This story is part of, CNET’s look at how the world will continue to evolve starting in 2022 and beyond.
With increasinglyfrom advertisers and law enforcement over the past few years, securing your mobile phone from privacy threats in 2022 should be a key resolution. But don’t stop short. Changing a few settings in your phone and apps isn’t enough. To get the most privacy, the key ingredient to add is a suite of encrypted apps.
Securing your phone’s privacy from groups like yourand law enforcement is a three-part process. First, you need to change several settings in your operating system — that reduces your device’s compliance with your apps’ requests for your data. Next, you manage all of your apps by deleting them, disabling them or changing their privacy settings — that reduces your apps’ collection of the data you produce.
Dozens of settings in your phone’s operating system and within your apps would need to be changed before you could say you’d completed the first two steps. That’s why the final step — installing privacy-focused apps like a VPN, Signal Messenger, Brave Browser, DuckDuckGo and the BitWarden password manager — is crucial. Installing this suite of encryption and privacy apps makes most of the data you produce useless to your ISP and any local law enforcement surveilling you.
On their own, these steps do create some minor inconveniences for an unknown portion of the advertisers that collect your data — but once you combine them with the five apps listed below, their effectiveness skyrockets, creating an impressive foundation for your mobile privacy.
- 1 Use a PIN code to lock your phone — not fingerprints or facial recognition
- 2 Disable location tracking
- 3 Turn off your mobile ad ID
- 4 Check your apps and accounts
- 5 Sign out of all other devices
- 6 Lock down your social media
- 7 Enable 2FA
- 8 Check for leaky apps
- 9 Fail-safe: Nuke your phone remotely
- 10 The real key to privacy: Add these five apps
Use a PIN code to lock your phone — not fingerprints or facial recognition
In most circumstances, police are supposed to have a warrant before they can take your phone from you and Supposed to.. Police are also with biometric data like fingerprints and facial recognition. They’re also supposed to have a warrant before they can request your internet history, texts and phone call logs from websites or your ISP or phone company.
Fact: Sometimes humans simply forget the PIN code to their phone’s main lock screen and then other people like police officers, for example, have a very difficult time accessing the phone’s contents without extended effort. Happens all the time. Another fact: Youor .
Remember, however, that a PIN code only buys you more time until police crack your phone. In some cases, just an hour or so.
Disable location tracking
Without a virtual private network, disabling your phone’s geolocation services is pretty much useless as a way to protect your geolocation privacy from your ISP and law enforcement. Unless you’re using a VPN, every single piece of data that leaves your phone will appear to be coming from the nearest cell tower or Wi-Fi router you’re connected to. End of story.
Toggling off your GPS doesn’t do much. If you share a billing or service account with another person, that other person can likely track you. Some services like AT&T FamilyMap and Apple’s Find My app may need to be manually disabled or uninstalled. Review thefor a walk-through on doing both.
Both Android and iOS devices still have to contend with the geo-tracking of Google Sensorvault.stops Google from tracking your every movement across its Maps and Location History apps.
Turn off your mobile ad ID
If you’ve noticed interest-specific ads suddenly appearing in your browser or social news feeds, your mobile ad ID may be responsible. Your mobile ad ID is a type of tracking technology that follows you during your browsing and includes location information — a privacy vulnerability.
iPhone users can turn this off by enabling Apple’s setting to limit any new apps’ ability to track you. Go to Settings, then Privacy, then Advertising, and toggle off Personalized Ads. This may not cover all the apps on your phone, however, so I also recommendthat you’ve previously downloaded.
Check your apps and accounts
Read CNET’sonline. Our is also helpful if you need Google to remove you from search results.
Sign out of all other devices
In the privacy settings of nearly every one of your online accounts — from your email and social media accounts to your streaming services and cross-device synced services — you’ll find an option to sign your account out of all other devices.
While it would be impossible to walk through every possible service with you in one article, this is a vital step to securing your accounts if you suspect any other person may be able to access your location and search history from a device you can’t control. Take the time to check the settings pages of your apps.
If you’re a Gmail user,across other devices.
It should go without saying, but turn off all location tagging features for all of your social media accounts, one by one. And in each of your social media accounts — whether it’s Instagram, TikTok, Twitter, or Facebook — go through your privacy settings and disable your account being displayed in search results when people look for you.
For help securing your Facebook account,, or for help your account while still saving your photos.
In most cases, two-factor authentication, or 2FA, will not protect your accounts if the person breaking into your accounts has your phone in their hands. That’s because 2FA normally works by sending you a text message or voice call with a passcode for the account you’re trying to log into. Some 2FA protections are customizable, however, and you can receive an email with a temporary passcode instead of a text message.
Every account and service has its own process for enabling 2FA, most of which will be located in the settings menu of whichever app or account you’re securing, and are often under submenus labelled account, security, privacy or advanced options.
Google users, you can set up 2FA by going to your Google account security page and clicking 2-Step Verification. Follow the prompts until you reach a screen titled “Use your phone as a second sign-in step.”
As CNET’s, using alerts in the Gmail app is easier, but it means you have to have your phone nearby at all times and you’ll need a connection to approve the alert. So, if you’re somewhere where you have no bars — or if someone cuts off your phone service — you’ll need to be connected to Wi-Fi.
Check for leaky apps
If you’re using the latest version of Android, there are new privacy features aimed at making it easier to find and restrict any apps with aggressive permissions. Checkfor instructions on how you can see which apps have access to your microphone and camera.
If you suspect someone may have installed malicious apps on your phone, like stalkerware, it’s worth reviewing HackBlossom’s DIY guide to domestic violence cybersecurity for useful ways to secure your privacy. It covers methods of disabling certain privacy vulnerabilities in ways that recognize the need to be careful when distancing yourself from an abuser.
CNET’s Laura Hautala has written extensively on stalkerware and offers reliable instructions onthat might be lurking in the background.
Fail-safe: Nuke your phone remotely
Many Android devices may have fewer out-of-the-box privacy and security benefits than iPhones, but if you’ve got an Android device you have one final kill switch. You can set up your phone so that you’re able to remotely wipe its entire contents if it falls into the wrong hands.
In our Android settings guide, scroll down to thesection and read the walk-through for help getting it rigged. Important: Before taking even the first step toward wiping your device, like a USB or removable hard drive.
One final tool that may be useful to some of you is a digital dead man’s switch. If your phone is taken from you and you’re arrested, you could arrange a dead man’s switch to email a trusted ally with login information and instructions for remotely wiping your phone.
One option is the Dead Man Tracker app, which can notify certain people in the event you don’t respond. A second option that isn’t an app is the Dead Man’s Switch site. It sends an email to previously selected recipients. Note: I haven’t personally tested these two, so read the terms and privacy policies carefully before using, and test in advance.
The real key to privacy: Add these five apps
While changing these settings is a great start toward improving your privacy in the year ahead, they’re only a half measure. To better protect yourself, install the following privacy-focused apps to protect your data from your ISP.
Signal Private Messenger App
- Protection: Voice calls, along with multimedia text messages
- Cost: Free and open-source
- Estimated time: Under 3 minutes to install and start using
Make sure you download the app directly from its verified developer and not a copycat. Signal’s desktop app is also a more private replacement for instant messaging platforms like Slack, or Facebook’s Messenger and WhatsApp. Martin Shelton, of the Freedom of the Press Foundation, also has a 5-minute primer newcomers should read on getting the most out of the app.
- Effectiveness: Widely recommended
- Cost: From $13 per month, with a 30-day refund policy.
- Estimated Time: Approximately 10 minutes to subscribe, install, and begin using, depending on your payment type.
Without a VPN, your ISP and mobile carrier can usually see your Google searches. Policefrom AT&T, T-Mobile, Verizon, or any other cell provider. Police also regularly get their hands on , Bing, Yahoo and other search websites — all of which can let . (for now). You can get one month of service for $12.95 with a 30-day money-back guarantee.
Brave Browser and DuckDuckGo
- Cost: Free
- Bonus: Switch your Brave settings to the most aggressively protective
A browser that leaks information can cancel out your VPN’s ability to cover your tracks, leaving your traffic exposed to your ISP, law enforcement and any sites you visit. Switch to the DuckDuckGo — the that keeps little to no information about the searches you use it for.. Brave isn’t owned by Google, but any extension you can install in Chrome — like the extensions for Surfshark VPN, BitWarden, and DuckDuckGo — you can install in Brave Browser. Avoid using Google as your search engine and instead switch to
BitWarden password manager
- Protection: Browsing and app logins
- Price: Free
- Time: Less than 2 minutes to install, but the time it takes you to add your passwords to the manager depends on how many accounts you have.