Worried About Personal Data Leaks? Here’s How to Lock Down Your Phone
Your guide to identifying sketchy apps, revoking their access to your location and other data, limiting ad tracking, and keeping web browsing private
PHOTO ILLUSTRATION BY CHAYA HOWELL/THE WALL STREET JOURNAL, ISTOCK
July 3, 2022 10:00 am
There are always people after your data. Advertisers want to know what you’re interested in buying. Hackers want to break into your accounts and steal your stuff. Law enforcement might be interested in your search history, texts and location data.
There has been renewed interest in this topic following the Supreme Court’s decision to overturn Roe v. Wade, because such data could be sought by courts and others in states that ban abortion.
While most services on your devices capture some personal data—your name, websites you visit, your network IP address, etc.—apps on your smartphone tend to get more. Your phone is packed with GPS, cameras and other sensors, as well as sensitive data such as your contacts and health status. Apps, if granted various permissions, could access all of that.
“It’s good to have as few apps as possible, because every app can be a privacy threat,” said Carissa Véliz, an associate professor at the University of Oxford who researches technology and privacy issues.
This checklist will help you go through your phone and limit the amount of data you unwittingly share.
Perform an app audit
Yes, you should ditch some apps. Delete any downloaded apps you no longer use regularly. Definitely remove unnecessary free ones, because many of those earn revenue from selling your data.
Delete unused and sketchy apps from your phone by long-pressing on the app icon in iOS.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL
How to delete apps:
• iPhone: Long-press an app icon and select Remove App. (If your unwanted app is in the App Library, the menu option will be Delete App.)
• Android: Open the Play Store. Tap your profile icon, then go to Manage apps and devices, then Manage. Tap the app you want to delete, then select Uninstall. Some apps, such as pre-installed ones from carriers, can’t be deleted.
Review access to data
Take a close look at the permissions you’ve granted to your apps. Does your weather app really need access to your friends’ email addresses? Likely not. Many apps that request access to location, Bluetooth or contacts perform most tasks fine without them.
“When installing apps, be conservative with providing access,” said Hamed Haddadi, who conducts data-security and privacy research at Imperial College London’s department of computing. “It’s always easier to allow permissions later.”
Look closely at location, said Dr. Haddadi. He said its persistence and precision make it easier to use than other data to identify you. Google, for instance, captures a detailed view of your whereabouts via all your devices and browsers—an entire timeline for those who haven’t turned off location history.
Location data is some of the most intimate information your phone captures. In iOS privacy settings, review which apps have access.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL
For most apps that require it, such as a ride-sharing app, only grant access while using the app. Don’t worry, an app is still considered “in use” when it’s actively using location in the background, such as when you’re waiting for an Uber. When location services are turned off, your device can still send location data to emergency responders when you call 911.
How to review and revoke permissions:
• iPhone: Go to Settings and scroll down to the list of installed apps. Tap each one to see which permissions you have granted, then revoke any you don’t think it needs. Next time you’re in the app, it will bug you if you revoked a service it really does need to perform.
You could also go to Settings > Privacy to review each service and all the apps with access to it.
Then go to the Privacy section of settings and turn on App Privacy Report. It will begin logging the data that your apps access.
In iOS settings, Apple offers an App Privacy Report, which shows how often apps access your data. You have to turn it on.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL
• Android: Open Settings and select Apps. Tap each app name to view permissions. Select the permission and tap “Don’t allow” to revoke access. Some Android phones, under Settings > Privacy, have a privacy dashboard. This shows which apps access sensors and data. (Specific language might vary by phone model.)To see which websites have access to your location, camera and microphone, go to the Chrome app settings, then select Privacy and security > Site settings.
Limit ad tracking
Web ad trackers have, for years, followed your activity as you visit different sites. It’s why when you search for “earplugs for small ears,” then click a link, those earplug ads will follow you around the web for months. (True story.)
On iOS, go to Privacy > Tracking and make sure Allow Apps to Request to Track is turned OFF. When off, it automatically denies requests to track your activity across other apps and sites.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL
How to limit cross-site tracking:
• iPhone: Open Settings, then Privacy, then select Tracking. Make sure “Allow Apps to Request to Track” is off, meaning all tracking requests are automatically denied. This prevents apps from accessing an identifier linked to your activity in and across apps.
Turn off personalized advertising from Apple by going to Settings > Privacy > Apple Advertising, then disabling Personalized Ads.
• Android and Chrome: My colleague Joanna did a deep-dive on preventing ad tracking for Android and Chrome users, which also details Google’s future privacy plans. For now, Android users should go into the Chrome app then tap Settings > Privacy and security > Block third-party cookies. You might also see a Privacy Sandbox option, a beta feature to reduce cross-site tracking on the browser. You’ll see an option to send a “Do Not Track” request. It doesn’t hurt to enable it, but many web services don’t respect the request, not even Google itself. Turn off personalized advertising by going to Settings > Google > Data and privacy > Ad settings, then disabling Ad personalization. You can also visit adssettings.google.com in a browser.
Use your browser
Apps can suck up a lot of data from the sensors on your phone—much more than a website on a browser can. From a privacy perspective, it’s better to access services through mobile browsers versus apps, said Michael Veale, associate professor of digital rights and regulation at University College London.
Web trackers are still prevalent but protections built into mobile browsers, such as Safari on iOS or Brave on Android, can limit this tracking, he said.
Browsers such as Apple’s Safari generally offer more protection than apps, but you still need to limit tracking in settings.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL
How to lock down your browser:
• iPhone: Go to Settings> Safari, then scroll down to the Privacy & Security header and enable Prevent Cross-Site Tracking, Fraudulent Website Warning and Privacy Preserving Ad Measurement. Subscribers to iCloud+ will see an option to Hide IP Address, which prevents websites and internet companies from collecting your browsing activity.
Safari on iOS offers a Privacy Report specifically for trackers. In Safari, next to the URL bar, tap the “aA” icon, then Privacy Report, to see the trackers the browser blocked from viewing your IP address.
• Android: Chrome users don’t have as many privacy options as iPhone Safari users. If you’re open to an alternative browser, try one designed with strong privacy defaults such as Brave, which offers a $10-a-month upgrade for firewall and virtual private network (VPN) access, or Firefox, which is supported by the nonprofit Mozilla Corp.
—For more WSJ Technology analysis, reviews, advice and headlines, sign up for our weekly newsletter.
Write to Nicole Nguyen at email@example.com