Phone Privacy: Hardening Android Without Root

Not everyone can or wants to run a custom ROM like GrapheneOS or CalyxOS. Maybe your phone's bootloader is locked, maybe you need specific apps that require Google Play Services, or maybe you just want quick wins without a complex setup process. The good news is that stock Android provides a surprising number of privacy controls when you know where to look.

Disable Unnecessary Google Services

Google collects vast amounts of data through its bundled services. You can significantly reduce this collection without breaking core phone functionality.

• Go to Settings > Google > Manage your Google Account > Data & Privacy. Disable Web & App Activity, Location History, and YouTube History.
• Disable the Google app and Google Assistant if you do not use them (Settings > Apps > Google).
• Disable Personalized Ads under Settings > Google > Ads. Also select "Delete advertising ID."
• Turn off Nearby Share / Quick Share discovery when not actively using it.
• Review and disable Google backup if you prefer a local or alternative backup solution.

Permission Audit

Android's permission model has improved significantly. Take the time to audit every app's permissions and revoke anything unnecessary.

• Go to Settings > Privacy > Permission Manager to review permissions by category (Camera, Microphone, Location, etc.).
• For Location, set all apps to "Allow only while using the app" or "Ask every time" unless there is a strong reason for background access.
• Revoke camera and microphone permissions from apps that should not need them (social media apps, games, shopping apps).
• Disable "Physical Activity" permission for apps that do not need step counting or motion data.
• Check Contacts and Call Log permissions — many apps request these unnecessarily.

Network-Level Privacy with Private DNS

Android supports encrypted DNS natively, which prevents your ISP from seeing your DNS queries. This is one of the highest-impact, lowest-effort changes you can make.

Settings > Network & Internet > Private DNS

Select "Private DNS provider hostname" and enter one of:

  dns.quad9.net          (Quad9 — malware blocking, no logging)
  one.one.one.one        (Cloudflare — fast, minimal logging)
  dns.adguard-dns.com    (AdGuard — ad and tracker blocking)

ADB Debloating (No Root Required)

Android Debug Bridge (ADB) lets you remove or disable bloatware and telemetry packages from a computer, without rooting your phone. This removes apps that cannot be disabled through the normal settings UI.

# Enable Developer Options: Settings > About Phone > tap Build Number 7 times
# Enable USB Debugging in Developer Options
# Connect phone via USB and run from your computer:

adb shell

# List all installed packages
pm list packages

# Disable Facebook (common pre-installed bloat)
pm uninstall -k --user 0 com.facebook.system
pm uninstall -k --user 0 com.facebook.appmanager
pm uninstall -k --user 0 com.facebook.services

# Disable carrier bloatware (example: Verizon)
pm uninstall -k --user 0 com.verizon.mips.services

# Disable Google apps you don't use
pm uninstall -k --user 0 com.google.android.youtube
pm uninstall -k --user 0 com.google.android.apps.magazines

Recommended App Replacements

• Browser: Replace Chrome with Firefox or Brave. Configure as described in our Firefox hardening guide.
• Keyboard: Replace Gboard with an offline keyboard like HeliBoard or FlorisBoard (Gboard sends typing data to Google).
• App Store: Install F-Droid for open-source apps alongside the Play Store.
• Maps: Use Organic Maps or OsmAnd (OpenStreetMap-based, fully offline capable) instead of Google Maps for everyday navigation.
• Email: Use a privacy-focused email app like FairEmail or K-9 Mail instead of Gmail.