Locking down the many apps on your smartphone


Worried About Personal Data Leaks? Here’s How to Lock Down Your Phone

Your guide to identifying sketchy apps, revoking their access to your location and other data, limiting ad tracking, and keeping web browsing private


By Nicole Nguyen

July 3, 2022 10:00 am

There are always people after your data. Advertisers want to know what you’re interested in buying. Hackers want to break into your accounts and steal your stuff. Law enforcement might be interested in your search history, texts and location data.

There has been renewed interest in this topic following the Supreme Court’s decision to overturn Roe v. Wade, because such data could be sought by courts and others in states that ban abortion.

While most services on your devices capture some personal data—your name, websites you visit, your network IP address, etc.—apps on your smartphone tend to get more. Your phone is packed with GPS, cameras and other sensors, as well as sensitive data such as your contacts and health status. Apps, if granted various permissions, could access all of that.

“It’s good to have as few apps as possible, because every app can be a privacy threat,” said Carissa Véliz, an associate professor at the University of Oxford who researches technology and privacy issues.

This checklist will help you go through your phone and limit the amount of data you unwittingly share.

Perform an app audit

Yes, you should ditch some apps. Delete any downloaded apps you no longer use regularly. Definitely remove unnecessary free ones, because many of those earn revenue from selling your data.

Comb the service’s privacy policy to see how it treats your data. Prof. Véliz suggests looking at the app developer and the service’s business model. You could even check news reports for potential bad practices, she said. Bear in mind that when you delete an app from your phone, the information the developer and its partners already collected won’t automatically vanish. You might have to contact them to request data removal, which can be frustrating.

Delete unused and sketchy apps from your phone by long-pressing on the app icon in iOS.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL

How to delete apps:

• iPhone: Long-press an app icon and select Remove App. (If your unwanted app is in the App Library, the menu option will be Delete App.)

• Android: Open the Play Store. Tap your profile icon, then go to Manage apps and devices, then Manage. Tap the app you want to delete, then select Uninstall. Some apps, such as pre-installed ones from carriers, can’t be deleted.

Review access to data

Take a close look at the permissions you’ve granted to your apps. Does your weather app really need access to your friends’ email addresses? Likely not. Many apps that request access to location, Bluetooth or contacts perform most tasks fine without them. 

“When installing apps, be conservative with providing access,” said Hamed Haddadi, who conducts data-security and privacy research at Imperial College London’s department of computing. “It’s always easier to allow permissions later.” 

Once apps are installed, monitor their databattery and storage usage in settings.

Look closely at location, said Dr. Haddadi. He said its persistence and precision make it easier to use than other data to identify you. Google, for instance, captures a detailed view of your whereabouts via all your devices and browsers—an entire timeline for those who haven’t turned off location history.

Location data is some of the most intimate information your phone captures. In iOS privacy settings, review which apps have access.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL

For most apps that require it, such as a ride-sharing app, only grant access while using the app. Don’t worry, an app is still considered “in use” when it’s actively using location in the background, such as when you’re waiting for an Uber. When location services are turned off, your device can still send location data to emergency responders when you call 911.

How to review and revoke permissions: 

• iPhone: Go to Settings and scroll down to the list of installed apps. Tap each one to see which permissions you have granted, then revoke any you don’t think it needs. Next time you’re in the app, it will bug you if you revoked a service it really does need to perform.  

You could also go to Settings > Privacy to review each service and all the apps with access to it.

Then go to the Privacy section of settings and turn on App Privacy Report. It will begin logging the data that your apps access.

In iOS settings, Apple offers an App Privacy Report, which shows how often apps access your data. You have to turn it on.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL

• Android: Open Settings and select Apps. Tap each app name to view permissions. Select the permission and tap “Don’t allow” to revoke access. Some Android phones, under Settings > Privacy, have a privacy dashboard. This shows which apps access sensors and data. (Specific language might vary by phone model.)To see which websites have access to your location, camera and microphone, go to the Chrome app settings, then select Privacy and security > Site settings.

Limit ad tracking

Web ad trackers have, for years, followed your activity as you visit different sites. It’s why when you search for “earplugs for small ears,” then click a link, those earplug ads will follow you around the web for months. (True story.)

Apple AAPL 1.62%▲ and Google are working to limit the effectiveness of these trackers. Apple turned off tracking by default. Google plans to phase out third-party cookies late next year.

On iOS, go to Privacy > Tracking and make sure Allow Apps to Request to Track is turned OFF. When off, it automatically denies requests to track your activity across other apps and sites.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL

How to limit cross-site tracking:

• iPhone: Open Settings, then Privacy, then select Tracking. Make sure “Allow Apps to Request to Track” is off, meaning all tracking requests are automatically denied. This prevents apps from accessing an identifier linked to your activity in and across apps.

Turn off personalized advertising from Apple by going to Settings > Privacy > Apple Advertising, then disabling Personalized Ads.

• Android and Chrome: My colleague Joanna did a deep-dive on preventing ad tracking for Android and Chrome users, which also details Google’s future privacy plans. For now, Android users should go into the Chrome app then tap Settings > Privacy and security > Block third-party cookies. You might also see a Privacy Sandbox option, a beta feature to reduce cross-site tracking on the browser. You’ll see an option to send a “Do Not Track” request. It doesn’t hurt to enable it, but many web services don’t respect the request, not even Google itself. Turn off personalized advertising by going to Settings > Google > Data and privacy > Ad settings, then disabling Ad personalization. You can also visit adssettings.google.com in a browser.

Use your browser

Apps can suck up a lot of data from the sensors on your phone—much more than a website on a browser can. From a privacy perspective, it’s better to access services through mobile browsers versus apps, said Michael Veale, associate professor of digital rights and regulation at University College London.

Web trackers are still prevalent but protections built into mobile browsers, such as Safari on iOS or Brave on Android, can limit this tracking, he said.

Browsers such as Apple’s Safari generally offer more protection than apps, but you still need to limit tracking in settings.PHOTO: NICOLE NGUYEN / THE WALL STREET JOURNAL

How to lock down your browser:

• iPhone: Go to Settings> Safari, then scroll down to the Privacy & Security header and enable Prevent Cross-Site Tracking, Fraudulent Website Warning and Privacy Preserving Ad Measurement. Subscribers to iCloud+ will see an option to Hide IP Address, which prevents websites and internet companies from collecting your browsing activity.

Safari on iOS offers a Privacy Report specifically for trackers. In Safari, next to the URL bar, tap the “aA” icon, then Privacy Report, to see the trackers the browser blocked from viewing your IP address. 

• Android: Chrome users don’t have as many privacy options as iPhone Safari users. If you’re open to an alternative browser, try one designed with strong privacy defaults such as Brave, which offers a $10-a-month upgrade for firewall and virtual private network (VPN) access, or Firefox, which is supported by the nonprofit Mozilla Corp.

—For more WSJ Technology analysis, reviews, advice and headlines, sign up for our weekly newsletter.

Write to Nicole Nguyen at nicole.nguyen@wsj.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.