Technology

Practical Phone Privacy Settings Worth Enabling

Olivia Turner • 05 April 2026 • 8 min read

Modern smartphones collect and share more information by default than most users are aware of. A focused review of privacy settings takes under an hour and significantly reduces the amount of data accessible to third parties without any meaningful reduction in device functionality.

App permissions review

The most impactful privacy settings are the permissions granted to individual applications. Location access granted to apps with no functional need for it — a calculator, a notes app, a game, a retail app used once — shares location data with app developers and potentially with data brokers and advertising networks. Reviewing all location permissions and restricting those without a clear functional justification is the highest-value starting point in any phone privacy review.

On iOS, permissions are reviewed in Settings > Privacy & Security. On Android, in Settings > Apps > Permissions. For each permission type — location, microphone, camera, contacts, photos — a list of apps with access is shown. "Allow only while using the app" rather than "Always" is the appropriate setting for most location-using apps; for those with no functional location need, access should be revoked entirely without affecting their core function.

Advertising identifiers and tracking

Both iOS and Android assign each device a persistent advertising identifier that allows advertisers to track app usage across different applications and serve targeted advertising based on behaviour patterns. On iOS this is the IDFA; on Android it is the Google Advertising ID. Both can be limited or reset without affecting device function.

On iOS (Settings > Privacy & Security > Tracking), disabling "Allow Apps to Request to Track" prevents apps from accessing the IDFA. On Android (Settings > Google > Ads), you can opt out of personalised ads and reset the advertising ID. These settings do not eliminate advertising but decouple it from persistent cross-app tracking of your specific behaviour history.

Diagnostic and usage data sharing

Both iOS and Android collect and share diagnostic and usage data with Apple and Google respectively by default, and many individual apps have similar data sharing options buried in their own privacy settings or account menus. This data is typically described as anonymised but contributes to the companies' detailed understanding of user behaviour. Disabling or limiting it in device settings is straightforward and has no functional consequences.

Third-party apps — social media, shopping, and messaging apps in particular — frequently have their own data sharing settings separate from device-level permissions. Checking these within the app itself, in addition to device-level permission settings, addresses data sharing that occurs even when location and microphone access are appropriately restricted at the OS level.

Lock screen and biometric security

A six-digit numeric PIN is the minimum recommended lock screen security for most users; a longer alphanumeric passcode offers meaningfully better protection. Facial recognition and fingerprint authentication are both more convenient and more secure than no biometric protection for daily use. Reviewing lock screen notification settings — ensuring sensitive content is not displayed in full before the screen is unlocked — prevents information disclosure from an unattended or lost device.

Disabling "Raise to Wake" and "Tap to Wake" on devices placed on shared desks or in public reduces the frequency with which the screen illuminates and displays notifications with potentially sensitive content. These are minor convenience sacrifices against a real information security consideration that most users never consider.

Wi-Fi and Bluetooth management

Devices configured to automatically reconnect to known Wi-Fi networks will reconnect to any network broadcasting the same SSID as a previously trusted one. Malicious access points configured with common network names in public spaces can intercept traffic when devices auto-connect. Forgetting Wi-Fi networks no longer regularly used reduces this exposure in proportion to the number of stale saved networks.

Bluetooth left on when not actively using a paired device presents a lower but real attack surface. Bluetooth protocol vulnerabilities are periodically discovered and publicly disclosed before patches reach all devices. Keeping Bluetooth off when not actively using a wireless accessory is a minor daily inconvenience against a consistent security consideration — particularly in high-density public environments.

Key Takeaways

Review all app location permissions and restrict any app without a clear functional reason for needing location data.
Disable advertising tracking on both iOS and Android to prevent persistent cross-app behaviour tracking.
Check privacy settings within individual apps, not just at the device OS permission level — many apps have their own separate data sharing controls.
Use at minimum a six-digit PIN; prevent sensitive notification content from displaying on the lock screen before unlock.
Forget unused Wi-Fi networks and disable Bluetooth when not actively using a paired device, particularly in public spaces.