Android is one of the greatest tracking tools in the world.

Google (the do good company that has more evil than the devil itself) is embedded deeply into Android and so probably knows more about than your  own mother does.

It starts when you turn on your cellphone and you get invited to create a new Google account or, of course, to sign in with your existing one. Most phones don't have a skip option at this point, if you are lucky enough to have one, USE IT!

Now remember  that Android is in about 80% of all cellphones out there, which potentially gives Google enormous power. Many apps can't even be installed without the Google Play service running. Or they mysteriously won't work as expected and maybe even remind you that you don't have Google play running! One such example is ProtonMail which claims to be a great email++ tool when it comes to privacy! Well maybe try dropping  Google Play services then give it 5 minutes before checking on your emails and then we we start taking this into the proper privacy mode.

Anyway, keeping all this in mind, we have some options to make any phone less 'goggly' so with less tracking and spying. It's always good to have  options!

Now let's skip on to the point where have your phone started up for the first time,. Iif you were not able to skip the Google  account situation, go into Settings -> Accounts and remove your Google account.

There is also a Google option as well in Settings, click each of the points and sign out plus deactivate history etc.

The very next thing you want to do is go to
Settings -> More connections -> Private DNS -> Configure Private DNS and add any of our recommended DNS providers for example or (they already have a great list of ad-, tracker and malware domains blocked).

Another option here is to install AdGuard and follow the guide we posted on the last Chapter 5.2 - Samsung, as AdGuard works on any Android phone not just Samsungs.

Next, go to Settings -> location and set location services to OFF!

Now the next thing you want to do is install f-droid as your PlayStore replacement. F-Droid has a lot of apps and they are  all opensource. We can recommend to you some of the best 'out of the  box' Google replacement apps.

After installing f-Droid, download Private Location and set any location you want your phone to pull from!

You need to enable Developer options, but the app will guide you on what to do.

Next download Fennec and start it up, click Settings -> Search remove all search engines but keep DuckDuckGo and set it as the default.

Click Privacy, select Do not Track. Select Tracking protection to Enabled. Click Cookies and change it to Enabled, excluding 3rd party. Click clear private data on exit.

Switch Mozilla location Services off and the Fennec Health Report as well.

Settings -> Advanced -> Restore tabs, select Don't restore after quitting Fennec.

Now go back and select add-ons

Here, install Decentraleyes, HTTPS Everywhere, Invidition (what redirects YouTube links to and twitter links to, NoScript, Privacy Badger, uBlock Origin (update to the latest lists in settings).

Going back to F-Droid, we recommend Shelter to setup your work profile.

You can separate your browser or install apps which won't reach the rest of  your phone, keeping them isolated., for example your address book or your camera + Gallery.

You could use this place for the Playstore, if you really do need some apps with Google, or use Aurora (which pulls apps from the Playstore)

APKpure is also a great way to download APKs without having to access Google directly.

Or you can run a second instance of an app, like Riot, Signal and similar. The possibilities with shelter are great.

Another great feature is the ability to freeze or auto freeze apps. As an example, you can freeze Signal (which you might use for your 'petite  amie' hahaha!, just kidding) and have it unfrozen with an app launch only when you want to check on it. If you have an app on the main part of the phone, but want to have a clone on the work (shelter) side of the phone you can simply clone and install the app on the other site. Another beautiful feature here is that you can close the work profile with one click and have it open only when you actually need it. Push notifications can be set individually per app just like on the main part of the phone.

If you can, we really recommend to use AdGuard or NetGuard ( but use the github version not the f-droid version for this one), Blockada and even NextDNS are also great alternatives.

Go now to you main Settings (Phone)-> Apps check special access and go over every access and only select access  for apps for which you want to have access. If you have Google framework  and Play services still activated (you can disable them in apps!) This  at least gives them less control and deactivates location, microphone  and camera access on each of them.

There are way greater options with a rooted device, but we'll cover these devices and custom rims later.

Let's focus on your normal Android 'out of the box' experiences for now.

Disable Google Maps and replace it with OsmAnd~!

On f-Droid also download Scrambled Exif for your photos. It removes metatags which can divulge your exact location etc.

Green is a great Bitcoin Wallet! And Feeder a great RSS reader!

As an email program we recommend FairEmail (we will have the setup and a full review coming up in one of the upcoming chapters of the Privacy Cookbook).

FreeOTP+ is a great applications for 2FA and you are able to backup or restore your 2FA from another phone (as long as it also has FreeOTP+.).

NewPipe (we recommend to install it on the Shelter site of the phone) is your perfect YouTube app, it also has PeerTube integration, so you have the best of both worlds. You can even subscribe to YouTube channels for  the downloading of  videos, all without direct Google tracking! A great  app or use invidio on your browser.

WireGuard in combination with your own setup or Mullvad (which is the best for privacy when it comes to 'out of the box') could be an permanent option on the Shelter side, combining the Fennec  browser and even with Socks5 (setup guide from Mullvad) and you have a VPN running at all times or a normal and/or AdGuard blocker with DNS  running on your normal site of the phone.

We will have more write-ups about Android coming, but at least you now have your first substantive guide.

We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element(Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at and at
Share this post