·  ·  · 

Your Phone’s Default Apps Are Spying on You — Here’s How to Reclaim Your Privacy

October 19, 2025
by
Your Phone’s Default Apps Are Spying on You — Here’s How to Reclaim Your Privacy
  • On Android, Google’s core services (Play Store/Play Services) “silently store advertising and other tracking cookies” on phones without asking [1].
  • Aalto University experts warn that Apple’s built-in apps (Safari, Siri, etc.) gather data “even if they are disabled,” making iPhone privacy “virtually impossible” [2].
  • The EU fined Apple €500 million in April 2025 for blocking alternative app stores and browsers under the Digital Markets Act [3].
  • Privacy-focused OS projects are growing: GrapheneOS is partnering with a major OEM to reach more devices [4], and the Murena SHIFTphone 8 (running /e/OS) launched with a hardware kill-switch for full sensor shutdown [5].
  • Widely-recommended open-source apps include Signal (encrypted messaging) [6], Firefox (browser), ProtonMail (email, >100M users [7]), and Bitwarden (password manager) [8].

Smartphone users often assume that the apps pre-installed on Android or iPhone respect their privacy. In reality, built-in apps from Google and Apple collect vast amounts of data by design. Cybersecurity researchers and privacy advocates have repeatedly warned that default phone tools spy on you. For example, a 2025 study by Trinity College Dublin found that Google’s Play Store and Play Services quietly drop advertising “cookies” and device identifiers on Android phones without user consent [9]. On iPhones, Aalto University’s Janne Lindqvist reports that apps like Safari, Siri and even FaceTime keep gathering information in the background – “because these apps are glued to the platform, getting rid of them is virtually impossible[10]. In short, default apps often leak personal habits, locations and usage patterns back to Big Tech’s servers.

How Big Tech Harvests Your Data

Google and Apple both collect data through their stock apps. Google’s Android ecosystem is deeply integrated with Google accounts. Even if you never launch Chrome or Gmail, Google Play Services is constantly “running” on the device and drops tracking cookies tied to a persistent Android ID [11]. These can be used to profile you across apps. Google Maps logs your travels (if Location History is on), and Chrome synchronizes browsing data to your Google account. A recent U.S. court verdict found Google liable for collecting user data despite privacy settings turned off: embedded Google analytics in apps like Uber and Instagram kept uploading location and behavior data [12]. Google’s spokesperson defended the practice by insisting users’ data was “nonpersonal, pseudonymous” and that the verdict “misunderstands how our products work” [13].

Apple’s iOS is often touted as more private, but its default apps still gather data. Apple says Safari’s Intelligent Tracking Prevention blocks cross-site trackers by default [14], but Apple’s own services (like iCloud and Siri) use your info for features. Insider sources note that Siri can “collect data in the background from other apps” even when you disable it [15] [16]. In 2025 Apple paid $95 million to settle a lawsuit after users claimed Siri was “eavesdropping on users without permission” [17]. Likewise, Apple’s iCloud backups and photo-sync require users to entrust data to Apple’s servers, where the company can scan for things like CSAM (albeit with strong encryption). Consumer groups have sued Apple for “trapping” customers into iCloud by making data hard to port out [18]. In short, Apple’s built‑in apps are not “firewalls” – they collect and share data across Apple’s services unless you take extraordinary measures.

Experts Sound the Alarm

Tech experts stress that relying on default apps comes with trade-offs. Janne Lindqvist (Aalto University) bluntly states that keeping data hidden on iOS “is virtually impossible” because Safari, Siri, Family Sharing and other Apple apps are always active [19]. Prof. Doug Leith (Trinity College) similarly cautions that “Google Play Services … silently store advertising and tracking cookies on people’s phones” without consent [20]. These independent researchers echo warnings from privacy advocates (e.g. Privacy International, EFF) that modern smartphones are fundamentally surveillance devices unless deliberately locked down. In the EU, regulators have taken action: in 2025 the European Commission fined Apple €500 million for using unfair rules that “take away free choice” by preventing app developers from linking to other stores [21]. Meanwhile in the U.S., the Department of Justice is suing Apple for antitrust violations over exactly this “smartphone gatekeeper” behavior [22] (restricting browsers, payments, etc.). Even major tech companies face scrutiny: Google was hit with a $425 million class-action verdict in Sept 2025 for violating California’s privacy law, because its ad tools in apps collected user data despite tracking being turned off [23].

Common Culprits: Which Apps Track You?

Some of the most ubiquitous default apps are especially privacy- invasive. Google Maps tracks real-time location – many users only realize how much of their route history is saved when they check the Timeline feature. Chrome logs every search and website you visit while signed into Google (for syncing), whereas Firefox or Brave do not. On iPhone, Safari may mask your IP and block ad-tracking, but Apple’s syncing pushes Safari bookmarks and history to iCloud (which Apple says is end-to-end encrypted [24]). iCloud Drive and Photos also continuously upload your documents and images to Apple’s cloud; this is convenient but means Apple can access metadata (and may reencrypt or analyze it). Siri and Dictation send voice commands to Apple for processing (recent policies let you opt-out of recording retention, but audio snippets were once sent to contractors).

Beyond browsers and cloud, some routine apps collect in surprising ways. For instance, the default Weather, News, or Newsstand apps often pull ads from third parties or link to your reading habits. Every time you use Stock or Health apps, Apple may infer your interests or well-being trends. On Android, Google’s Phone, Contacts and Messages apps log call/SMS metadata (time, recipient) into Google’s system unless you switch them off – even then, Google Play Services may keep a summary. In general, any app that carries a Google or Apple login will likely report usage data back for analytics or personalization.

Switch to Privacy-Friendly Apps

The good news is that you can replace many default apps with open-source, privacy-respecting alternatives that work just as well:

  • Signal (iOS/Android) – an encrypted messenger recommended as “best in class” for privacy [25]. It uses end-to-end encryption on all chats and never stores metadata on its servers (just your phone number).
  • Firefox – the Mozilla browser blocks trackers by default and lets you sign in without data harvesting. It’s fully open source. (Brave is another privacy browser that integrates ad-blocking.)
  • ProtonMail – an encrypted email service based in Switzerland. Over 100 million users have signed up for Proton’s suite [26]. Mail is zero-access encrypted so even Proton can’t read it, and there are no ads.
  • Bitwarden – a fully open-source password manager [27]. Your passwords are end-to-end encrypted and the code is public on GitHub, so security claims can be independently verified.
  • DuckDuckGo – a search engine (and mobile browser) with strong tracker-blocking. It refuses to profile you or sell your search data.
  • F-Droid – an alternative Android app store that only offers Free/Open-Source (FOSS) apps. It publishes source code and is audited by volunteers. (See F‑Droid website for download instructions [28].)
  • Others: For maps, try OsmAnd or Maps.Me (OpenStreetMap-based). For calendars and contacts, use Nextcloud or DAVx⁵ with a privacy-focused provider. For cloud storage, consider SpiderOak or Cryptomator-vaulted Dropbox.

All these alternatives have millions of users and active communities. They generally do not upload your data unless you explicitly sync or backup it. For example, Mozilla reports that Firefox’s telemetry is extremely limited and optional. Signal and ProtonMail both offer free tiers so you don’t have to pay to protect your privacy. Switching often takes just a few taps: you can install Firefox on iOS and set it as the default browser (thanks to recent OS updates), and on Android you can disable Chrome and pick your new browser as default. Likewise, you can point email links to ProtonMail instead of Apple Mail. The Signal website has easy guides to get started, and Bitwarden’s website hosts the source code for review [29].

Privacy-Focused Mobile Operating Systems

In addition to apps, whole mobile operating systems are emerging to cut out Big Tech. Projects like GrapheneOS and /e/OS provide hardened Android alternatives. GrapheneOS (open source) strips out Google services and adds extra sandboxing; it’s known for running on Google Pixel phones. Recent news shows GrapheneOS is partnering with a major Android OEM to bring its OS to new flagship devices [30]. Meanwhile /e/OS (formerly “eelo”) is a Google-free Android fork that “promises to not track you or sell your data” [31]. /e/ comes with a suite of deGoogled apps and can be installed on many devices; you can even buy the Murena SHIFTphone 8, a privacy-first Android phone that runs /e/OS and includes a physical kill-switch to instantly cut off the microphone and camera [32]. These OS projects are still niche and require some technical effort (sideloading, unlocking bootloaders), but for the privacy-conscious they offer a way to escape the Google/Apple duopoly. (Other projects include CalyxOS and LineageOS for Android, and even the Linux-based UBports or Ubuntu Touch for very advanced users.)

Take Simple Steps to Cut Data Leaks

You don’t have to sacrifice all functionality to reduce tracking. Even without installing new apps, configure your current phone for more privacy: turn off unwanted permissions and location services, and deny apps camera/mic access if not needed. On Android, go to Settings → Apps and disable or uninstall unnecessary Google apps (YouTube, Play Movies, etc.). Under Google Account settings, you can pause Location History and Ad Personalization. On iPhone, disable Siri suggestions and analytics under Settings→Privacy, and turn off significant location tracking. For everyday browsing and searching, use private/incognito modes or DuckDuckGo’s privacy browser. Always keep your OS updated with the latest patches (security flaws are routinely fixed in new versions).

Experts also advise practicing “digital hygiene”: review what data each app can access, use strong unique passwords (in a manager like Bitwarden), and enable two-factor authentication. Avoid installing apps outside official stores unless absolutely necessary. If you must use a public network, run a VPN to encrypt your traffic. Security firms point out that no smartphone is untrackable, but by limiting permissions and choosing open-source tools, you significantly shrink the data you expose [33].

As one cybersecurity specialist notes, mobile tracking often extends beyond a single device – your activity on any platform feeds Google/Apple’s ad profile of you. But they agree: practicing basic digital hygiene (permissions, updates, trusted apps) goes a long way [34]. In practice, dozens of privacy-respecting apps today match or exceed their default counterparts in features. For example, ProtonMail offers reliable push email, Signal supports groups and voice notes, and F-Droid’s library includes stable versions of many popular tools.

The takeaway: If you care about privacy, treat your phone like a personal computer – restrict defaults and install only the software you trust. Swapping out Google’s or Apple’s apps for open-source alternatives may feel like extra work at first, but it breaks the “data monopoly” Big Tech holds over your device. With rising regulatory pressure and new tools available, users now have real alternatives. By consciously choosing privacy-safe apps and OSes, you can regain control of your data without losing functionality.

Sources: News reports and expert analyses including Aalto Univ. and Trinity College studies [35] [36], Reuters and AP on Google/Apple regulatory actions [37] [38], tech media and official sites on privacy apps and OSes [39] [40] [41] [42] [43]. These illustrate current (2025) smartphone privacy issues and the open-source solutions recommended by security professionals.

Smartphone Security: How to Protect Your Phone Privacy
Watch this video on YouTube.

References

1. www.tcd.ie, 2. www.nasdaq.com, 3. apnews.com, 4. www.androidauthority.com, 5. e.foundation, 6. www.mozillafoundation.org, 7. proton.me, 8. bitwarden.com, 9. www.tcd.ie, 10. www.nasdaq.com, 11. www.tcd.ie, 12. www.reuters.com, 13. www.reuters.com, 14. www.apple.com, 15. www.nasdaq.com, 16. www.nasdaq.com, 17. www.economicliberties.us, 18. www.economicliberties.us, 19. www.nasdaq.com, 20. www.tcd.ie, 21. apnews.com, 22. www.economicliberties.us, 23. www.reuters.com, 24. www.apple.com, 25. www.mozillafoundation.org, 26. proton.me, 27. bitwarden.com, 28. f-droid.org, 29. bitwarden.com, 30. www.androidauthority.com, 31. itsfoss.com, 32. e.foundation, 33. www.eset.com, 34. www.eset.com, 35. www.nasdaq.com, 36. www.tcd.ie, 37. apnews.com, 38. www.reuters.com, 39. www.mozillafoundation.org, 40. proton.me, 41. bitwarden.com, 42. www.androidauthority.com, 43. e.foundation

Mateusz Brzeziński

Technology News

  • Android October Update: Security Upgrades, Wallet Enhancements, and Cross-Device Improvements
    October 21, 2025, 4:34 AM EDT. Google's October system update brings broad enhancements across Android, Wear OS, Android TV, Auto and PC. In addition to bug fixes, it adds security improvements in Play Services (v25.41) and new online verification via reCAPTCHA on devices. Users can now view and delete hidden passkeys in Google Password Manager, and a new Advanced Protection dashboard increases transparency on app access to sensitive data. Wallet gains streamlined card linking with supported banks, notification support for loyalty passes on older Androids, and real-time live travel notifications for flights, trains and events. The update also introduces new APIs for ads and third-party integration, complementing ongoing enhancements to Maps and LE Audio on prior releases (v25.40).
  • Inside EA's AI Divide: How Generative AI is Reshaping Electronic Arts
    October 21, 2025, 4:32 AM EDT. EA faces a growing split between experimenting with generative AI to speed up game development and the risks it poses to creative control, labor, and ethics. The company bets on tools that automate worldbuilding, dialogue, and QA, while balancing concerns about copyright, bias, and job displacement for developers and QA testers. Executives argue AI can unlock more ambitious worlds and personalized experiences, but some teams worry about losing human artistry. The divide reflects broader tensions in the gaming industry, from licensing constraints to player data usage and monetization. As EA navigates talent retention, governance, and customer trust, its choices could rewrite how AAA game studios integrate AI without sacrificing craft.
  • Oracle Could Join the $2 Trillion Club with AI-Driven Cloud Growth
    October 21, 2025, 4:24 AM EDT. Oracle has assets in cloud, database, and enterprise software with about 98% of Global Fortune 500 as customers, positioning it to ride the AI wave. Despite a current market cap near $899 billion, the firm posted a fiscal 2026 Q1 revenue of $14.9 billion and adjusted EPS of $1.47, with RPO backlog surging to $455 billion. CEO Safra Catz signaled ongoing multi-billion-dollar contracts and the horizon of further growth as AI accelerates adoption. Oracle Cloud Infrastructure (OCI) grew 51% year over year, and management projects bold cloud revenue targets across 2027-2030, suggesting OCI could redefine the competitive landscape alongside AWS, Google Cloud, and Azure. If these trends persist, Oracle could extend its scale toward the $2 trillion arena, potentially reshaping the tech market.
  • Chinas AI push to challenge US dominance: startups, giants, and state policy
    October 21, 2025, 4:20 AM EDT. China is accelerating to become the world's leading AI power by 2030, backed by massive public-private investment and a vast online market. This year DeepSeek challenged Western rivals with a cost-efficient LLM, while Alibaba launched a powerful model and plans new data centers worldwide. Tencent's Hunyuan-A13B adds to a fierce domestic race as China's giants and the state push to close the gap with the West. Nvidia's Jensen Huang warns the US isn't far ahead, noting China's rapid tech adoption. By offering open-source models like DeepSeek, Qwen-3, and Kimi K2, Chinese developers provide cutting-edge tools at lower cost, accelerating experimentation. State support and a huge user base are driving a quick cycle of AI deployment and innovation across industries.
  • ST Engineering iDirect Launches Intuition 1.1: A Cloud-Native Ground System for Multi-Orbit Satellite Networks
    October 21, 2025, 4:18 AM EDT. ST Engineering iDirect announced the general availability of Intuition 1.1, a cloud-native ground system for multi-orbit satellite networks. Built on a modular, microservices-based design, Intuition trims compute needs and, with the XBB baseband solution, can cut hardware requirements by up to 70%, delivering lower TCO. The system enables rapid feature upgrades with minimal disruption and scalable cloud deployment. It integrates Mx-DMA MRC return waveform, global bandwidth management, and advanced mobility for dynamic bandwidth pooling and automated resource allocation. Coupled with AI-powered analytics and APIs for network orchestration, Intuition supports 3GPP alignment and sets the stage for 5G NTN roaming. Operators gain improved performance, efficiency, and readiness for future satellite innovations.

Don't Miss

Mobile Phone Shockwaves: Apple’s Big Shift, Samsung’s S26 Secrets, Google’s AI Pixel & Huawei’s Comeback (Sept 25–26, 2025)

Mobile Phone Shockwaves: Apple’s Big Shift, Samsung’s S26 Secrets, Google’s AI Pixel & Huawei’s Comeback (Sept 25–26, 2025)

Key Developments at a Glance Apple’s Big Move: “Made in
Honor’s Magic8 Series Unveiled: 200MP AI Zoom Camera, YOYO AI Button & Smart Shopping Tools

Honor’s Magic8 Series Unveiled: 200MP AI Zoom Camera, YOYO AI Button & Smart Shopping Tools

Magic8 Launch: Honor Pushes AI Era Honor’s CEO Li Jian framed