Every call you make. Every location you visit. Every search you conduct. Every app you open, and for how long. Your smartphone logs all of it — and by default, it shares that data with advertisers, data brokers, and in many jurisdictions, law enforcement, without your knowledge or meaningful consent.
This is not a conspiracy theory. It is the documented, disclosed business model of the two companies that control the dominant mobile operating systems.
The good news: you can take meaningful action without becoming a monk or throwing your phone into a river.
Step One: Know Your Threat Model
Before changing a single setting, ask yourself: what am I protecting, and from whom? A domestic abuse survivor hiding their location has different needs than someone who simply doesn’t want targeted ads. The measures below address the most common civilian threat: pervasive commercial surveillance.
Step Two: Lock Down Location Data
Location data is the most sensitive data your phone collects. It reveals where you sleep, where you worship, whom you see, and where you receive medical care. Treat it accordingly.
On iOS: Settings → Privacy & Security → Location Services. Set most apps to “Never” or “While Using.” Disable “Precise Location” for anything that doesn’t genuinely need it. Critically, scroll to the bottom and disable “Share iPhone Analytics” and “Personalized Ads.”
On Android: Settings → Location → App permissions. The same logic applies: “While using” at most, “Never” where possible. Also: Settings → Google → Ads → Delete advertising ID.
Your carrier always knows your approximate location regardless of phone settings — your phone must ping towers to function. If your threat model includes your carrier as an adversary, this requires more advanced countermeasures.
Step Three: Replace Default Apps
The apps that come pre-installed on your phone are not neutral utilities. They are data collection instruments wrapped in convenient interfaces.
Browser: Replace Chrome and Safari with Firefox (with uBlock Origin) or Brave. Both block trackers by default. Firefox gives you more control; Brave is simpler.
Search: Replace Google with DuckDuckGo or Kagi. Neither builds a profile on your searches.
Messaging: Replace SMS with Signal. Full stop. Signal is end-to-end encrypted by default, collects minimal metadata, and is audited by independent researchers. There is no serious alternative for encrypted messaging.
Email: This is the hardest one. Gmail, Outlook, and Apple Mail all have access to your email contents. Proton Mail offers zero-knowledge encryption — meaning Proton cannot read your mail even if compelled. Tutanota is another solid option.
Step Four: Disable Ad Tracking Entirely
Both iOS and Android now offer system-level controls:
- iOS 14.5+: Apps must ask permission to track you across other apps and websites. When asked, always deny. Settings → Privacy & Security → Tracking → Allow Apps to Request to Track should be off.
- Android: Settings → Google → Ads → Opt out of Ads Personalization, then Delete advertising ID entirely.
Step Five: Audit Your Installed Apps
Open your app list and ask, for each app: do I still use this? Does it need the permissions it has? Many apps request access to contacts, microphone, camera, and location far beyond what they need to function.
Delete what you don’t use. For what remains, review permissions aggressively. An app that needs your microphone to function as a flashlight should not have it.
What Comes Next
These steps address the surface level of mobile surveillance. Deeper countermeasures — network-level blocking, hardened operating systems like GrapheneOS for Android, physical security — will be covered in future dispatches.
The goal is not perfection. The goal is to make mass surveillance more expensive and your data less profitable. Every step you take matters.
“An ounce of prevention is worth a pound of cure. In the digital world, a week of good habits is worth years of retroactive damage control.”