Android privacy without a custom ROM: what you can do on a regular phone
You have a Samsung, OnePlus, or other Android phone and want to improve your privacy without installing GrapheneOS. These are the concrete steps that work on any Android.
Android privacy without a custom ROM
GrapheneOS is the gold standard for Android privacy — but you don’t have to switch phones to take your privacy seriously. On any Android phone, you can significantly improve what happens to your data.
This guide is for anyone with a Samsung, OnePlus, Xiaomi, or any other Android phone.
1. Minimize Google account data collection
Google account settings → Data & Privacy
This is the most important step. Google collects by default:
- Location History — turn off
- Web & App Activity — turn off or restrict heavily
- YouTube History — turn off
- Ad ID personalization — turn off
Settings → Google → Ads → Delete advertising ID (Android 12+) Or: enable “Opt out of Ads Personalization” on older versions.
2. Audit app permissions
Settings → Privacy → Permission Manager (or similar, depending on manufacturer)
Work through each category: location, microphone, camera, contacts, phone, storage.
Set the right mode for each:
- Location: “Only while using the app” — never “Always” unless it’s a navigation app
- Precise location: turn off for everything that doesn’t need it
- Microphone and camera: “Only while using” or “Ask every time”
- Contacts, phone: revoke from apps with no reason to have it
Android 12+ has a Privacy Dashboard (Settings → Privacy → Privacy Dashboard) — a timeline of which apps accessed your location, microphone, or camera in the last 24 hours, with direct links to revoke permissions. Use this as a weekly audit.
Microphone and camera: hardware toggles in the notification shade Pull down → edit tiles → add “Mic access” and “Camera access” quick tiles. When off, Android blocks access at the system level — all apps get silence or a black screen regardless of their permissions. Stronger than revoking per-app permissions.
Clipboard monitoring (Android 12+): When an app reads clipboard content set by a different app, a notification appears automatically. No setup needed — it’s a built-in awareness feature that reveals apps silently reading your clipboard.
3. Set private DNS
Settings → Network → More Connection Settings → Private DNS
Choose “Private DNS provider hostname” and enter: dns.quad9.net
This encrypts your DNS traffic and hides which domains you visit from your internet provider. Works on any modern Android, no app required.
4. Disable bloatware
Manufacturers pre-install apps that collect data and drain battery. You often can’t remove them, but you can disable them.
Settings → Apps → [app] → Disable
Candidates to disable: manufacturer’s news aggregator, manufacturer’s browser if you don’t use it, pre-installed games, redundant assistant apps.
5. Replace apps
The biggest improvement comes from which apps you use:
| Replace | With | Why |
|---|---|---|
| Chrome | Firefox or Brave | Less tracking, uBlock Origin support |
| Google Maps | Organic Maps | Fully offline, no tracking |
| Signal | End-to-end encrypted, no Meta metadata | |
| Gmail | Proton Mail | Encrypted, Switzerland |
| Google Drive | Proton Drive | End-to-end encrypted |
| Google Authenticator | Aegis | Open-source, encrypted backup |
| Chrome passwords | Bitwarden | Open-source, cross-platform |
6. F-Droid alongside the Play Store
F-Droid is an alternative app store with only open-source apps. No Google account required, no trackers.
Install F-Droid via f-droid.org and use it for apps like:
- Organic Maps (navigation)
- Aegis (2FA authenticator)
- Molly (Signal fork)
- KeePassDX (password manager)
You can use F-Droid and the Play Store side by side.
7. Limit notification access
Settings → Privacy → Notification Access
Apps with notification access can read all your alerts — including messages and verification codes. Restrict this to apps that genuinely need it (like Wear OS links or smartwatch apps).
8. Strengthen screen lock
- Use a strong password or long PIN (not a pattern — visible in fingerprints on the glass)
- Set “Auto-lock” to maximum 1 minute
- Turn off “Show notification content on lock screen” for sensitive apps
9. Android 15: Private Space and extra security
Private Space (Android 15+): Settings → Security & privacy → Private Space
A separate, locked-down area of your phone for sensitive apps. When locked, the apps are invisible in the launcher, search, and notifications. Works like a lightweight second profile — useful for banking, health information, or sensitive communication.
Anti-stingray settings (Android 15+): Settings → Security & privacy → More security & privacy
- Enable “Require encryption” — rejects unencrypted cellular connections
- Enable “Security notifications”
This blocks 2G-downgrade attacks that IMSI catchers (fake cell towers) use to determine your location or intercept calls.
What this doesn’t fix
On stock Android you still trust:
- Google (if you use a Google account)
- The manufacturer (Samsung, Xiaomi, etc. — which collect their own data)
- Google Play Services (running in the background with broad permissions)
This guide significantly reduces your attack surface but doesn’t eliminate it. If you have a higher threat profile — journalist, activist, someone who needs to work truly anonymously — GrapheneOS on a Pixel is the next step.
Priority order
- Set private DNS — 2 minutes, immediate effect
- Audit app permissions — 10 minutes
- Minimize Google account data — 10 minutes
- Replace apps — gradually, start with Signal
- Disable bloatware — 15 minutes
- Install F-Droid — optional, if you want open-source apps
See also:
- iPhone privacy settings — the same approach for iOS
- Threat profile: the average user — basic steps for everyone
- F-Droid guide — open-source apps without Google
- Install GrapheneOS — if you want to go further
- Signal and Molly review — the messaging app that replaces WhatsApp