How to Secure Your Android Device and Have More Privacy

This way, even if you only have five minutes to spend right now, you can improve your privacy and security on Android in a few simple steps. Whenever you have some time, come back to this post and complete the next steps. Completing all the steps is the goal, but every step you complete adds to your online security and privacy.

Here are the steps to take, in order:

1. Set a screen lock
2. Use those Privacy settings
   • Permission manager
   • Send diagnostic data
   • Autofill with Google
   • Shut down Location History
   • Reduce snooping with Activity Controls
   • Put an end to Ad personalization
   • Usage & diagnostics
3. Eliminate excess
   • Delete excess apps from your device
   • Deny apps excess permissions
   • End excess cloud syncing
4. Install security apps
5. Make privacy-friendly apps your default apps
   • Block ads, tracking, and malware
   • Download apps from safe sources
6. Maintain security by doing these things
   • Keep notifications off the lock screen
   • Minimize the number of new apps you install
   • Check app permissions before installing
   • Update your software
   • Stay out of bad neighborhoods
   • Use a good VPN service
   • Use a secure messenger

We’ll also touch on replacing Android with a version that doesn’t report everything you do to Google, for the ultimate boost in security and privacy.

Note: For this guide, I used a Samsung S9+ running Android 10. The instructions you see here should more or less apply to your device. However, each new version of Android varies, particularly where specific settings are found. And each device manufacturer makes their own tweaks to the operating system. The upshot of all this is that we can almost guarantee that some screens will look different on your device, and some settings will be located in different places. But we’ll keep this guide updated with best practices now and for future versions of Android.

1. Set a screen lock

If you haven’t already done so, setting a screen lock is the fastest and easiest way to boost the security of your Android device. While we haven’t seen any recent studies on the subject, it appears that there are still a lot of folks out there who don’t bother to lock their Android devices at all. If this describes you, realize that anyone getting their hands on your device will have complete access to all that good bank account data, and all your photos, documents, and more. Why not take the plunge and set up a screen lock?

Follow these steps to set a screen lock:

1. Open Settings on your device.
2. Tap Privacy.
3. Tap Lock Screen.
4. Tap Screen Lock Type.
5. Select one of the screen lock types offered by your device. Android helpfully classifies each option by the level of security it provides:
   
6. While using one of the biometric options is much more fun, we recommend you go with the old-fashioned PIN or Password options. Why? No matter what option you use to lock your device, data for that option ends up stored somewhere. And if data is stored somewhere, it could potentially get stolen. If the worst happens and your PIN or Password get stolen, you can easily change them. What are you going to do if your fingerprint or Iris scan get stolen?

You’ve made your Android device much more secure in a matter of seconds. Now just make sure you don’t forget your PIN or Password!

2. Use those Privacy settings

Android devices give you various ways to improve your privacy. But finding them has typically been a headache, as the options were scattered throughout the system. In Android 10, Google partially addressed that problem by putting a number of its main privacy settings together. Not surprisingly, you get access to them in the Privacy section of Settings.

Unfortunately, this still isn’t an all-in-one control center for privacy-related settings. For example, the Autofill service from Google option doesn’t actually let you turn Autofill on or off. It simply shows you what Autofill data Google has stored in your account. You’ll have to go to a different location to control Autofill. Further complicating things, not all the settings are available on all devices, and versions of Android earlier than 10 don’t include this section at all.

That all said, what we are going to do is look at the Privacy settings available on my Samsung S9+, and show you how to adjust them for maximum privacy. From each setting’s starting point here, we’ll be jumping all over the place, but such is the state of privacy settings on even the newest Android devices.

We’re going to be coming back here a lot over the next few sections, so memorize these steps to return to the Privacy settings:

1. Open Settings.
2. Tap Privacy.

You’ll be doing it in your sleep before we are done.

Here we go.

Shut down Location History

Android devices are constantly trying to figure out where they are in the world. Even if you aren’t using any services that track your location, Android does so. It then will upload that information to Google to store in your Google account. The company uses that data to send you personalized maps and recommendations – and probably for targeted ads, too.

If you don’t like the idea of Google keeping a record of everywhere you go, at the very least you will want to shut down Google Location History. Location History is a timeline that shows everywhere you have been with your device.

Note that Location History access to your position is independent of the Location permissions we worked with in the Permission manager.

By pausing Location History, we can stop Google from tracking us as we move about. This won’t keep apps from using location information from your device (there are other options for controlling that), but it will stop Google from filling up up their databases with a detailed profile of where we go in our day-to-day lives.

To pause Location History, follow these steps:

1. Go to the Privacy settings, then tap Google location history. This takes you to the Location History page of your Google account.
2. Ensure that Location History is paused, as shown here.
   

Reduce snooping with Activity Controls

Next up is Activity Controls. For anyone who wants to protect their online privacy, the intro to this section of Privacy settings is scary indeed:

The data saved in your account helps give you more personalized experiences across all Google services.

In other words, Google tracks everything you do, and uses that data to predict what you will do next, influence what you think and do, and serve you targeted ads that are designed to convince you to buy stuff.

Let’s turn all this off now:

1. Go to the Privacy settings, then tap Activity Controls. You’ll see a screen full of the kinds of things that Google tracks, along with a pitch on why them tracking this information is good for you.
2. Turn off Web & App Activity. Google will give you a long message trying to convince you to let them keep tracking you. You should be aware that doing this doesn’t actually put an end to Google collecting this data. It only pauses the collection.
3. You should also know that doing this will not delete all the data Google has already collected on you. To delete the data Google has already collected in the Web & App Activity category you need to go to myactivity.google.com.
4. Now go back to the Activity Controls screen and do the same process to pause Location History.
5. Repeat for YouTube History.

Ignore the bit about Ad personalization that may appear next on Activity Controls. We will deal with that in a moment in another area.

Put an end to Ad personalization

Google uses data it collects about you to offer personalized ads. Part of this is assigning you a personal advertising ID that they use to accumulate data about you. We can turn that off too. At least, tell apps not to use that ID to build profiles or show you personalized ads.

1. Go to the Privacy settings, then tap Ads.
2. In the screen that appears be careful to turn On the slider to Opt out of Ads Personalization. If you leave the slider in the Off position you are telling Google to continue to apply Ads personalization.

Note: If you disable Ads personalization you will still be forced to see ads (we will fix that later) but they won’t be customized for maximum impact on you. In addition, if you clear your cache, it will automatically turn Ads personalization back on.

Usage & diagnostics

This setting tries to get you to share even more data with Google to help improve your Android experience. We suggest you turn this off too.

1. Go to the Privacy settings, then tap Usage & diagnostics. You’ll see a screen full of reasons why you should allow Google to collect this data. Just turn it Off.

3. Eliminate excess

Sometimes the problem isn’t that you have or do something; it is having or doing too much. In this section we will cover three things that you can have in excess on your Android device. The first is excess apps.

Delete excess apps from your device

We need to install apps to make our Android devices useful. However, we often end up with apps on our devices that we seldom (or never) use, and don’t really need. The problem isn’t that these apps use up too much space, or slow down your device. Modern devices have lots of memory and processing power to support all these apps.

The problem is that every app that exists on your device is a potential privacy and security problem. In the last section we talked about how Google automatically grants every app permission to use the Internet. This means that every single app on your device has the potential to:

• Send any data it can get its hands on to points unknown somewhere on the Internet
• Receive “stuff” from the outside world that could affect your device

Think back to the flashlight apps that want access to your contacts as an example. It is hard to see why a flashlight app would need access to your contacts. But combine that with automatic Internet access, and things start to make sense. Your contact list is valuable, and can be sold without your knowledge to advertisers, or otherwise misused.

You get the point. You can improve the security and privacy of any Android device by removing any app that you don’t absolutely need.

Here’s how to remove those excess apps:

1. Tap Settings, then Apps. You should see a list of the apps on your device.
2. Tap an app you don’t absolutely need to have on your device. You’ll see something like this:
   
3. Tap Uninstall. Android will pop up a message asking you to confirm that you want to uninstall the app.
4. Tap OK to uninstall the app.
5. Repeat for each app you can live without.

Deny apps excess permissions

Once you reduced the number of apps on your device to the absolute minimum, it is time to use the Permission manager (if you haven’t already done so) to ensure that the apps that remain on your device only have the permissions they actually need to do their jobs.

End excess cloud syncing

More and more apps now offer the ability to sync their data to the cloud. This can be useful, particularly for messaging apps (which tend to generate a lot of data over time) and for apps that store important data (like your contacts or credit card information). However, data you sync to cloud storage is a target for hackers. And any data synced to cloud storage by the default Google apps is likely to be read and analyzed by Google.

As with excess apps, and excess app permissions, it is best to cut cloud syncing to the absolute minimum. Only let an app sync to cloud storage if it is absolutely critical to you that the data gets stored up there. Here’s how you disable cloud sync for apps that don’t require it:

1. Tap Settings, then Accounts (this may also be called Accounts & backup or something similar). You should see a screen something like this one:
   
2. Tap Accounts to see a list of the apps that are currently syncing data to cloud storage for one purpose or other.
3. Scroll to the bottom of the screen to see the Auto sync data slider. Turn this Off to prevent any app from syncing automatically.
4. Alternately, you can tap individual apps to turn cloud sync on or off for that specific app.
5. Go back to the Accounts and backup screen. Some devices will have backup and restore options here. These control whether and where general data from your device is backed up. Allowing this to happen can be helpful in case of problems, but remember that any data stored in the cloud this way (by default Google or device manufacturer apps) is a potential security and privacy problem.

Note: There are many privacy-focused cloud storage options, such as Tresorit and Sync.com. This will offer more privacy and control over your data than Google Drive. Check out our best cloud storage guide for the latest recommendations.

4. Install security apps

If your Android device doesn’t already have security apps of some kind installed on it, you really should consider installing them now. Android viruses and spyware are a growing problem, but one that is easy to protect against.

But before you go looking for security apps, realize that your device may already be protected. First off, Google Play Protect is a Google Play store feature that automatically scans your apps and your device for problems. It will notify you if it finds anything. Unfortunately, relying solely on Play Protect isn’t enough.

One reason you don’t want to rely solely on Play Protect is that it is a Google product. That means it will protect you against any threats, except Google itself. Remember that Google wants to collect every bit of information about you that it possibly can. Expecting Google Play Protect to protect you against Google is like expecting a fox to guard the henhouse.

Second, you may someday want to install apps on your device that do not come from the Google Play store. Google Play Protect is unlikely to protect apps that didn’t come from its store.

Leaving aside Play Protect, some device vendors ship their products with antivirus/anti-malware apps already installed. My Samsung phone came with a security app from McAfee pre-installed.

But if your device doesn’t have any security apps installed, you may want to install one. There are free apps out there, but it is hard to know whether you can trust them or not. As Sven explained last year in the Antivirus privacy guide,

Many antivirus products behave in a way that infringes on users’ privacy. Whether they intercept web traffic, sell browser history data, or allow backdoor access to government agencies, many antivirus products are guilty of jeopardizing the very thing they are designed to protect: your data.

Generally speaking, we don’t devote much time to testing antivirus/anti-malware apps as we are mainly focused on privacy tools. However, one option that has performed well in third-party testing and also respects your privacy is Emsisoft. Emsisoft offers a lightweight Android antivirus solution called “Emsisoft Mobile Security”.

5. Make privacy-friendly apps your default apps

Android has a few default apps. These are apps that, for example, open automatically when you click a link on a page. There aren’t many such apps, but you can easily replace them if you wish. Here are instructions on how to do that.

While you can change any of the default apps, the most important one to change is the default Browser app. Google’s browsers are fast and work on virtually any site. Unfortunately, they also report everything you do directly to Google.

We suggest that you check out this review of Private and Secure Browsers and choose a new one to become your default browser app. Once you’ve made your decision, and installed your preferred browser app on your device, follow these steps to replace the default Browser app with a new, privacy-friendly one:

1. Tap Settings, then Apps.
2. On the Apps screen, tap the three-dot menu on the top right.
   
3. In the menu that appears, tap Default Apps. You’ll see a handful of default apps on the page that appears.
4. Tap Browser app. Android will display a list of the browser apps you have installed on your device.
   
5. Tap the browser you want to use as the default (Brave in this case). That’s it!

Block ads, tracking, and malware

Once you have a new web browser installed and set as the default app, consider powering it up a bit. There are a few browser extensions or add-ons that can help shield your Android device from ads, tracking software, malware, and malvertising. In addition, some browsers now have protection against some of these problems built right into the app. The options you will have available depend on the browser app you choose. Firefox, for example, has protection against trackers built in. And uBlock Origin is a Firefox add-on that can block a wide range of ads as well as malware domains.

Note: We also have a guide on how to modify Firefox for more privacy.

Take advantage of the built-in settings and available add-ons for whichever browser you decide to use, and browse more safely and securely.

Download apps from safe sources

From time to time, you may be exposed to interesting-looking apps that do not come from the Google Play store or your device manufacturer’s app store. Downloading apps from such sources is almost always a bad idea. Google and the device manufacturers try to keep their stores clean. That is, they do what they can to weed out third-party apps that are malware or spyware. They may not be very good at it, but they apparently try.

Sources beyond these can be very risky. Even with the best intentions, they generally don’t have the resources to keep bad apps at bay. With one major exception: F-Droid.

F-Droid for Android apps

What is F-Droid? Here’s how they describe themselves:

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

In other words, it is an alternative to the Google Play store that is a trusted source for Android apps, many of which do not send any data whatsoever to Google or Facebook. As Cnet.com put it, “F-Droid is among the most scrutinized Play store alternatives we can advise.”

F-Droid has a good collection of apps, but is not meant for beginners. We recommend you investigate its offerings only after you have completed all the security and privacy steps in this guide, and are willing to venture outside the mainstream. Some of the privacy-focused services we have reviewed offer their apps in F-Droid, for example with Tutanota, a secure email service in Germany.

6. Maintain security by doing these things

By now, you’ve done a great job of securing your Android device. Here are some things you can do to keep it secure.

Keep notifications off the lock screen

The lock screen protects your device from snoops, since they need to know how to unlock it to do anything sneaky. However, Android can display app notifications on the lock screen. This is a convenience feature, as it lets you see important notifications at a glance, without having to unlock your device.

Unfortunately, anyone who happens to be looking can also see those notifications, even though your device is locked. Needless to say, this could turn into a real privacy issue.

Follow these steps to make sure that no notifications appear on the lock screen. The step-by-step instructions that follow are for my Samsung device running Android 10. The settings may appear in different locations on different devices.

1. Tap Settings, then Lock screen.
2. Scroll down the Lock screen screen to Notifications and set the slider to Off. You should see a new screen similar to this one:
   
3. There are a lot of options for exactly how notifications will be displayed on the lock screen, but you don’t need to worry about them. Just use the slider at the top of the screen to turn them Off altogether.

Note: You will want to confirm that lock screen notifications are still turned off any time you make any changes to the lock screen, just in case.

Minimize the number of new apps you install

This is a tough one. Now that you’ve spent some time eliminating excess apps, you have to avoid loading up all that space you freed up with a metric ton of new apps. Remember that every app on your device is a potential security and privacy problem.

Check app permissions before installing

If you do decide to install a new app, one of the first steps you take should be to check the permissions it requires. You don’t want to put find yourself in a position analogous to those people who installed flashlight apps that sent their contact info to some hacker in Uzbekistan. It is easy to check the permissions on an app from the Google Play store before downloading it. Here’s how:

1. Find the app you are interested in on Google Play.
2. Scroll down the page, past the reviews to the Additional Information section.
3. Under Permissions, tap View Details. Google Play will list all the permissions requested by the app:
   
4. Review the permissions the app wants and be sure you are comfortable with them. If not, choose a similar app that doesn’t ask for the permissions you do not want to grant.

Update your software

Are you ever in a hurry to do something and decide to ignore Android’s request to do an update? Most of us do at one time or another.

However, this is a bad idea. Much of the endless stream of updates that hit our devices are security updates. If possible, just bite the bullet and update your device whenever it asks.

Stay out of bad neighborhoods

If you ever spent time in a big city, you were probably warned about certain “bad neighborhoods” that weren’t safe to enter. There are unsafe neighborhoods online too. While you won’t physically enter such neighborhoods, browsing them with your Android device is the online equivalent thereof.

Even if you’ve got the latest in antivirus software installed on your device, and it is locked down tight as a drum, hitting sketchy sites or the dark web could put your data at risk. Think about it this way. There is an ongoing war between the bad guys who want to steal your data or sabotage your device, and the good guys who protect your stuff.

The problem is that the bad guys are on the attack, and they make money exploiting people. They have an inherent advantage. If some creep figures out a new way to hack into your device there will probably be a period of time before someone develops a way to counter the new hack. If your device happens to get attacked during that vulnerable time, you are in trouble.

The best way to avoid this kind of tragedy is to avoid the bad neighborhoods online and use common sense.

Use a good VPN service on Android

A good VPN (virtual private network) is essential for Android privacy, security, and also unblocking websites. There are many reasons to use a VPN, as we’ve discussed in the ‘What is a VPN‘ guide. But here are three main factors explaining the growing popularity of VPN services:

• Internet providers are collecting your browsing data and handing this over to third parties (but a VPN will encrypt and conceal your activities). This is happening right now in the US, UK, Australia, and much of Europe.
• Public WiFi remains a serious threat with hackers targeting unsuspecting WiFi users with devices like this. (A VPN encrypts your connection and makes your data unreadable.)
• Many streaming services and websites restrict content to certain geographic locations. A VPN allows you to easily access your favorite content and bypass restrictions.

We just released a roundup guide of the best VPNs for Android based on our own testing. Some of our favorites include NordVPN, which just x WireGuard support for Android, and ExpressVPN, which has excellent performance, security, and support for streaming.

Use a secure messaging service

A secure messaging service, or secure messenger, is a critical tool for private and secure communications. In most countries, it is safe to assume that Telecoms (and their spy partners) are recording all SMS message traffic. But don’t use any random messaging service. WhatsApp is now owned by Facebook, a notorious abuser of privacy and collector of private information.

Instead of regular SMS messages or WhatsApp, consider using one of these secure messenger services:

• Signal
• Session
• Wickr Me
• Wire

Replace the stock version of Android with one that doesn’t report everything you do to Google

For the ultimate in Android security and privacy, you could abandon Android altogether.

Android itself is an open source project. That means that other people can use the base Android code and create their own version of the operating system. The biggest benefit of doing that from our perspective is that the developers can modify the code to eliminate the bits that send your data to Google. Switching to an alternative Android distribution is not for the faint of heart, but it is the best way we know of to secure your Android data.

To learn more about the leading alternative Android distribution, check out LineageOS.

Note: Check out our Alternatives to Google Products guide for more options.

Conclusion on Android and privacy

As you can see, there are many tweaks and adjustments you can do to make Android a more secure and private operating system. If you worked your way through this entire guide, your Android device will be more secure with an enhanced level of privacy.

While this guide was mainly focused on increasing your privacy with Android modifications, there are other steps you can take to boost your online privacy in other areas as well. For example, a good VPN service will encrypt internet traffic between your device and a VPN server, while also hiding your IP address and location. We cover the best VPNs in detail on this site. There are also other privacy tools worth considering as well, including secure email, secure browsers, private search engines, and much more.

We also have a Windows 10 privacy guide with step-by-step tweaks and modifications, like above.

What Android device privacy tricks have I missed? Let me know in the comments.