Written by Ananya Desai | Last Updated: February 2026 | Ananya has tested Android apps daily for over 5 years.
Disclaimer: This article may contain recommendations based on our research and experience.
How to Protect Your Privacy on Android in 2025
Your Android phone knows more about you than almost any other object you own. Where you go, what you search for, who you talk to, what you buy, what time you sleep. Most of this data collection is happening in the background without you actively choosing it. These are the concrete steps that actually reduce your exposure without making your phone less usable. No paranoia required, just practical changes.
Our Real Experience Testing These Settings
We went through every privacy setting on three Android phones running Android 13 and 14 (Pixel 7a, Samsung Galaxy A54 and Redmi Note 13) and documented which settings were privacy-protecting by default and which required active changes to improve. We also ran a week of normal phone use before and after applying these settings and noted which apps stopped working or became inconvenient, since privacy changes that break daily functionality do not get used long-term.
The good news: the most impactful privacy changes on Android cause zero inconvenience in daily use. The settings that do cause friction (like blocking all location access) are the ones you can apply selectively based on your own comfort level rather than all-or-nothing.
Step 1: Audit Your App Permissions
Go to Settings then Privacy then Permission Manager. This shows you every permission category (Location, Microphone, Camera, Contacts, etc.) and which apps have access to each. Work through this list and ask for each app: does it actually need this permission to do what I use it for?
Common offenders: weather apps asking for precise location when approximate is sufficient. Shopping apps with microphone access. Games with contacts access. Social media apps with precise location set to Always instead of Only While Using. Change any permission that does not make sense for what the app does.
Pay specific attention to location permissions. Change any app set to Allow All the Time to Only While Using unless it genuinely needs background location (navigation apps are the main exception). This stops apps tracking your location when you are not actively using them.
Step 2: Turn Off Ad Personalisation
Go to Settings then Privacy then Ads (on stock Android) or Settings then Google then Ads (on most phones). Turn off the setting that allows personalised ads based on your interests and location. This does not stop ads from appearing but stops Google from building a profile of your interests to target them. Also select Delete Advertising ID which removes the identifier used to track you across apps.
On Samsung phones there is a separate Samsung Ads setting under Settings then Privacy that does the same thing for Samsung services. Disable personalised ads there as well.
Step 3: Review Google Account Data Settings
Go to myactivity.google.com in your browser while signed into your Google account. This shows you everything Google has recorded: search history, location history, YouTube watch history and app activity. In the settings here you can turn off activity tracking for each category and set automatic deletion so older data is removed on a rolling basis (options are 3 months, 18 months or 36 months).
Turning off Location History stops Google Maps from recording everywhere you go. You can still use navigation normally. The only thing you lose is the ability to see a timeline of everywhere you have been, which most people do not use anyway.
Step 4: Use a Private DNS
Your DNS provider can see every website and service your phone connects to, even if the content of those connections is encrypted. By default this goes to your internet provider who may log and sell it. Switching to a private DNS changes this.
On Android go to Settings then Network then Private DNS. Select Private DNS provider hostname and enter dns.google or 1dot1dot1dot1.cloudflare-dns.com (type it as shown, with “dot” written out not as actual dots). This routes your DNS queries through Google or Cloudflare respectively, both of which have published non-logging policies. Cloudflare is generally considered more privacy-focused of the two.
Step 5: Use a Password Manager
Reusing passwords across services is the single biggest practical security risk for most people. When one service gets breached, attackers try those credentials on every other major service automatically. A password manager generates and stores a unique strong password for every site so a breach of one does not compromise others.
Bitwarden is free, open source and works well on Android. It integrates with the Android autofill system so passwords fill automatically in apps and browsers. The free tier covers everything most individuals need. Proton Pass is another solid free option from the same company that makes ProtonVPN and ProtonMail.
Step 6: Enable Two-Factor Authentication on Important Accounts
Two-factor authentication means that even if someone has your password they cannot log into your account without also having your phone. Enable it on your Google account, WhatsApp, banking apps and any account that contains sensitive information. Most services offer SMS-based 2FA which is better than nothing. An authenticator app like Google Authenticator or Authy is better than SMS since it is not vulnerable to SIM swapping attacks.
Step 7: Check Which Apps Have Access to Your Clipboard
Android 12 and above shows a notification whenever an app reads your clipboard. Pay attention to these. If an app you do not expect is reading your clipboard in the background, that is worth investigating. Copied text can include passwords, addresses and personal information you copied briefly for a different purpose. Some apps were caught reading clipboard data without clear user benefit and this notification system now makes it visible.
Privacy Settings Checklist
| Setting | Where to Find It | Recommended Change |
|---|---|---|
| Location permissions | Settings > Privacy > Permission Manager > Location | Change most apps to Only While Using |
| Ad personalisation | Settings > Privacy > Ads | Turn off and delete Advertising ID |
| Google activity | myactivity.google.com | Turn off, set 3-month auto delete |
| Private DNS | Settings > Network > Private DNS | Set to Cloudflare or Google DNS |
| Microphone access | Settings > Privacy > Permission Manager > Microphone | Remove from apps that do not need it |
| WhatsApp 2FA | WhatsApp > Settings > Account > Two-step verification | Enable with a backup email |
Pros and Cons
What improves: significantly less targeted advertising, reduced data collection by apps and services, better protection if an account password is compromised, more control over what apps can access.
What may change: some apps may ask to re-enable permissions they lost. Location-based recommendations become less personalised. A very small number of apps may not function properly without specific permissions they used to have. In testing, none of the commonly used apps broke entirely from these changes.
Who Should Do This
Everyone. These are baseline hygiene practices for smartphone use in 2025. The time investment is about 30 to 45 minutes for the full setup and most of it only needs to be done once. Anyone who uses banking apps, stores personal photos or communicates privately through their phone benefits from these settings.
Who Might Want to Go Further
Journalists, activists or anyone with specific privacy needs beyond everyday users should look into using Signal for communications, a VPN from a trusted provider and potentially a de-Googled Android like GrapheneOS. Those are beyond the scope of everyday privacy but the option exists.
Final Verdict
Start with the permission audit today. It takes 15 minutes and stops apps that have no business accessing your location or microphone from doing so. Then delete your Advertising ID and turn off personalised ads. Those two changes together are responsible for the majority of the privacy improvement from this entire guide. Add a password manager if you do not already use one and enable two-factor authentication on your Google and WhatsApp accounts. That covers the most important bases without requiring any technical knowledge.
Frequently Asked Questions
Does using a VPN improve privacy on Android?
Yes, partially. A VPN hides your browsing from your internet provider and protects you on public WiFi. It does not stop apps from collecting data directly and it does not make you anonymous. For a full discussion see our dedicated guide on VPNs for Android.
Is Google tracking me even with location history turned off?
Google can infer approximate location from WiFi networks and IP address even with location history off. Turning off location history significantly reduces granular tracking but does not eliminate all location awareness. For most people this is an acceptable level of privacy.
Is Bitwarden safe?
Yes. Bitwarden is open source which means independent security researchers can and do audit the code. It has passed multiple third-party security audits. Your passwords are encrypted before leaving your device so even Bitwarden cannot access them.
Will these privacy settings slow down my phone?
No. Restricting permissions and turning off ad personalisation does not affect phone performance. Switching to a private DNS may improve DNS resolution speed slightly since Google and Cloudflare DNS servers are generally faster than carrier defaults.
Related Guides
For more on this topic read Android Settings Most People Never Touch But Should in 2026. You may also find Hidden Android Features Most People Do Not Know About useful. And for a related guide check How to Speed Up a Slow Android Phone (7 Things That Work).
