Privacy: Mobile Habits
Earlier, I talked about some settings to help reduce the data collection on your phone and improve your mobile device's security. I also briefly touched on replacement apps and habits. In this sub-section, I want to expand on that and talk about some additional practices to further improve your mobile privacy and security.
The biggest thing you can do with your phone is consider your metadata. The biggest habit you can change is just to not have your phone around as often as possible and to use it as little as possible. Classic non-smart alarm clocks are only $10 at Target, and you can charge your phone in another room. When going out with friends, leave your phone at home. Little things like this can add up.
Second, consider what you do on your phone. For example, try to send emails and do web browsing from your computer rather than your phone. You have significantly more control over your computer's data collection than your phone's.
Third, try to keep your phone as clean of apps and data as possible. Apps are a potential risk, both in terms of the data they could be collecting and the malware they could be hiding. The less apps you have, the better off you are. Most tasks we do on demand can wait until we get to a more controlled desktop environment. Of course this doesn't mean you can never have anything on your, just make sure you're weighed the risks and really need it.
A more advanced step is to get a phone that's not in your name. Rather than buying a phone on credit - which ties it back to your true identity via a credit check - you can buy a phone up front in cash, then get a pay-as-you-go plan. In addition to offering more privacy, these plans are often much less expensive. Be aware that metadata such as location at home every night means your identity can be determined, but this strategy can still offer a lot of defense against public records, doxxing, and stalking.
I strongly urge anyone privacy-oriented to stop using your SIM number and instead use Voice-over-IP for all non-encrypted communications. This is a large subject, and as such I have dedicated an entire page to explaining this, and I encourage you to check it out if you're interested.
Restart your phone once per week. Phones are typically much more stable than an average computer, and such we can and often do run them for weeks or even months at a time without ever thinking of restarting them. Most malware, except the most advanced kind, cannot withstand a device reset. While it is unlikely that you'll get malware if you have good online habits, it only takes a few minutes to restart and it's worth the caution.
Finally, for those desiring maximum privacy, I encourage you to consider getting a Linux-based phone. This is a more advanced technique that falls outside the scope of this website, but I can at least point you in a starting direction. I recommend flashing the devices yourself and the two most popular and well-supported ROMs for this purpose are LineageOS and GrapheneOS. Of these two, Graphene is more secure while Lineage tends to support more mainstream services. There is also a popular compromise called CalyxOS which is based on Graphene but is less secure to allow more functionality. There is one "out of the box" solution called Librem 5, however many reviews suggest is in incomplete, missing important features, and the device is backordered by years. A common alternative is Pinephone but you will have to install the OS of your choice upon arrival.