Smart phones are inherently not private. They are built to be the most convenient and addicting things in our lives. A pipeline for big companies to take our data and sell it.
We can and should take back our privacy from these devices.
Apps
Apps are one of the worst privacy offenders. We have gotten used to “free” apps. The “free” price isn’t really free. Most “free” apps harvest your information to sell you ads. Lots of “free” apps request permission to do things that they shouldn’t need to do their job like a News app wanting your location.
Thankfully our smartphones allow us to block these extraneous permissions and in recent years have added much more granular permissions so you can allow apps to only have the permissions they need and nothing more.
An example
Weather apps will ask for location access which can be handy when you are somewhere where you don’t know the address. This is a legitimate use case for it to have the location permission. But you probably don’t want to know where you are at all times. You can tell your phone you want the weather app to ask for your location every time instead of whenever it wants. That way you can decide when it has permission and when it doesn’t.
You should regularly audit what apps have permission to.
On Android
- Open settings
- Privacy
- Permission manager
On IOS
- Open settings
- Privacy
Uninstall Unused Apps
An easy way of making your phone more private is to delete apps you’re not using. Apps can work in the background collecting data on you. If you don’t use the app get rid of it, you can always download it again later.
General Settings You Should Change
After dealing with your apps it’s a good idea to change some general settings for your device to increase it’s security. Privacy and security go hand and hand. You can’t have privacy if you don’t secure your device.
- Enabling biometric login is a good idea.
- Enable a pin or password. At least 6 character but it should be longer.
- Disable Location services when not in use.
- Disable Wifi and Bluetooth when you aren’t using them. (Especially when your not home)
Note on Wifi and Bluetooth: When wifi or Bluetooth is enabled, your device broadcasts a unique ID that can be tracked so disabling these radios when not in use will help limit the ways your location can be tracked.
Your Browser
Your browser is the most used application on both smart phones and computers for most people. It’s very important that it is also configured to be as private as possible.
- Change your default search engine. Google collects everything about you. Use DuckDuckGo or Startpage instead. Both work just as well as if not better than Google.
- Change your default browser. Firefox works on both your Smart Phone and on Desktop.
Review Privacy Settings In Apps You Use
These vary from app to app but in general your looking for:
- Privacy
- Data Sharing
- App Personalization
- Crash reporting
- Anonymous usage or anonymous analytics
You want to turn off as much collection of data as possible, even if they say it’s anonymous.
Chat Apps
I’m sure most of you use apps like Instagram, WhatsApp, Twitter, and Facebook Messenger to talk to friends.
These services collect a ton of data about you and store every message you have ever sent in plain text on their servers. This means that if they get hacked, have an employee go rogue, or get served a government warrant your messages are available to be read.
You should switch to Signal or Matrix/Element. These services are End-to-end encrypted. This means that nobody can read your messages except you and who you’re talking to.
WhatsApp says they are end-to-end encrypted and they are but they can still read your messages because they have a key to read them. It’s a bit complex but it’s like there is another person in the conversation so they can also read your messages. Signal and Matrix do not do that. They are open source to prove that.
If you can’t switch some friends over to a secure messaging service then you have to be extremely careful what you say. Treat everything you send as if you’re shouting it in the public square. Because you are.
Most public “free” email providers openly read your email. They scan it to send you personalized ads. Email isn’t secure and you shouldn’t send anything private over it. If you need to send something personal over it I recommend that you either get the other person on something secure or if you can’t do that set up a shared folder or document and send them a share link. It’s far from perfect but it is better than sending that information openly. Make sure to use a secure provider like Proton to host your shared data.
Treat email like you’re sending a postcard.
Switching email providers is a huge pain but it is generally worth the effort. Protonmail or Tutanota are both good options and have a generous free tier. They don’t harvest and sell your email data and they store everything encrypted. Both Proton and Tutanota have a feature to send end-to-end encrypted emails. This only works if the recipient is also using the same email service you are. They do not protect email sent or received from other providers.
If you want to do something more advanced there is a way to encrypt your emails with GPG. You can learn more about that here.
You should always treat email as public. Never send anyone anything personal through it. Use an encrypted zip file if you can. Then give them the password over the phone or through a different means.