Your Phone: The Most Intimate Surveillance Device You Own

Your phone knows where you sleep, where you work, who you call, what you search for at 2 a.m., what you buy, how fast you drive, and how long you linger on a photograph. It knows which doctors you visit, which political rallies you attend, and which bars you walk into on a Tuesday night. No other object in history has generated this density of personal data about its owner, continuously, in exchange for the privilege of carrying it. Snowden described the modern smartphone as a tracking device that also makes calls. That framing is more accurate than most people are comfortable admitting.

Why This Matters for Sovereignty

The phone is the single largest point of surveillance exposure in most people’s digital lives. Not because anyone is watching you specifically — for most people, no one is — but because the data your phone generates is collected, aggregated, packaged, and sold at industrial scale by data brokers, app developers, advertising networks, and your phone carrier. Zuboff’s surveillance capitalism framework is most vividly illustrated by the smartphone. The device is subsidized by the behavioral surplus it extracts. The apps are free because the data they collect is the product.

The sovereign response is not to abandon the device. That counsel — throw away your phone, go dark, use a burner — fails the proportionality test. Your phone is, genuinely, one of the most useful objects ever created. It coordinates your life, connects you to people you care about, gives you access to the sum of human knowledge, and fits in your pocket. The question is not whether to use it. The question is how to reduce its surveillance capability without destroying the utility that makes it worth carrying.

How It Works: What Your Phone Collects

Understanding the scope of collection is the first step toward reducing it. Your phone generates several distinct categories of data, each with different collectors and different implications.

Location data is the most sensitive category. Your phone determines its location through GPS satellites, cell tower triangulation, and nearby Wi-Fi networks. This data is collected by your operating system (Apple or Google), by apps with location permissions, by your phone carrier, and — in some documented cases — even when Location Services is turned off. In 2018, the Associated Press documented that Google continued to collect location data from Android devices even when users had explicitly disabled the Location History setting. The data was being stored through a separate setting called “Web & App Activity.” Google has since made changes to these settings, but the episode illustrates a pattern: the default collection posture of these devices is expansive, and the controls offered to users do not always govern what they appear to govern.

Location data is valuable because it reveals patterns. Where you go every day, combined with timestamps, reveals where you live, where you work, who you visit, what businesses you frequent, and how you spend your time. Data brokers purchase location data from app developers and compile it into products that can track individuals to specific buildings. The Wyden investigation in the U.S. Senate documented that commercially available location data could be used to track individuals to reproductive health clinics, places of worship, and addiction treatment centers. This data was available for purchase by anyone willing to pay, without a warrant or any legal process.

App permissions determine what data individual apps can access on your device. Most apps request far more permissions than their core functionality requires. A weather app does not need access to your contacts. A flashlight app does not need access to your microphone. A photo editing app does not need access to your location. These permissions are requested because the data they grant access to can be monetized — either directly by the app developer or through advertising SDKs embedded in the app’s code. When you install an app and grant it location access, you are often granting access not just to the app itself but to the advertising networks and data brokers whose code is bundled inside it.

The advertising identifier is a unique ID assigned to your device by the operating system — the IDFA on iOS and the GAID on Android. This identifier is used by advertising networks to track your activity across different apps. When you use a weather app, a news app, and a shopping app, and all three share your advertising ID with the same ad network, that network can build a unified behavioral profile across all three contexts. The advertising ID is the connective tissue of cross-app surveillance.

Carrier data is collected by your phone company and includes your location (via cell tower connections), your call metadata (who you called, when, for how long), your text message metadata, and potentially your browsing data if you use their DNS servers. This collection is largely unavoidable without extreme measures like using Wi-Fi exclusively and routing all traffic through a VPN — which introduces its own set of trade-offs.

The Proportional Response: What to Do This Weekend

The following steps reduce your phone’s surveillance footprint meaningfully. They are ordered by impact-to-effort ratio, and none of them require you to give up any core functionality.

Audit app permissions (30 minutes). On iOS, go to Settings, then Privacy & Security. Walk through each permission category — Location Services, Contacts, Microphone, Camera, Photos, Tracking — and review which apps have access. For each app, ask whether the permission is necessary for the app’s core function. Your banking app needs internet access; it does not need your microphone. Your ride-sharing app needs location while you are using it; it does not need location “always.” Revoke aggressively. On Android, go to Settings, then Privacy, then Permission Manager. The process is the same. Most people who do this audit for the first time are surprised by how many permissions they have granted without thinking.

Disable the advertising identifier (2 minutes). On iOS, go to Settings, then Privacy & Security, then Tracking, and turn off “Allow Apps to Request to Track.” This prevents apps from accessing your IDFA. Additionally, under Settings, Privacy & Security, Apple Advertising, turn off Personalized Ads. On Android, go to Settings, then Privacy, then Ads, and select “Delete advertising ID.” On newer Android versions, this permanently removes the identifier rather than merely resetting it. This single action breaks the cross-app tracking chain that advertising networks rely on.

Review location sharing (10 minutes). Go through your location settings and change every app that currently has “Always” access to “While Using” or “Never.” The only apps that legitimately need continuous location access are navigation apps during active navigation and find-my-device services. Everything else can function with location access only while the app is open, or with no location access at all. Pay particular attention to social media apps and shopping apps — these frequently request always-on location access for features you likely do not use.

Uninstall unused apps (15 minutes). Every app on your phone is a potential data collection vector, whether you use it or not. Scroll through your app library and delete anything you have not used in the past month. You can always reinstall it later. The app you do not have installed cannot collect your data — this is the most absolute form of permission revocation available.

Limit lock screen notifications. Configure your phone to show notification previews only when unlocked. On iOS, this is under Settings, Notifications, Show Previews, set to “When Unlocked.” This prevents someone who picks up your phone from reading your messages, seeing your email subjects, or viewing other sensitive notifications without your passcode or biometric.

iOS vs. Android: An Honest Comparison

Apple has invested heavily in privacy as a brand differentiator. App Tracking Transparency, introduced in iOS 14.5, requires apps to ask permission before tracking you across other apps — and the majority of users decline. Privacy Nutrition Labels in the App Store show what data each app collects before you install it. On-device processing for features like Siri and photo recognition means more data stays on your device rather than being sent to Apple’s servers. These are genuine, meaningful privacy advantages that require no effort from the user.

Android is more configurable but requires more active management. The open-source nature of Android means that privacy-focused alternatives exist — GrapheneOS being the most notable, which is a de-Googled Android distribution that removes Google’s data collection entirely. But stock Android, which is what the vast majority of Android users run, collects more data by default than iOS and provides fewer out-of-the-box restrictions on app tracking. Google’s business model is advertising; Apple’s is hardware. This difference in incentive structure produces a difference in default privacy posture.

Neither platform is fully private by default. Both Apple and Google collect telemetry data from their devices. Both app stores contain apps with aggressive data collection practices. Both carriers collect location and communication metadata regardless of which platform you use. The difference is one of degree and default, not of kind.

What’s Disproportionate for Most People

Some privacy practices related to phones are effective but impose lifestyle costs that exceed their benefit for most threat models.

Running GrapheneOS — a de-Googled Android operating system — eliminates Google’s data collection entirely. It is technically impressive and genuinely private. It also means losing access to many apps that rely on Google Play Services, dealing with compatibility issues, and accepting a device experience that is meaningfully less convenient. For journalists working with sensitive sources, for activists in hostile states, or for anyone whose threat model includes Tier 4 or 5 adversaries, GrapheneOS is appropriate. For someone whose primary adversary is data brokers and advertisers, the standard permission audit and advertising ID removal deliver most of the benefit at a fraction of the cost.

Using Signal exclusively for all communication is more private than using iMessage or WhatsApp. But communication tools are only useful if the people you communicate with also use them. Switching to Signal for conversations with contacts who also use Signal is proportional. Refusing to use any other messaging platform is a social cost most people will not sustain.

Carrying a Faraday bag — a pouch that blocks all radio signals to and from your phone — prevents location tracking entirely while the phone is inside it. It also prevents you from receiving calls, messages, and notifications. For specific situations (sensitive meetings, visits to locations you do not want recorded in your location history), this is a reasonable tool. As a daily practice, it defeats the purpose of having a phone.

The proportional approach is to reduce what you can — permissions, advertising ID, unused apps, location sharing — without losing the functionality that makes the device valuable. Your phone will still collect some data. Your carrier will still know where you are. But the commercial surveillance layer — the data brokers, the ad networks, the cross-app tracking — can be meaningfully diminished in under an hour of deliberate effort.

This article is part of the Data & Privacy series at SovereignCML.

Related reading: The Privacy Landscape: What’s Real, What’s Theater, Your Threat Model: Who Are You Actually Defending Against?, Passwords and Authentication: The Foundation You’re Probably Getting Wrong