Your Phone’s Default Apps Are Spying on You — Here’s How to Reclaim Your Privacy

• On Android, Google’s core services (Play Store/Play Services) “silently store advertising and other tracking cookies” on phones without asking ^[1].
• Aalto University experts warn that Apple’s built-in apps (Safari, Siri, etc.) gather data “even if they are disabled,” making iPhone privacy “virtually impossible” ^[2].
• The EU fined Apple €500 million in April 2025 for blocking alternative app stores and browsers under the Digital Markets Act ^[3].
• Privacy-focused OS projects are growing: GrapheneOS is partnering with a major OEM to reach more devices ^[4], and the Murena SHIFTphone 8 (running /e/OS) launched with a hardware kill-switch for full sensor shutdown ^[5].
• Widely-recommended open-source apps include Signal (encrypted messaging) ^[6], Firefox (browser), ProtonMail (email, >100M users ^[7]), and Bitwarden (password manager) ^[8].

Smartphone users often assume that the apps pre-installed on Android or iPhone respect their privacy. In reality, built-in apps from Google and Apple collect vast amounts of data by design. Cybersecurity researchers and privacy advocates have repeatedly warned that default phone tools spy on you. For example, a 2025 study by Trinity College Dublin found that Google’s Play Store and Play Services quietly drop advertising “cookies” and device identifiers on Android phones without user consent ^[9]. On iPhones, Aalto University’s Janne Lindqvist reports that apps like Safari, Siri and even FaceTime keep gathering information in the background – “because these apps are glued to the platform, getting rid of them is virtually impossible” ^[10]. In short, default apps often leak personal habits, locations and usage patterns back to Big Tech’s servers.

How Big Tech Harvests Your Data

Google and Apple both collect data through their stock apps. Google’s Android ecosystem is deeply integrated with Google accounts. Even if you never launch Chrome or Gmail, Google Play Services is constantly “running” on the device and drops tracking cookies tied to a persistent Android ID ^[11]. These can be used to profile you across apps. Google Maps logs your travels (if Location History is on), and Chrome synchronizes browsing data to your Google account. A recent U.S. court verdict found Google liable for collecting user data despite privacy settings turned off: embedded Google analytics in apps like Uber and Instagram kept uploading location and behavior data ^[12]. Google’s spokesperson defended the practice by insisting users’ data was “nonpersonal, pseudonymous” and that the verdict “misunderstands how our products work” ^[13].

Apple’s iOS is often touted as more private, but its default apps still gather data. Apple says Safari’s Intelligent Tracking Prevention blocks cross-site trackers by default ^[14], but Apple’s own services (like iCloud and Siri) use your info for features. Insider sources note that Siri can “collect data in the background from other apps” even when you disable it ^{[15] [16]}. In 2025 Apple paid $95 million to settle a lawsuit after users claimed Siri was “eavesdropping on users without permission” ^[17]. Likewise, Apple’s iCloud backups and photo-sync require users to entrust data to Apple’s servers, where the company can scan for things like CSAM (albeit with strong encryption). Consumer groups have sued Apple for “trapping” customers into iCloud by making data hard to port out ^[18]. In short, Apple’s built‑in apps are not “firewalls” – they collect and share data across Apple’s services unless you take extraordinary measures.

Experts Sound the Alarm

Tech experts stress that relying on default apps comes with trade-offs. Janne Lindqvist (Aalto University) bluntly states that keeping data hidden on iOS “is virtually impossible” because Safari, Siri, Family Sharing and other Apple apps are always active ^[19]. Prof. Doug Leith (Trinity College) similarly cautions that “Google Play Services … silently store advertising and tracking cookies on people’s phones” without consent ^[20]. These independent researchers echo warnings from privacy advocates (e.g. Privacy International, EFF) that modern smartphones are fundamentally surveillance devices unless deliberately locked down. In the EU, regulators have taken action: in 2025 the European Commission fined Apple €500 million for using unfair rules that “take away free choice” by preventing app developers from linking to other stores ^[21]. Meanwhile in the U.S., the Department of Justice is suing Apple for antitrust violations over exactly this “smartphone gatekeeper” behavior ^[22] (restricting browsers, payments, etc.). Even major tech companies face scrutiny: Google was hit with a $425 million class-action verdict in Sept 2025 for violating California’s privacy law, because its ad tools in apps collected user data despite tracking being turned off ^[23].

Common Culprits: Which Apps Track You?

Some of the most ubiquitous default apps are especially privacy- invasive. Google Maps tracks real-time location – many users only realize how much of their route history is saved when they check the Timeline feature. Chrome logs every search and website you visit while signed into Google (for syncing), whereas Firefox or Brave do not. On iPhone, Safari may mask your IP and block ad-tracking, but Apple’s syncing pushes Safari bookmarks and history to iCloud (which Apple says is end-to-end encrypted ^[24]). iCloud Drive and Photos also continuously upload your documents and images to Apple’s cloud; this is convenient but means Apple can access metadata (and may reencrypt or analyze it). Siri and Dictation send voice commands to Apple for processing (recent policies let you opt-out of recording retention, but audio snippets were once sent to contractors).

Beyond browsers and cloud, some routine apps collect in surprising ways. For instance, the default Weather, News, or Newsstand apps often pull ads from third parties or link to your reading habits. Every time you use Stock or Health apps, Apple may infer your interests or well-being trends. On Android, Google’s Phone, Contacts and Messages apps log call/SMS metadata (time, recipient) into Google’s system unless you switch them off – even then, Google Play Services may keep a summary. In general, any app that carries a Google or Apple login will likely report usage data back for analytics or personalization.

Switch to Privacy-Friendly Apps

The good news is that you can replace many default apps with open-source, privacy-respecting alternatives that work just as well:

• Signal (iOS/Android) – an encrypted messenger recommended as “best in class” for privacy ^[25]. It uses end-to-end encryption on all chats and never stores metadata on its servers (just your phone number).
• Firefox – the Mozilla browser blocks trackers by default and lets you sign in without data harvesting. It’s fully open source. (Brave is another privacy browser that integrates ad-blocking.)
• ProtonMail – an encrypted email service based in Switzerland. Over 100 million users have signed up for Proton’s suite ^[26]. Mail is zero-access encrypted so even Proton can’t read it, and there are no ads.
• Bitwarden – a fully open-source password manager ^[27]. Your passwords are end-to-end encrypted and the code is public on GitHub, so security claims can be independently verified.
• DuckDuckGo – a search engine (and mobile browser) with strong tracker-blocking. It refuses to profile you or sell your search data.
• F-Droid – an alternative Android app store that only offers Free/Open-Source (FOSS) apps. It publishes source code and is audited by volunteers. (See F‑Droid website for download instructions ^[28].)
• Others: For maps, try OsmAnd or Maps.Me (OpenStreetMap-based). For calendars and contacts, use Nextcloud or DAVx⁵ with a privacy-focused provider. For cloud storage, consider SpiderOak or Cryptomator-vaulted Dropbox.

All these alternatives have millions of users and active communities. They generally do not upload your data unless you explicitly sync or backup it. For example, Mozilla reports that Firefox’s telemetry is extremely limited and optional. Signal and ProtonMail both offer free tiers so you don’t have to pay to protect your privacy. Switching often takes just a few taps: you can install Firefox on iOS and set it as the default browser (thanks to recent OS updates), and on Android you can disable Chrome and pick your new browser as default. Likewise, you can point email links to ProtonMail instead of Apple Mail. The Signal website has easy guides to get started, and Bitwarden’s website hosts the source code for review ^[29].

Privacy-Focused Mobile Operating Systems

In addition to apps, whole mobile operating systems are emerging to cut out Big Tech. Projects like GrapheneOS and /e/OS provide hardened Android alternatives. GrapheneOS (open source) strips out Google services and adds extra sandboxing; it’s known for running on Google Pixel phones. Recent news shows GrapheneOS is partnering with a major Android OEM to bring its OS to new flagship devices ^[30]. Meanwhile /e/OS (formerly “eelo”) is a Google-free Android fork that “promises to not track you or sell your data” ^[31]. /e/ comes with a suite of deGoogled apps and can be installed on many devices; you can even buy the Murena SHIFTphone 8, a privacy-first Android phone that runs /e/OS and includes a physical kill-switch to instantly cut off the microphone and camera ^[32]. These OS projects are still niche and require some technical effort (sideloading, unlocking bootloaders), but for the privacy-conscious they offer a way to escape the Google/Apple duopoly. (Other projects include CalyxOS and LineageOS for Android, and even the Linux-based UBports or Ubuntu Touch for very advanced users.)

Take Simple Steps to Cut Data Leaks

You don’t have to sacrifice all functionality to reduce tracking. Even without installing new apps, configure your current phone for more privacy: turn off unwanted permissions and location services, and deny apps camera/mic access if not needed. On Android, go to Settings → Apps and disable or uninstall unnecessary Google apps (YouTube, Play Movies, etc.). Under Google Account settings, you can pause Location History and Ad Personalization. On iPhone, disable Siri suggestions and analytics under Settings→Privacy, and turn off significant location tracking. For everyday browsing and searching, use private/incognito modes or DuckDuckGo’s privacy browser. Always keep your OS updated with the latest patches (security flaws are routinely fixed in new versions).

Experts also advise practicing “digital hygiene”: review what data each app can access, use strong unique passwords (in a manager like Bitwarden), and enable two-factor authentication. Avoid installing apps outside official stores unless absolutely necessary. If you must use a public network, run a VPN to encrypt your traffic. Security firms point out that no smartphone is untrackable, but by limiting permissions and choosing open-source tools, you significantly shrink the data you expose ^[33].

As one cybersecurity specialist notes, mobile tracking often extends beyond a single device – your activity on any platform feeds Google/Apple’s ad profile of you. But they agree: practicing basic digital hygiene (permissions, updates, trusted apps) goes a long way ^[34]. In practice, dozens of privacy-respecting apps today match or exceed their default counterparts in features. For example, ProtonMail offers reliable push email, Signal supports groups and voice notes, and F-Droid’s library includes stable versions of many popular tools.

The takeaway: If you care about privacy, treat your phone like a personal computer – restrict defaults and install only the software you trust. Swapping out Google’s or Apple’s apps for open-source alternatives may feel like extra work at first, but it breaks the “data monopoly” Big Tech holds over your device. With rising regulatory pressure and new tools available, users now have real alternatives. By consciously choosing privacy-safe apps and OSes, you can regain control of your data without losing functionality.

Sources: News reports and expert analyses including Aalto Univ. and Trinity College studies ^{[35] [36]}, Reuters and AP on Google/Apple regulatory actions ^{[37] [38]}, tech media and official sites on privacy apps and OSes ^{[39] [40] [41] [42] [43]}. These illustrate current (2025) smartphone privacy issues and the open-source solutions recommended by security professionals.

References

1. www.tcd.ie, 2. www.nasdaq.com, 3. apnews.com, 4. www.androidauthority.com, 5. e.foundation, 6. www.mozillafoundation.org, 7. proton.me, 8. bitwarden.com, 9. www.tcd.ie, 10. www.nasdaq.com, 11. www.tcd.ie, 12. www.reuters.com, 13. www.reuters.com, 14. www.apple.com, 15. www.nasdaq.com, 16. www.nasdaq.com, 17. www.economicliberties.us, 18. www.economicliberties.us, 19. www.nasdaq.com, 20. www.tcd.ie, 21. apnews.com, 22. www.economicliberties.us, 23. www.reuters.com, 24. www.apple.com, 25. www.mozillafoundation.org, 26. proton.me, 27. bitwarden.com, 28. f-droid.org, 29. bitwarden.com, 30. www.androidauthority.com, 31. itsfoss.com, 32. e.foundation, 33. www.eset.com, 34. www.eset.com, 35. www.nasdaq.com, 36. www.tcd.ie, 37. apnews.com, 38. www.reuters.com, 39. www.mozillafoundation.org, 40. proton.me, 41. bitwarden.com, 42. www.androidauthority.com, 43. e.foundation