Privacy: Mobile Habits
Earlier, I talked about some settings to help reduce the data collection on your phone and improve your mobile device's security. I also briefly touched on replacement apps and habits. In this sub-section, I want to expand on that and talk about some additional practices to further improve your mobile privacy and security.
The biggest thing you can do with your phone is consider your metadata. The biggest habit you can change is just to not have your phone around as often as possible and to use it as little as possible. Classic non-smart alarm clocks are only $10 at Target, and you can charge your phone in another room. When going out with friends, leave your phone at home. Little things like this can add up.
Second, consider what you do on your phone. For example, try to send emails and do web browsing from your computer rather than your phone. You have significantly more control over your computer's data collection than your phone's.
Third, try to keep your phone as clean of apps and data as possible. Apps are a potential risk, both in terms of the data they could be collecting and the malware they could be hiding. The less apps you have, the better off you are. Most tasks we do on demand can wait until we get to a more controlled desktop environment. Of course this doesn't mean you can never have anything on your phone, just make sure you're weighed the risks and really need it.
A more advanced step is to get a phone that's not in your name. Rather than buying a phone on credit - which ties it back to your true identity via a credit check - you can buy a phone up front in cash, then get a pay-as-you-go plan. In addition to offering more privacy, these plans are often much less expensive. Be aware that metadata such as location at home every night means your identity can be determined, but this strategy can still offer a lot of defense against public records, doxxing, and stalking.
I strongly urge anyone privacy-oriented to stop using your SIM number and instead use Voice-over-IP for all non-encrypted communications. This is a large subject, and as such I have dedicated an entire page to explaining this, and I encourage you to check it out if you're interested.
Restart your phone once per week. Phones are typically much more stable than an average computer, and such we can and often do run them for weeks or even months at a time without ever thinking of restarting them. Most malware, except the most advanced kind, cannot withstand a device reset. While it is unlikely that you'll get malware if you have good online habits, it only takes a few minutes to restart and it's worth the caution.
Finally, for those desiring maximum privacy, I encourage you to consider flashing a custom Android ROM onto your phone. This is a more advanced technique that falls outside the scope of this website, but I can at least point you in a starting direction. I recommend flashing the devices yourself rather than buying them pre-flashed. The two most popular and well-supported ROMs for this purpose are LineageOS and GrapheneOS. Of these two, Graphene is pretty much as secure as a mobile device can get while Lineage supports more mainstream services in exchange for less security. There is also a popular compromise called CalyxOS which is based on Graphene but trades a small amount of security to allow more functionality. This will likely be the sweet spot for most people. You can visit Techlore's Plexus project to see if the apps you need are compatible on custom ROMs. There are also Linux-based phones, but these are considerably more complex and I do not recommend them for the faint of heart. One solution is the Librem 5, however many reviews suggest is in incomplete, missing important features, and the device is backordered by years. The other common choice is Pinephone but you will have to install the OS of your choice upon arrival. In my experience, none of the current Pinephone OS's are ready for daily use.