Android Privacy Settings: What to Know

By Michael X. Heiligenstein
December 23, 2020
Privacy

Android offers several privacy settings with which you can protect and control your personal data. These include limiting which apps can access your camera, microphone, location, and other smartphone features. But these privacy controls are incomplete, and will not stop Google from collecting and monetizing your data.

Android’s privacy tools do make it easy for users to protect their data from third-party app developers. But it’s much harder to keep your data private from Google. It comes down to the question: “do you trust Google with your personal data”? If not, you might honestly be better off with an iOS device.

Aside from Google, your phone’s manufacturer and your cell phone carrier may also have access to your personal data. When buying a new phone, make sure to research the manufacturer and model so that you can be aware of any data they might be collecting.

Permission Manager: Control Your Apps

Android’s Permission Manager allows you to limit what kind of data your smartphone apps can access. To find it, go to Settings è Privacy è Permission manager.

From here, you’ll see a list of different types of permissions, from body sensors to SMS. For each type of data, you can see which apps have access and limit them accordingly.

For most of the data types, you’ll have three options: allow always, never allow, and only allow while using the app. As a general rule, if an app doesn’t need your data to function, don’t give it to them. If an app does need access to function (for instance, Instagram needs camera access to take pictures), set it to “only allow while using the app” wherever possible.

Here are the types of access you can find in your app permissions manager:

  • Body sensors: includes your heartrate and vital signs – data typically collected by fitness trackers, not your smartphone itself.
  • Calendar: your smartphone calendar, including events and the information associated with them.
  • Call logs: Your call history, including metadata such as what number you called, time of call, and duration of call.
  • Camera: Access to your camera, to take photos or record video.
  • Contacts: Your list of contacts, and any data associated with them.
  • Files and media: Grants the app the ability to read and write to files stored on your phone. For some apps, you can differentiate between access to all files, and access to media only.
  • Location: Your location data and history. As much as possible, I encourage limiting this to “only while in use”.
  • Microphone: Access to your microphone to record audio. I recommend setting this to “only while in use” for apps that need microphone access.
  • Phone: Gives access to your phone, with the ability to make calls.
  • Physical activity: Includes information on walking, driving, and other means of getting around.
  • SMS: Allows an app to send and view SMS text messages.

Make sure to scroll carefully through all of these, limiting third party app access as much as possible.

You’ll see a number of Google apps, such as Maps, Files by Google, and the Google Play Store. If you strip access from these apps, you will likely lose some device functionality. This points back to the core question of “do you trust Google”, which we’ll explore a bit more later in the article.

Show Passwords

With this feature enabled, your phone will briefly show the characters of your passwords as you type them in. With it off, you’ll only see an ambiguous line of dots.

The risk here is that someone looking over your shoulder might be able to read your password as you type. For security purposes, you might want to turn this feature off.

But more importantly, make sure you’re aware of your surroundings when typing in passwords or sensitive information. A public place, such as a shopping mall, probably isn’t the best place to access your bank account. If it can’t wait until you get home, you can always find a bathroom stall or at least put your back to the wall.

Notifications on Lock Screen

This is another feature to prevent the risk of others in your physical vicinity from discovering sensitive information. You have three options: “Show all notification content”, “Show sensitive content only when unlocked”, and “Don’t show notifications at all”.

If you’re worried about other people reading your emails and text messages, “Show sensitive content only when unlocked” offers a nice middle ground. With this setting on, a text message notification will only show “1 new message”, not the message itself.

Device Personalization Services

Google collects a wide variety of data on how you use your Android phone. It then uses this data to deliver a personalized experience. That can include anything from keyboard suggestions to keeping your screen on if it thinks you’re looking at it.

But Android’s Privacy settings don’t offer a lot of control over this personalization. The only setting you can control from the privacy settings is your keyboard suggestions. But turning off keyboard suggestions will not even prevent Google from reading what you type – you’re just turning off its ability to make suggestions.

You’ll find this to be a recurring theme when it comes to Android privacy controls. You can easily turn off personalization features, but not data collection and profiling.

Aside from the ability to turn off keyboard suggestions, you won’t find any other ways to control these device personalization services in Android’s Privacy settings. But if you dig a little deeper, you’ll find more control if you follow this chain:

Settings è Apps and notifications è See all apps è Device Personalization Services

From here, you can limit what permissions Device Personalization Services can access, just like you did for other apps in the Permission Manager above. To be clear, this will make your Android device less functional.

It might seem a little strange that these Device Personalization Services aren’t listed in the Permission Manager, or elsewhere in Android’s privacy settings. I can’t say for sure why this setting is so hard to find – that’s a question only Google can answer.

Personalize Using App Data

This option allows third-party apps to send content to the Android system, and thus to Google. If you’re uncomfortable with these apps sending information to Google, you should turn this setting off.

Autofill Service from Google

This allows Google to remember information such as your passwords and credit card information. This is a front where I’m prepared to trust Google: unlike Facebook, they’ve had very few data breaches, and have proved themselves very capable of protecting their users’ sensitive information. But if you don’t trust Google with this kind of information, you should turn off Autofill.

Google Location History

Google Location History saves where you go to your Google Account. This allows you to retrace your steps, and allows Google to serve up personalized recommendations based on your activity. If you turn off Location History, you won’t have access to these features.

However, turning Location History off will not prevent Google from tracking your location and keeping their own independent record. Just like with Keyboard Suggestions, you can turn off the personalization features, but cannot prevent Google from collecting your data and keeping a profile of your behavior.

The only way you can prevent Google from tracking your location is to turn off your phone’s Location tracking altogether. Keep in mind that this will strip key functionality from apps such as Maps. One option is to turn Location off most of the time, but turn it on only when you’re using it for navigation.

In any case, turning off Google Location History will not meaningfully protect your location privacy from Google.

Ad Personalization

From this menu, you can opt out of ad personalization. However, this will not prevent Google from tracking your digital behavior and maintaining an advertising profile. By turning this off, Google will no longer serve you personalized ads. But just like with Keyboard Suggestions and Location History, turning Ad Personalization will not meaningfully protect your privacy from Google.

Usage & Diagnostics

Not all the data Google collects is for the purposes of personalization and advertising. Usage and diagnostic data is used to improve functionality of Android devices.

This is a pretty broad bucket of data you’re opening up to Google. If you don’t trust Google with usage data, this is one you can safely turn off without decreasing the functionality of your device.

Activity Controls

This setting will point you to your Google Account privacy controls, which are separate from your Android privacy controls – but closely interconnected. Many of the above privacy controls, such as location history and ad personalization, are actually tied to your account, not your device.

Alongside the controls discussed above, you can also limit what web and app activity Google saves to your account, as well as disable your YouTube History. But like all of your Google Account privacy controls, these options only turn off the tracking that you can see. Neither of these options restrict Google from tracking your web activity behind the scenes.

If you’re concerned about Google tracking your web activity, you should strongly consider switching away from the Chrome browser in favor of Firefox, Brave, or another privacy-forward web browser.

Do You Trust Google?

Android’s privacy controls point back to one fundamental question: do you trust Google?

It’s relatively easy to restrict third party developers’ access to your Android behavior. But if you’re using an Android device, there is no easy way to prevent Google from collecting sensitive personal data such as your location. Many of the privacy controls they put in front of users offer a deceptive sense of security, when the truth is that Google can and will collect your data anyway.

That said, you may have reason enough to trust Google. Unlike Facebook, they’ve proven themselves fairly responsible when it comes to protecting user data. Their only major data breach in recent years was the Google+ data breach in 2018, which caused them to sunset the service entirely.

Google’s business has always been premised on using user data to sell targeted advertisements. Nearly 90% of parent company Alphabet’s revenue comes from advertising. Your personal data is currency to Google, and allowing you to control it would mean giving up the #1 currency that drives Google’s entire business.

But arguably, that currency – your personal data – belongs to you. You have a right to control it, and Google’s invasive behavior can be described squarely as exploitation. But I can’t decide for you whether or not you should trust Google.

If you don’t trust Google, your best move would be to switch to an iPhone. Apple’s business is driven primarily by hardware sales, not advertising, which enables them to offer a much stronger foundation of privacy to their customers.

If you do trust Google, you might not feel the need to implement many of the privacy controls outlined above. You should still take care with third party apps, and review the above settings so that you know exactly what you’re sharing with Google. But it makes little sense to turn off device personalization features if you know Google’s going to track your behavior anyway.

About the Author

Find Michael on LinkedIn

Michael X. Heiligenstein

Michael X. Heiligenstein is the founder and editor-in-chief of the Firewall Times. He has six years of experience in online publishing and marketing. Before founding the Firewall Times, he was Vice President of SEO at Fit Small Business, a website devoted to helping small business owners. He graduated from the University of Virginia with a degree in English and History.