Android is one of the greatest tracking tools in the world.
Google (the do good company that has more evil than the devil itself) is embedded deeply into Android and so probably knows more about than your own mother does.
It starts when you turn on your cellphone and you get invited to create a new Google account or, of course, to sign in with your existing one. Most phones don't have a skip option at this point, if you are lucky enough to have one, USE IT!
Now remember that Android is in about 80% of all cellphones out there, which potentially gives Google enormous power. Many apps can't even be installed without the Google Play service running. Or they mysteriously won't work as expected and maybe even remind you that you don't have Google play running! One such example is ProtonMail which claims to be a great email++ tool when it comes to privacy! Well maybe try dropping Google Play services then give it 5 minutes before checking on your emails and then we we start taking this into the proper privacy mode.
Anyway, keeping all this in mind, we have some options to make any phone less 'goggly' so with less tracking and spying. It's always good to have options!
Now let's skip on to the point where have your phone started up for the first time,. Iif you were not able to skip the Google account situation, go into Settings -> Accounts and remove your Google account.
There is also a Google option as well in Settings, click each of the points and sign out plus deactivate history etc.
The very next thing you want to do is go to
Settings -> More connections -> Private DNS -> Configure Private DNS and add any of our recommended DNS providers for example fdns1.dismail.de or fdns2.dismail.de (they already have a great list of ad-, tracker and malware domains blocked).
Another option here is to install AdGuard and follow the guide we posted on the last Chapter 5.2 - Samsung, as AdGuard works on any Android phone not just Samsungs.
Next, go to Settings -> location and set location services to OFF!
Now the next thing you want to do is install f-droid as your PlayStore replacement. F-Droid has a lot of apps and they are all opensource. We can recommend to you some of the best 'out of the box' Google replacement apps.
After installing f-Droid, download Private Location and set any location you want your phone to pull from!
You need to enable Developer options, but the app will guide you on what to do.
Next download Fennec and start it up, click Settings -> Search remove all search engines but keep DuckDuckGo and set it as the default.
Click Privacy, select Do not Track. Select Tracking protection to Enabled. Click Cookies and change it to Enabled, excluding 3rd party. Click clear private data on exit.
Switch Mozilla location Services off and the Fennec Health Report as well.
Settings -> Advanced -> Restore tabs, select Don't restore after quitting Fennec.
Now go back and select add-ons
Here, install Decentraleyes, HTTPS Everywhere, Invidition (what redirects YouTube links to invidi.us and twitter links to nitter.net, NoScript, Privacy Badger, uBlock Origin (update to the latest lists in settings).
Going back to F-Droid, we recommend Shelter to setup your work profile.
You can separate your browser or install apps which won't reach the rest of your phone, keeping them isolated., for example your address book or your camera + Gallery.
You could use this place for the Playstore, if you really do need some apps with Google, or use Aurora (which pulls apps from the Playstore)
APKpure is also a great way to download APKs without having to access Google directly.
Or you can run a second instance of an app, like Riot, Signal and similar. The possibilities with shelter are great.
Another great feature is the ability to freeze or auto freeze apps. As an example, you can freeze Signal (which you might use for your 'petite amie' hahaha!, just kidding) and have it unfrozen with an app launch only when you want to check on it. If you have an app on the main part of the phone, but want to have a clone on the work (shelter) side of the phone you can simply clone and install the app on the other site. Another beautiful feature here is that you can close the work profile with one click and have it open only when you actually need it. Push notifications can be set individually per app just like on the main part of the phone.
If you can, we really recommend to use AdGuard or NetGuard ( but use the github version not the f-droid version for this one), Blockada and even NextDNS are also great alternatives.
Go now to you main Settings (Phone)-> Apps check special access and go over every access and only select access for apps for which you want to have access. If you have Google framework and Play services still activated (you can disable them in apps!) This at least gives them less control and deactivates location, microphone and camera access on each of them.
There are way greater options with a rooted device, but we'll cover these devices and custom rims later.
Let's focus on your normal Android 'out of the box' experiences for now.
Disable Google Maps and replace it with OsmAnd~!
On f-Droid also download Scrambled Exif for your photos. It removes metatags which can divulge your exact location etc.
Green is a great Bitcoin Wallet! And Feeder a great RSS reader!
As an email program we recommend FairEmail (we will have the setup and a full review coming up in one of the upcoming chapters of the Privacy Cookbook).
FreeOTP+ is a great applications for 2FA and you are able to backup or restore your 2FA from another phone (as long as it also has FreeOTP+.).
NewPipe (we recommend to install it on the Shelter site of the phone) is your perfect YouTube app, it also has PeerTube integration, so you have the best of both worlds. You can even subscribe to YouTube channels for the downloading of videos, all without direct Google tracking! A great app or use invidio on your browser.
WireGuard in combination with your own setup or Mullvad (which is the best for privacy when it comes to 'out of the box') could be an permanent option on the Shelter side, combining the Fennec browser and even with Socks5 (setup guide from Mullvad) and you have a VPN running at all times or a normal and/or AdGuard blocker with DNS running on your normal site of the phone.
We will have more write-ups about Android coming, but at least you now have your first substantive guide.