Does my phone track me even with location services off?

Yes. Even with GPS/location off, your phone reveals your approximate location through Wi-Fi network names, cell tower connections, Bluetooth beacons, and IP address geolocation. Apps also infer location from timezone, language settings, and barometric pressure sensors.

Is iPhone more private than Android?

Somewhat. iPhone App Tracking Transparency gives you more control over cross-app tracking, and Apple collects less advertising data than Google. However, iPhones still share telemetry with Apple, and apps can still collect data within their own ecosystem. Neither platform is truly private by default.

How do I stop my phone from tracking me?

Start by deleting your advertising ID, disabling location for non-essential apps, revoking unnecessary permissions, and disabling Wi-Fi and Bluetooth scanning. For maximum privacy, consider GrapheneOS (a de-Googled Android) or heavily hardened iOS settings. Our 5-Minute Privacy Checkup covers the essential steps.

~/guides/foundations/

Your Phone Is Tracking You

Your phone knows where you sleep, where you work, who you meet, and what you care about — and it shares this with hundreds of companies. Here is exactly how, and how to limit it.

DIFFICULTY: █░░░░ (1/5 Beginner)

┤ TL;DR ├

▸ Your phone shares your location, app usage, and behavior with hundreds of companies by default
▸ The advertising ID is the single biggest cross-app tracking vector — delete it
▸ App permissions control what data apps can access — review and restrict them regularly
▸ Both Android and iOS leak data, but iOS gives slightly more control with App Tracking Transparency

Your Phone Is Tracking You

Your smartphone is the most intimate surveillance device ever created. It knows where you sleep (home), where you spend your days (work), where you worship, where you seek medical care, who you spend time with, and how long you stay. It records this continuously, passively, and — by default — shares it with hundreds of companies you have never heard of.

This is not a bug. It is the business model.

The 5-Minute Privacy Checkup covered the quickest settings changes. This guide goes deeper: explaining exactly how your phone tracks you, what data flows where, and how to systematically reduce your exposure — on both Android and iPhone.

How Your Phone Tracks You

1. The Advertising ID

Every smartphone ships with a unique advertising identifier — Google’s GAID on Android, Apple’s IDFA on iPhone. This is a persistent, device-level tracking key that advertising networks use to follow your behavior across every app on your phone.

When you open a weather app, a game, a news reader, or a fitness tracker, the app can read your advertising ID and send it to its analytics and advertising partners. Those partners correlate your activity across every app that shares data with them, building a comprehensive behavioral profile tied to your device.

The advertising ID is the single most effective cross-app tracking mechanism on your phone. Deleting it is the highest-impact single change you can make.

How to delete it:

Android: Settings → Security & Privacy → Privacy Controls → Ads → Delete advertising ID
iPhone: Settings → Privacy & Security → Tracking → Turn off “Allow Apps to Request to Track”

2. Location Tracking

Your phone determines your location through multiple methods:

GPS — satellite-based, accurate to ~3 meters
Cell tower triangulation — your carrier always knows which towers your phone connects to
Wi-Fi positioning — your phone scans for nearby Wi-Fi networks and matches them against location databases
Bluetooth beacons — retail stores, airports, and other venues use Bluetooth beacons to detect your presence

Apps that request location access can collect this data and share it with third parties. A 2025 investigation found that a single free weather app shared precise location data with over 40 external partners. Location data brokers like X-Mode (now Outlogic) and Gravy Analytics have been caught selling location data derived from apps to government agencies, bypassing the need for warrants.

In January 2025, Gravy Analytics suffered a massive breach, exposing location data from millions of phones — data collected through apps ranging from Candy Crush to Tinder to prayer apps.

How to limit it:

Review every app’s location permission. Most apps do not need your location.
Set location access to “Only while using” or “Never” for most apps
Disable “Precise Location” for apps that do not require exact coordinates (weather needs approximate, not precise)
On iPhone, enable “Privacy & Security → Location Services → System Services → Significant Locations” and turn it OFF

3. App Permission Creep

Beyond location, apps request access to:

Permission	What It Exposes	Who Wants It
Contacts	Your entire social graph — names, numbers, emails	Social apps, messaging apps, data brokers
Camera	Can be accessed in background by some apps	Social media, QR readers, malicious apps
Microphone	Can capture ambient audio	Voice assistants, social media, communication apps
Photos	Full photo library including EXIF metadata (GPS, timestamps)	Social media, cloud storage, photo editors
Bluetooth	Nearby device detection, beacon tracking	Retail analytics, contact tracing, IoT
Health data	Steps, heart rate, sleep patterns	Fitness apps, insurance companies (via data sharing)
Calendar	Your schedule, meetings, locations	Productivity apps, analytics SDKs

Many apps request permissions they do not need for their core function. A flashlight app does not need your contacts. A calculator does not need your location. Yet these permissions are routinely requested because the data they provide is valuable to advertising partners.

4. Background Data Collection

Apps collect data even when you are not using them:

Background app refresh allows apps to wake up periodically and transmit data
Push notification services maintain persistent connections to servers
SDKs (Software Development Kits) embedded in apps collect data independently of the app’s stated function. A single app may contain 5-15 third-party SDKs, each with its own data collection

Research has shown that apps can determine your daily patterns, social connections, and even emotional state from background data collection alone.

5. What Your Carrier Knows

Your mobile carrier knows:

Every cell tower your phone connects to (continuous location tracking)
Every phone number you call or text
The duration of every call
Your data usage patterns

This data is retained for years and provided to law enforcement upon request (often without a warrant for metadata). In the US, carriers have also been caught selling real-time location data to third parties.

The Systematic Lockdown

The 5-Minute Privacy Checkup covers the quick wins. Here is the comprehensive approach.

Step 1: Delete Your Advertising ID

Covered above. Do this first.

Step 2: Audit All App Permissions

Android: Settings → Security & Privacy → Privacy Controls → Permission Manager iPhone: Settings → Privacy & Security → (each permission category)

Go through every permission category. For each app:

Does this app need this permission to function?
If yes, does it need it “all the time” or only “while using”?
Can I disable “Precise Location” and use approximate instead?

Step 3: Disable Background Activity for Non-Essential Apps

Android: Settings → Apps → (select app) → Battery → Restrict background activity iPhone: Settings → General → Background App Refresh → Turn off for most apps

Keep background activity enabled only for apps that need it: messaging apps, email, navigation. Disable it for social media, news, games, shopping, and anything else that does not need real-time updates.

Step 4: Review Google/Apple Account Settings

These are the master switches for platform-level tracking:

Google (Android):

Visit myaccount.google.com/privacycheckup
Turn off Web & App Activity (or limit it significantly)
Turn off Location History
Turn off YouTube History
Turn off Ad Personalization
Set auto-delete to 3 months for anything you keep enabled

Apple (iPhone):

Settings → Privacy & Security → Analytics & Improvements → Turn off all sharing
Settings → Privacy & Security → Apple Advertising → Turn off Personalized Ads
Settings → Apple ID → iCloud → Advanced Data Protection → Enable (encrypts iCloud data E2E)

Step 5: Remove Unnecessary Apps

Every installed app is a potential data collection point. Audit your phone:

Delete apps you have not used in 30 days — they may still collect background data
Use the website instead of the app when possible — a browser with tracking protection gives you more control than a native app
Be skeptical of free apps — if the app is free and not from a nonprofit or open-source project, you are likely the product

Step 6: Use a Private DNS

As explained in DNS Privacy Explained, your phone’s DNS queries reveal every domain you visit.

Android: Settings → Network & Internet → Private DNS → Enter dns.quad9.net or one.one.one.one iPhone: Install the 1.1.1.1 app or a NextDNS profile for system-wide encrypted DNS

The Landscape of Mobile Privacy

As with all privacy decisions, the right approach depends on your threat model:

Threat Level	Approach	Tradeoff
Basic	Delete ad ID, audit permissions, disable background refresh	Minimal inconvenience
Moderate	Above + private DNS, limit Google/Apple account tracking, remove unused apps	Some features lose personalization
High	Above + VPN, use browser instead of apps, separate phone for sensitive activities	Reduced convenience
Maximum	GrapheneOS (Android), no Google services, prepaid SIM, Faraday bag when needed	Significant lifestyle changes

GrapheneOS: The Maximum Privacy Phone

For users with elevated threat models, GrapheneOS is a privacy-focused Android operating system that runs on Pixel phones. It removes Google services entirely (or sandboxes them with limited permissions), hardens the OS against exploitation, and provides granular control over every permission and network connection.

GrapheneOS is excellent but requires technical comfort and accepting that some apps (those dependent on Google Play Services) may not work or may require workarounds. It is not for everyone, but for journalists, activists, and high-risk individuals, it represents the strongest mobile privacy available.

🔮 Where Mobile Privacy Is Heading

Apple is tightening the ecosystem. App Tracking Transparency (ATT), introduced in iOS 14.5, has significantly reduced cross-app tracking on iPhone. Meta reported losing $10 billion in annual revenue due to ATT. Apple continues adding privacy features (Advanced Data Protection, Lockdown Mode, Private Relay).

Android is following, more slowly. Google’s Privacy Sandbox for Android is rolling out, but Google’s business model creates inherent tension between privacy and advertising revenue. Android’s advertising ID opt-out is less aggressive than Apple’s ATT.

Carrier tracking has no easy fix. Your carrier knows your location through cell tower connections regardless of your phone settings. Only turning off your phone or using airplane mode eliminates this. New legislation may eventually limit carrier data retention and sales.

On-device AI is a double-edged sword. Apple Intelligence, Google Gemini, and Samsung’s AI features process data locally on your device — which is better for privacy than cloud processing. But they also incentivize giving your phone access to more of your data (photos, messages, email) to power AI features.

Key Takeaways

Your phone tracks you through multiple independent mechanisms — advertising ID, location services, app permissions, background data collection, and carrier surveillance.
Deleting your advertising ID is the single highest-impact change. Do it now.
Audit every app permission. Most apps request more access than they need.
Disable background activity for non-essential apps.
Use private DNS to encrypt your domain queries.
Fewer apps = less tracking. Use the browser instead of the app when possible.
Your carrier always knows your approximate location. Only airplane mode or a powered-off phone prevents this.
GrapheneOS exists for users who need maximum mobile privacy — but it requires commitment.

Sources

EFF, “How to: Get to Know Android Privacy and Security Settings,” Surveillance Self-Defense, 2025.
Apple, “App Tracking Transparency,” developer.apple.com, 2021-2026.
Financial Times, “Meta Says Apple’s Privacy Changes Cost It $10 Billion,” 2022.
TechCrunch, “Gravy Analytics Data Breach Exposes Location Data from Popular Apps,” January 2025.
Vice/Motherboard, “How the U.S. Military Buys Location Data,” 2020.
Google, “Privacy Sandbox on Android,” developer.android.com, 2025.
GrapheneOS, grapheneos.org, 2026.
Wired, “The Best iPhone Privacy and Security Settings to Change,” 2025.

┤ RELATED TOOLS ├

▸

Browser Fingerprint AnalyzerSee how websites identify you

▸

IP & DNS Leak TesterCheck VPN leak status

▸

WebRTC Leak DetectorTest WebRTC IP exposure

┤ RELATED GUIDES ├

├─How You're Being Tracked ├─The 5-Minute Privacy Checkup ├─Data Broker Opt-Out Guide ├─Social Media Privacy Settings

☐ Mark this guide as read