"I have nothing to hide“

Yes, we know ;) and yet you close the door when you use the bathroom and draw your curtains when you undress and go to bed. Well, maybe not everyone, but let's go with the majority!

I have stretched the 'nothing to hide' argument so many times with friends and family. And I've won most of the arguments and got many of the people I know away from mainstream social media and other data collection agencies including Instagram, Facebook, Google and co.

However, let's say, for the sake of argument, you want to protect your identity, yet you need to use a Samsung or any mobile device running Google’s invasive Android 'straight out of the box'. Or are even using an iOS device but really looking to lock things down as being as privacy-friendly as possible, without the need of for tweaking, geeking or learning new stuff!

So we could call this chapter "Hiding in plain sight" as YES! that is possible. And while a lot of today's content has already been covered on the site and in fact earlier this very chapter, let's go step by step again for Android followed by iOS (and in Apple's case this works for macOS too).

Android

Android is one of the great tracking tools you can provide for Google to collect data on you. Willingly and in huge volumes! It is one of the greatest tracking tools in the world! I used to say (jokingly) that Google knows more about you than your mother does. But the reality is that Google knows more about you than you know about yourself!

When you power on your device you are already getting invited to sign-in or create a new Google account. So here is the first tip...some phones have a skip option, if you have one use it!

If you could skip the Google account option it's great, if you can’t skip it, make sure you can skip location services and diagnostics etc. After you set up your phone go to Settings —> Accounts and remove your Google account.

The very next thing you need to do is jump over to

Settings -> More connections -> Private DNS -> Configure Private DNS and add any of our recommended DNS providers for example fdns1.dismail.de or fdns2.dismail.de (they already have a great list of ad, tracker and malware domains blocked).

Next, go to Settings -> location and set location services to OFF! It should be off as you said no during setup, but you know…you'd better double check, it is Google after all.

Now I strongly recommend using F-Droid for all apps, they are open-source and safer as than GooglePlay apps.

If you need GooglePlay apps use Aurora (you can find it in F-Droid) to download your apps. You can choose an anonymous account, so you don't need to sign in via any Google account!

A firewall is always something to consider. You could choose between NetGuard (consider using the GitHub version if you want the paid option), AdGuard, Blockada or NextDNS. On the paid NetGuard version and the AdGuard versions you can also block apps entirely from accessing the internet, go through each app and consider if they should have internet access. For example, does your calculator or camera need the internet? I don’t think so, so turn it off.

Now go back to Settings (Phone) —> Apps check special access and go over every access and only select access for apps to which you want to have access. If you have Google framework and Play services still activated, you should disable them in apps! This at least gives them less control and deactivates location, microphone, and camera access on each of them.

Disable Google Maps and replace it with OsmAnd! (from F-Droid)

Also from F-Droid download Scrambled Exif for your photos. It removes metatags which can divulge your exact location etc.

If you use YouTube deactivate the YouTube app anyway and replace it with NewPipe which has no ads, no tracking and still gives you the entire YouTube experience. You can even follow channels without the need of a Google account.

Now let's assume you need paid apps, then you have no choice but to sign in with a Google account to the GooglePlay store. A reason for needing these might be that you need some paid apps for work and/or your company requires you to get them. If that's the case sign in to the GooglePlay Store with an email you generate on AnonAddy and forward to your ProtonMail or any email address you usually use. Do not use your actual email directly.

Privacy Cookbook - Chapter 10.1 - Identity Preservation - Email
One of the biggest security issues around today’s internet world is email. Afterall, this is something that has been around for a relatively long time andemails are needed on almost every website you sign up to. So, as we know, anemail is a pretty easy point of failure and can give away a lot of …

To purchase at the GooglePlay Store jump over to Bitrefill chose a country you'd like to use the store with and buy a gift card from the country. This way no personal credit card data or any name (except the one you just made up!) on Google will be used.

After you downloaded the apps you needed to purchase, consider deactivating or freezing internet access to GooglePlay again with your Firewall (perhaps NetGuard or AdGuard).

If you;re on Samsung feel free to check out this chapter which shows you how to remove some of the invasive Samsung things in the background.

Privacy Cookbook - 5.9.1 - Debloat Samsung Flagships s20 Note 20 Ultra
Some of you might not have the luxury of going fully private by picking up aLinux phone or GrapheneOS (Pixel) but maybe need to go for a full blown Androidphone. Perhaps that’s for business or because you just feel that the pen ismightier than the sword so go for Note 20 Ultra. Oh yes, its a sexy…

This is, of course, not as effective as it would be with GrapheneOS and didn't need to use any Google services, but every little counts, and you would be giving Google less power to track you.

iOS/Mac

When you boot up your device you'll have been asked if you have an iCloud account, you can skip this! Chose a country which fits your time-zone (it doesn't have to be the country you are actually in). In fact, you can choose any country even if it doesn't match your timezone. Do not allow any diagnostics and location services.

Now as you don't need iCloud at all so make sure you stay out of it! But jump to the App Store and login, perhaps with a brand-new account. We can use  a similar set-up as with Android and use an Annoaddy email forwarded to your existing private email. Even Apple doesn't need to know your real email address nor your real address and name. So keep that in mind during setting up.

Bitrefill is your friend when loading your Apple account anonymously via cryptocurrency. So, load and redeem! Purchase and download the apps you need from your redeemed balance.

Go back to Settings and check to see if Apple signed you into the iCloud! Again you do not need iCloud so sign out if Apple signed you in, you will still be signed in to the Apple Store.

After you have done this go to Settings -> Privacy -> Location Services -> System Services and switch everything off, except the last point which says Status Bar Icon. This will ensure you see if Apple or anyone else is still using the location services to pinpoint you. Now, jump back one step and switch Location Services Off!

Now find Calendar on the Settings Page and switch off Location Suggestions

Find Safari on the Settings Page
Search Engine -> DuckDuckGo
Search Engine Suggestions (Off)
Safari Suggestions (Off)
Block Pop-Ups (On)
Downloads -> on my iPad/iPhone
Prevent Cross-Site Tracking (On)
Siri & Search (on the settings page)
Listen for "Hey Siri" -> Off
Press Top Button for Siri -> Off (if you use Siri leave it on)

On this page you see all your apps (chose carefully what Siri should be allowed to use or switch it all off)

In General (Settings Page) find Background App Refresh

Chose here what you actually need and improve your battery life that way.

NextDNS has a great solution which can be found at apple.nextdns.io and would run in the background. You can find many others here:

Encrypted DNS Party
Encrypted DNS Configuration Profiles for Apple Devices

AdGuard is something I recommend strongly on an iOS device. It blocks ads, and you can choose DNS but also manually block objects on websites.

For both Android and iOS the option of an VPN running together with DNS 'out of the box' is possible. However, on Android the VPN would work together with the DNS in Settings. It won't work simultaneously with your firewall as the firewalls would use a VPN setup (even if it's internal) to block traffic and the apps to go online. On iOS VPN and the Firewall (AdGuard) would be working together if you use Personal VPN (IKEv2) as your setup.

Bear in mind, to be really private don't just use any mobile device, if you want more privacy but still be able to access the utility of iOS or Android this is surely one way to gain a bit more privacy back and help hide in plain sight. If you want one more layer and can live without any Google services at all, then I strongly recommend GrapheneOS!

Whatever way you chose, every small step counts and takes power away from the big corporations!