Privacy: Mobile Habits
In the "Most Important" chapter, I talked about some settings to help reduce the data collection on your phone and improve your mobile security. I also briefly touched on replacement apps and habits. In this section, I want to expand on that and talk about some additional practices and considerations to further improve your mobile device privacy and security. As I said before, phones are the most powerful surveillance devices we have, not only because they travel with us everywhere but also because they're not really very safely customizable.
The biggest thing you can do with your phone is consider your metadata. The biggest habit you can change, as I said before, is just to not have your phone around as often as possible. I bought a classic non-smart alarm clock at Target for $10. My phone charges overnight in the study, which is on the other side of the house from the bedroom. When I go out on date nights, I leave my phone at home. It forces me to pay more attention to my partner, to be more in the moment, and reduces the GPS location tracking.
Second, consider what you do on your phone. Try to send emails from your computer rather than your phone because you have significantly more control over your computer's data collection than your phone's. Most apps have privacy policies that allow them to see what else you do on your phone, what other apps you have installed, and sometimes even more invasive things. Overall, the less you can use your phone, the better.
Third, try to keep your phone as clean as possible. Apps are a potential risk, both in terms of the data they could be collecting and the malware they could be hiding. The less apps you have, the better off you are. Do you really need to be able to check your bank account anywhere, any time? Usually no, it can wait til you get home, so it's better just to not have your bank app (this is also safer if your phone gets lost or stolen, now whoever posses the phone doesn't have one-click access to your bank). Same thing with games. Do you really need every copy of Angry Birds and Wordsearch and Pokemon GO? I'm not saying don't have any apps at all, but I am saying weigh how much you actually need or use them against the risks they present and consider if you can't find a workaround in another way. I have Spotify on my phone, I'm pretty sure I'd die without it. But Spotify means there's no need to download a game to keep myself occupied while standing in line. Same thing with news apps. Using Firefox Focus to check the news directly on their site is much safer than taking up space and risking data collection with an app. Again though, if possible, it's better to check the news on my computer than on my phone because my computer is more effective at blocking trackers.
A more advanced step is to get a phone that's not in your name. Rather than buying a phone on credit - which unavoidably ties it back to you - you can buy a phone up front in cash, then get a pay-as-you-go plan. These plans are also incredibly inexpensive in addition to offering much more privacy. Keeping the phone out of your name will help to reduce the amount of personal data that leaks to public search engines, which will be discussed in the next section. However, other metadata such as location at home every night means your identity can easily be determined. So this isn't a foolproof strategy to hide from advanced adversaries, just simple automated data collection.
I strongly urge anyone privacy-oriented to stop using your SIM number and instead use Voice-over-IP for all non-encrypted communications. This is a large subject, and as such I have dedicated an entire page to explaining this, and I encourage you to check it out if you're interested.
Finally, for those desiring maximum privacy, I encourage you to combine all of this along with getting a Linux-based phone. This is a more advanced technique that falls outside the scope of this website, but I can at least point you in a starting direction. I recommend flashing the devices yourself and the two most popular and well-supported ROMs for this purpose are LineageOS and GrapheneOS. Of these two, Graphene is generally regarded as more secure while Lineage tends to have more support available. There are two "out of the box" solutions that are quite popular in the privacy community, Pinephone and Librem 5. However, having dug in deep to some reviews from others who have purchased these devices, I hesitate to recommend these for average users. Both of them come with their fair share of bugs, from missing camera software (making the camera useless) to having to custom install the OS upon unboxing. These devices are worth mentioning as you search for a linux phone, however please do your research and remember that both of these devices are still very new and still working out the kinks.