The New Oil

The New Oil logo
Privacy: Mobile Habits

Privacy: Mobile Habits

Earlier, I talked about some settings to help reduce the data collection on your phone and improve your mobile device’s security. I also briefly touched on replacement apps and habits. In this sub-section, I want to expand on that and talk about some additional practices to further improve your mobile privacy and security.

The biggest thing you can do with your phone is consider your metadata. The biggest habit you can change is just to not have your phone around as often as possible and to use it as little as possible. Classic non-smart alarm clocks are only $10 at Target, and you can charge your phone in another room. When going out with friends, leave your phone at home. Little things like this can add up.

Second, consider what you do on your phone. For example, try to send emails and do web browsing from your computer rather than your phone. You have significantly more control over your computer’s data collection than your phone’s.

Third, try to keep your phone as clean of apps and data as possible. Apps are a potential risk, both in terms of the data they could be collecting and the malware they could be hiding. The less apps you have, the better off you are. Most tasks we do on demand can wait until we get to a more controlled desktop environment. Of course this doesn’t mean you can never have anything on your phone, just make sure you’ve weighed the risks and really need it. Where possible, consider using Progressive Web Apps (PWAs) instead of regular apps. These are - to oversimplify it - web pages you can bookmark to your phone’s home page. In most cases they behave exactly like a normal app with identical or slightly less functionality, but they will have significantly less access to the data on your phone than a normal app would, making the much more private and secure than a normal app.

If you must download an app, on Android consider using F-Droid or Aurora Store. F-Droid is an app store featuring only open source apps while Aurora is a proxy for the Google Play store allowing you to download apps without a Google account and without Google tracking your download (please note that it will not remove any in-app tracking).

A more advanced step is to get a phone that’s not in your name. Rather than buying a phone on credit - which ties it back to your true identity via a credit check - you can buy a phone up front in cash, then get a pay-as-you-go or prepaid plan. In addition to offering more privacy, these plans are often much less expensive. Be aware that metadata such as location at home every night means your identity can be determined, but this strategy can still offer a lot of defense against public records, doxxing, and stalking.

I strongly urge anyone privacy-oriented to stop using your SIM number and instead use Voice-over-IP for all non-encrypted communications. This is a large subject, and as such I have dedicated an entire page to explaining this, and I encourage you to check it out if you’re interested.

Restart your phone once per week. Phones are typically much more stable than an average computer, and such we can and often do run them for weeks or even months at a time without ever thinking of restarting them. Most malware, except the most advanced kind, cannot withstand a simple restart. While it is unlikely that you’ll get malware if you have good online habits, it only takes a few minutes to restart and it’s worth the caution.

Finally, for those desiring maximum privacy, I encourage you to consider flashing a custom Android ROM onto your phone. This is a more advanced technique that falls outside the scope of this website, but I can at least point you in a starting direction. While there are some niche shops who sell pre-flashed devices, I recommend flashing the devices yourself to ensure maximum security. Unarguably the most secure ROM is GrapheneOS, which places a heavy emphasis on security by hardening the Android kernel it’s based on, sandboxing Google Play services for security and usability, and recommending only apps and services that demonstrate a security-minded approach. A common alternative to Graphene is CalyxOS, which focuses more heavily on incorporating open-source projects into the device but does not make any significant security improvements the way Graphene does. Graphene and Calyx only support a few devices, so if your device is not compatible you could also check into DivestOS. LineageOS and /e/OS are popular choices that support a wide variety of devices, but also suffer from significant security shortcomings. The risks of these are considered to be relatively low, but they will render some apps incompatible with your device (such as banking apps) and you should be aware of the risks before making your decision. I recommend visiting Techlore’s Plexus project to see if the apps you need are compatible on custom ROMs. There are also Linux-based phones, but these are considerably more complex and I do not recommend them for the faint of heart. In general, Linux phones suffer from the same security concerns as Linux, do not use typical mobile apps, and require a considerable knowledge of the Linux operating system to do more than the basic, preloaded features such as texting, calling, and web browsing. In my opinion, none of the current Linux phones are ready for daily use by non-expert users.