Skip Navigation
technology @hexbear.net Dbumba [none/use name] @hexbear.net

Tips for phone privacy?

Hey Hexbear

Like to think I do an ok job keeping my desktop setup secure, but realized recently I don't do the same for my mobile devices.

Does anyone have any good tips how to help keep your phone more private and secure?

I have both an android and iPhone, and realize androids are superior to that sort of customization. Thought it might be useful tho if anyone had any tips for either though.

6
6 comments

  • I'm not sure whether the things I do are good, but some of it(I'm on android):

    • Disable background data for apps which don't need it
    • Disabling unnecessary permissions for apps
    • Disabling/uninstalling unwanted apps. You can try android debloater if you want to go further, but would need to be more careful about disabling some important app.
    • Using apps like Firefox more than GChrome. Firefox has uBlock origin and other extensions like dark reader n rss radar.
    • Not using many connected apps or being tied to a single ecosystem, so as to avoid everything being collected by one group. But if something simplifies your life very much then this may not be practical.
    • Gps n mobile data off when not in use. Actually, I started doing this to save battery, but it's standard practise now. If you're a person who gets online calls a lot, turning off mobile data may not be realistic.

    If you want to go further, you can try apps like Netguard, which can be used to block and analyse the internet usage of apps on the phone.

    I think one can even root their phone and flash custom roms or make modifications of their own. But I've never tried that.

  • Less is more with app's 100%. Wiping the android device and never signing into Google is another easy move. Just use F-Droid for your app's. Anything that's not on F-Droid can be obtained through the Aurora Store, which is in F-Droid. Aurora is the play store but can be accessed anonymously.

    Setting up a private DNS server and setting it as the phones DNS is a good move on android. I like NextDNS for this as it lets you add filters.

    VPN's like MullVad or Proton aren't a bad thing. VPN with block connection without VPN + a private DNS is a solid one-two-punch.

    Setting up two users in the android phone is great. One for banking, uber/lyft, work or school stuff and the other for personal. Helps segregate the app data.

    Above all this, a private OS is the final move. Graphene OS is amazing, but only works on Pixel phones. Calyx OS, Lineage OS, /e/, and Postmarket OS are other options which will also increase your mobile privacy across many different phone models.

    Privacy is a marathon and not a sprint. So good on you handling your desktop! These are some options but it'll just depend on your threat model to determine if they're bit much compared to other options.

  • I think one good tip for phone privacy is to get other people with phones to use libre messaging apps like Signal and Matrix for communication. There's no good point to your own phone privacy if people demand you use nonfree programs for messaging like Meta products or (gesp) Discord.

  • Search Graphene OS

  • On iOS: run through the security checkup, set up dns over tls and connect to an always on vpn that’s trustworthy for your needs (mullvad?). Turn on lockdown mode and never turn it off. Switch to at least a six digit passcode and disable biometrics. Set the attempt limit to on. Turn on advance data protection in your iCloud account.

    Audit all email accounts or account names and metadata like credit cards that they might have associated with them. Use a password manager like last pass and change everything to unique long random strings. Use different emails for each account. No not aliases through one service, different emails.

  • Not android specific:

    If you are already getting a new number, instead of just signing up with your real ZIP, it might be worth taking a look at https://en.wikipedia.org/wiki/List_of_North_American_Numbering_Plan_area_codes and picking an area code that hasn't been rolled out for over half a century (literally). They tend to have had many previous owners over the years and you'll be getting spam on day one. If you pick a more recent area code there's a good chance you won't get flooded with spam constantly.

    Don't be like boomers and use the same number for your entire life. Remember where you use your phone number so you can always change it if you need to. Create a Google Voice (or similar) account to use for online purchases, or to give to acquaintances or anyone else who you might not want to have your real number.

    For Android:

    Use a separate phone for work. Always. Bare minimum you should use a phone that lets you use work profiles (Samsung supports this) and use something like Island/Shelter/Insular. That way you control the work profile, and not your employer.

    Personally I gave up trying to firewall apps on my phone (e.g. NetFilter or AF Wall). I use DNS level filtering if needed, and anything I don't fully trust just isn't getting installed in the first place.

    Others mentioned rooting, I wouldn't recommend this unless you're already familiar with how to navigate that. I used to be very much into rooting say 10 years ago, but the tools and methods people use now are basically unrecognizable to me. Definitely not like riding a bike, I would be totally lost and not confident in my ability to not brick my phone. Things are always changing and there's always new happenings to stay on top of, patch, mod, find unofficial updates for. Not worth it, at least for me. It can open up a lot of possibilities for privacy with stuff like Xposed modules (if those still are a thing), but yeah.

  • get lineageos on it and disable internet to everything that doesnt need it

You've viewed 6 comments.