and Android now offer granular controls, so there's no reason to grant blanket access.
On iPhone, handle to Settings > Privacy & Security and review each category. Tap Microphone and turn off access for any app that doesn't regularly need it. Do the same for Camera and Contacts. iOS 16 and later also include a Pasteboard setting under each app's permissions—disable it for apps that have no business reading clipboard contents.
On Android (particularly Pixel and Samsung Galaxy devices running Android 13+), the path is Settings > Privacy > Permission Manager. Android's Privacy Dashboard—introduced in Android 12—shows a 24-hour timeline of which apps accessed sensitive sensors. Use it. If a crossword puzzle app used the microphone at 2 a.m., that's a permission to revoke immediately.
| Permission | Risk Level | Recommended Setting |
|---|---|---|
| Location (Always) | High | While Using Only or Never |
| Microphone | High | Ask Every Time / Per-App Deny |
| Camera | Medium-High | While Using Only |
| Contacts | Medium | Deny Unless Core Feature |
| Clipboard | Medium | Deny for Most Apps |
| Bluetooth | Low-Medium | Ask Every Time |
The catch? Some apps break when permissions are pulled. A video conferencing tool needs camera and mic access—obviously. A banking app might request contacts for "referral programs." Deny that. Evaluate each request based on function, not brand recognition.
How Can You Stop Personalized Ads and Cross-App Tracking?
On iPhone, enable "Limit Ad Tracking" (now called "Personalized Ads") under Settings > Privacy & Security > Apple Advertising and turn it off. Then enable "App Tracking Transparency" system-wide and deny every app that asks to track activity across other companies' apps and websites. On Android, reset your advertising ID and opt out of ad personalization under Settings > Privacy > Ads.
Apple's App Tracking Transparency (ATT), introduced in iOS 14.5, was a genuine shift. Before ATT, apps could silently share identifiers with data brokers. Now they must ask permission. Most users say no—surveys suggest opt-out rates above 60%. If an app pops up a tracking request, tap "Ask App Not to Track" without hesitation.
Android's approach is softer. Google still collects data for its own ad services; you can't fully opt out without deleting your Google account. But you can reset the Advertising ID (which breaks behavioral tracking chains) and disable personalized ads. For stronger protection, consider switching to privacy-focused alternatives: DuckDuckGo for search, Signal for messaging, and Brave or Firefox for browsing.
That said, ad blocking is only one piece of the puzzle. Data brokers like Acxiom, LexisNexis, and Spokeo compile profiles from public records, purchase histories, and web scraping. Removing yourself from these databases requires separate opt-out procedures. The Electronic Frontier Foundation maintains guides for scrubbing broker listings.
Reviewing Your Backup and Cloud Sync Settings
Cloud backups are convenient. They're also surveillance gold mines. iCloud and Google Drive backups often include messages, photos, health data, and app contents—sometimes without end-to-end encryption.
On iPhone, go to Settings > [Your Name] > iCloud > iCloud Backup. Consider what's included. Apple's Advanced Data Protection (available in the US and expanding globally) offers end-to-end encryption for most iCloud data categories. Enable it if the option appears. Without it, Apple holds the encryption keys and can hand data to law enforcement under legal order.
On Android, backups go to Google Drive. Visit Settings > Google > Backup and review the toggles. Texts, call logs, and app data are all fair game for Google's servers. If that feels excessive, disable app data backup and use local encrypted backups instead. Tools like Syncthing or Cryptomator let you sync files across devices without exposing them to cloud providers.
Photos deserve special attention. Google Photos and Apple Photos both use AI to categorize faces, objects, and locations. These features process data on-device when possible, but metadata and thumbnails often sync to the cloud. Turn off facial recognition and location tagging in photos if you don't want machine-learning models indexing your life.
Checking for Stale Accounts and Old Devices
Old phones, tablets, and forgotten apps maintain access to accounts long after they're useful. A device sold on eBay might still be signed into Gmail. A fitness app abandoned in 2019 could still pull step-count data.
On iPhone, check Settings > [Your Name] and scroll to "Media & Purchases" and "Sign-In & Security" to see active devices. Remove anything unfamiliar. On Android, visit Google Account Security and review "Your devices." Sign out of anything old or unrecognizable.
Do the same for third-party apps. Revoke access for services you no longer use under Google Account > Data & Privacy > Third-party apps & services. On iOS, check Settings > [Your Name] > Sign-In & Security > Apps Using Your Apple ID. If you haven't opened Strava or Goodreads in two years, disconnect them.
Installing Security Updates and Using Lockdown Modes
Privacy collapses without security. Zero-day exploits—unknown vulnerabilities patched in emergency updates—target outdated phones constantly. Both Apple and Google release monthly security patches. Install them. The "remind me later" button is not a strategy.
For users facing improved risk (journalists, activists, executives), iOS offers Lockdown Mode. It disables many features attackers exploit: message attachments, complex web technologies, FaceTime calls from unknown contacts, and wired connections with computers. It's extreme. Most people won't need it. But it's there.
Android's equivalent is more fragmented. Pixel phones get the fastest updates and include features like "Direct Boot" and hardware security modules. Samsung's Knox platform adds enterprise-grade encryption. Budget phones from lesser-known manufacturers often lag months—or years—behind on patches. If privacy matters, buy a phone with a strong update commitment.
Two-factor authentication (2FA) is non-negotiable. Use an authenticator app like Authy or a hardware key like YubiKey instead of SMS-based codes, which are vulnerable to SIM-swapping attacks. Set up biometric locks (fingerprint or face recognition) and a strong PIN as backup. Encrypt the device itself—full-disk encryption has been default on modern smartphones, but verify it's enabled in security settings.
Here's the final step: schedule this audit every six months. App permissions creep back. New features arrive enabled by default. Operating systems change. A twenty-minute review twice a year keeps your digital footprint smaller than most—and in an era of surveillance capitalism, that's no small thing.
Steps
- 1
Review and restrict app permissions
- 2
Disable personalized ads and location tracking
- 3
Enable automatic security updates and backup