10 Smartphone Privacy Settings You Should Change Right Now

Your smartphone is probably the most personal device you own. Think about it for a second. It knows where you sleep. Where you work. Who you talk to at midnight. What you search for when nobody's watching. Which routes you take to grab your morning coffee. It tracks your health, your spending habits, your conversations, and your daily routines down to the minute.

And here's the uncomfortable part: most of that information is being quietly shared with companies you've never even heard of.

I've been in cybersecurity long enough to know that most people don't realize how much data their phone leaks in the background. Not because they're careless, but because the default settings on both Android and iPhone are designed to share as much data as possible. The controls to stop it exist. They're just buried deep enough that the average user never finds them.

So I went through both platforms — Android and iOS — and pulled out the 10 settings that make the single biggest difference. None of these take more than a minute to change. None of them will break your phone or stop your apps from working. They just close doors that were never supposed to be open in the first place.

Let's get into it.

1. Turn Off App Tracking (iPhone)

If you're an iPhone user and you only change one setting from this entire list, make it this one.

Go to Settings → Privacy & Security → Tracking, and turn off "Allow Apps to Request to Track."

When this setting is on, every app on your phone can ask for permission to follow your activity across other apps and websites. Most people just tap "Allow" without thinking about what they're agreeing to. What they're actually agreeing to is letting that app track their behavior across the entire digital ecosystem on their phone — not just inside the app itself.

When you turn this off, apps don't even get to ask. They're blocked from cross-app tracking by default. Silently. Permanently.

When Apple first introduced this feature back in iOS 14.5, the advertising industry estimated it cost them billions in revenue. Meta alone reported a $10 billion hit. That tells you everything you need to know about how effective this single toggle is.

2. Delete Your Advertising ID (Android)

Android handles this differently, but the concept is the same.

Go to Settings → Privacy → Ads, and you'll find an option to delete your advertising ID. Do it.

Your advertising ID is a unique string of characters assigned to your device. It acts like a name tag that follows you across every app. Advertisers use it to build a behavioral profile of what you click on, what you buy, what you browse, and how you move between apps. Deleting it breaks that tracking chain.

If you're on a Samsung phone, there's an additional step most people miss. Samsung runs its own data collection layer on top of Google's. Go to Settings → Security and Privacy → More Privacy Settings, and review the toggles for Samsung's customization service and diagnostic data sharing. Turn both off. You're essentially being tracked twice otherwise — once by Google, once by Samsung — and you gain absolutely nothing from either.

3. Audit Your App Permissions

This is where the real damage happens silently, and it applies to both Android and iPhone.

On iPhone, go to Settings → Privacy & Security. You'll see a list of categories: Location Services, Contacts, Microphone, Camera, Photos, Calendars, and more. Tap each one and look at which apps have access.

On Android, go to Settings → Security & Privacy → Permission Manager. Same structure — review each permission category and see what has been granted access.

Here's the question I want you to ask for every single permission on every single app: does this app actually need this to function?

A weather app might need your approximate location to show you a forecast. It absolutely does not need access to your microphone, your contacts list, or your photos. A flashlight app doesn't need your location at all — yet I've seen flashlight apps requesting access to contacts, SMS messages, and call logs.

Be ruthless here. If you're not sure whether an app needs a permission, revoke it. If the app breaks, you can always grant it back. But in my experience, the vast majority of permissions that apps request are for data collection purposes, not functionality.

4. Change Location Access to "While Using" or "Never"

Location data is among the most sensitive information your phone collects. It doesn't just reveal where you are right now. Over time, it builds a complete map of your life: where you live, where you work, what doctors you visit, what places of worship you attend, what stores you shop at, what neighborhoods you spend time in, and who you might be meeting based on co-location data.

This information is incredibly valuable to advertisers and data brokers, and it's being collected by far more apps than most people realize.

On both iPhone and Android, go through your location permissions and change every app to either "While Using the App" or "Never." Almost no consumer app legitimately needs "Always" access to your location. Navigation and ride-sharing apps need it while you're actively using them. Everything else can probably be set to "Never."

On iPhone, there's an additional setting you should know about: Precise Location. When this is on, apps get your exact GPS coordinates down to a few meters. When it's off, they only get your approximate area — within a few kilometers. For most apps, approximate location is more than sufficient. Turn off Precise Location for everything except maps and navigation.

5. Disable Lock Screen Notification Previews

This one is so simple it often gets overlooked, but it's a genuine privacy risk in everyday life.

By default, both Android and iPhone display full message previews on your lock screen. That means anyone who picks up your phone — or just glances at it sitting on a table in a meeting — can read your text messages, see who's calling you, view email subject lines, and peek at notification contents from banking apps, health apps, and everything else.

On iPhone, go to Settings → Notifications → Show Previews, and change it to "When Unlocked." Now notification previews only appear after you authenticate with Face ID or your passcode.

On Android, go to Settings → Notifications → Lock Screen Notifications, and choose either "Hide sensitive content" or "Don't show notifications at all."

This takes five seconds to change and immediately protects you from one of the most common real-world privacy exposures.

6. Use Strong Biometric Authentication with a Proper Backup PIN

Biometric unlock — fingerprint or face recognition — is convenient and reasonably secure for daily use. But the backup PIN or passcode matters more than most people think, because that's what an attacker will try when biometrics aren't available.

On iPhone, go to Settings → Face ID & Passcode and make sure you're using at least a 6-digit numeric code or, better yet, a custom alphanumeric passcode. The default 4-digit PIN has only 10,000 possible combinations. A 6-digit PIN has a million. An alphanumeric passcode is exponentially stronger.

On Android, avoid using pattern unlock. Patterns are remarkably easy to guess from smudge marks on your screen — there are academic studies demonstrating this. And be cautious about Face Unlock on non-flagship Android devices. Many budget and mid-range phones use a basic 2D camera for face recognition, which can be fooled with a printed photo. If your phone doesn't have a 3D depth sensor for face unlock, stick with fingerprint.

Also, consider enabling the auto-erase feature if it's available on your device. Both iPhone and some Android phones can be set to wipe all data after 10 consecutive failed passcode attempts. This is a strong deterrent against brute-force attacks if your phone is physically stolen.

7. Turn Off Background Wi-Fi and Bluetooth Scanning

Here's something most people don't realize: even when you turn off Wi-Fi and Bluetooth using the quick toggles in your notification shade or Control Center, your phone may still be scanning for nearby networks and devices in the background.

Both Android and iPhone use these background scans to improve location accuracy. But the side effect is that your phone is constantly broadcasting probe requests that can be used to track your physical movements through a building, a mall, a city block — anywhere there's infrastructure listening for these signals.

On Android, go to Settings → Location → Wi-Fi and Bluetooth Scanning, and turn both off.

On iPhone, the Control Center toggles only disconnect from the current network — they don't fully disable the Wi-Fi or Bluetooth radios. To truly turn them off, you need to go through Settings → Wi-Fi and Settings → Bluetooth and toggle them off there.

This is especially relevant if you're walking through public spaces like malls or airports where retail tracking systems use Wi-Fi and Bluetooth signals to monitor foot traffic and build shopper profiles.

8. Enable Find My Device — But Understand the Implications

Both Apple's Find My and Google's Find My Device allow you to locate, lock, and remotely erase your phone if it's lost or stolen. These features are essential. Enable them.

On iPhone: Settings → [Your Name] → Find My → Find My iPhone. Turn on Find My iPhone, Find My network, and Send Last Location.

On Android: Settings → Security → Find My Device. Turn it on.

But here's the nuance that doesn't get discussed often enough: anyone who has access to your Apple ID or Google account can use these same tools to track your location in real time. If you're in a situation where someone might be monitoring your movements — a controlling partner, a stalker, an overbearing family member — be aware that Find My can be a surveillance tool just as easily as a safety tool.

If you suspect someone has unauthorized access to your account, change your password and enable two-factor authentication immediately. Review which devices are signed in under your account and remove any you don't recognize.

9. Switch to an eSIM

This one gets overlooked constantly, but it's a genuinely meaningful security upgrade.

A traditional physical SIM card can be removed from your phone by anyone who has access to it. Once they put your SIM in a different device, they receive your phone calls, your text messages, and — critically — any two-factor authentication codes sent via SMS. This is the foundation of SIM-swapping attacks, which remain one of the most common ways people lose access to their bank accounts and cryptocurrency wallets.

An eSIM is a digital SIM that's embedded in your phone's hardware. It can't be physically removed. Transferring an eSIM to a different device requires authentication through your carrier, which adds a significant barrier against SIM-swap attacks.

Most flagship phones released since 2023 support eSIM, and many carriers now offer it as an option. Some newer iPhones don't even have a physical SIM tray anymore. Check with your carrier to see if switching is available in your area.

This won't make you immune to every form of phone number theft, but it closes one of the easiest and most commonly exploited physical attack vectors.

10. Turn Off Usage and Diagnostics Sharing

Both Apple and Google collect so-called "anonymous" usage data from your device to help improve their products and services. Apple calls it Analytics. Google calls it Usage & Diagnostics.

The problem with the word "anonymous" in this context is that research has repeatedly shown that supposedly anonymized data can often be re-identified, especially when it includes location data, device identifiers, and behavioral patterns. Whether Apple and Google can technically re-identify specific users from this data is debatable. What isn't debatable is that you gain absolutely nothing by sharing it.

On iPhone: Settings → Privacy & Security → Analytics & Improvements. Turn off Share iPhone Analytics, Improve Siri & Dictation, and Share iCloud Analytics.

On Android: Settings → Privacy → Usage & Diagnostics. Turn it off.

These settings won't completely prevent the operating system from collecting some data — that's baked into how the platform works. But they reduce the volume of information being sent to Apple and Google's servers, and that's worth doing on principle.

The Bigger Picture

None of these changes are dramatic. None of them require technical expertise. None of them will make your phone harder to use or break the apps you rely on.

What they will do is close the gaps that companies exploit to build profiles of your behavior, your movements, your relationships, and your interests — usually without your meaningful knowledge or consent.

Your phone is the most intimate piece of technology you own. It should work for you, not for everyone else. Take five minutes today and make sure it actually does.