Many apps available for your phone have trackers: hidden software designed to collect data.
These trackers are cross-referenced between your apps to build a comprehensive profile of who you are & what you do, all without your direct consent or control! This post will teach you how to find & stop trackers in your apps.
Finding Trackers
On Android, download the open source app Exodus from the Google Play Store or F-Droid. On first launch, it’ll display permissions of each app, revealing a plethora of unnecessary permissions (which you should disable if possible) - but also trackers. If you go to the ‘Trackers’ tab, it gives you a broad picture of everything on your device. Because your phone has unique identifiers that trackers utilize, having something like Google analytics present on 10 different apps means Google can correlate information between those apps to figure out exactly who you are on a deep level, and the same goes for any of the other trackers.
On iOS, there’s no app like this - as apps can’t easily scan other apps in Exodus-fashion. Luckily, iOS apps are generally made by the same teams and the trackers are often available for both Android and iOS. So it’s generally safe to assume if Exodus shows trackers on its website, then it’s likely iOS has similar ones. Additionally, iOS now includes a setting which allows you to view domains contacted by each application. (Settings > Privacy & Security > App Privacy Report)
One important detail before we crush the trackers:
All Exodus does is reveal the presence of trackers, which in almost all situations reflects if they’re used - but not always.
For example, the Tor Browser shows 3 trackers, but they’re actually inherited from Firefox, and the Tor Browser disables them, so they’re never active. Similarly, some apps have options within them to disable analytics. (which may stop some trackers)
With that said, it’s safe to assume for most applications that the presence of trackers is bad news for you.
Stopping Trackers
There’s no single method to stop all trackers unless you only download tracker-free apps. However, combining all the following techniques is going to give fantastic results:
First, more superficial stuff. Go into the settings of every app and opt-out/turn off anything you can. Some apps may respect these changes and disable certain trackers, and some won’t. Remember settings like ‘disabling analytics’ may only disable a single tracker, but not all.
On many Android devices, you can use a work profile with apps like Shelter which keep your applications separated, so it’s more challenging for separated apps with trackers to be correlated. You could also use separate user accounts using the native Android setting. This option doesn’t directly stop any trackers—it just compartmentalizes them, but it’s still a powerful tool for Android users.
On a similar note, if you’re privileged enough to have multiple devices at your disposal, there’s always the option to separate invasive applications across different devices.
Contact the support or development team for your app. Apps are hard to build, and many developers use frameworks and third-party SDKs that can include invasive elements like trackers. It’s possible the developer doesn’t even know about the trackers!
The obvious, yet less ideal option: simply uninstall an invasive application if you have no further use for it. I guarantee there’s at least one invasive app on your phone that you can comfortably remove with few repercussions.
For invasive applications where you aren’t picky about the app, but still need the use-case provided by the app, consider looking for safer alternatives. For example, if you’re using Spotify, consider looking for alternatives and seeing which alternatives are the most privacy-respecting. (Hint: Apple Music was my top choice, which surprisingly works beautifully on Android as well!)
Network Firewalls. Services like NextDNS and CONTROLD allow you to fine-tune which types of domains are allowed/blocked on your devices via DNS. I suggest you read my coverage of NextDNS to see how powerful of a tool it is and how it’s a perfect tool for preventing your applications from contacting tracker domains. If you don’t want to go the custom DNS route, but you’re already using a VPN, many VPNs like Mullvad & IVPN already include native settings to prevent tracker/ad domains from being contacted. These may be less powerful than certain configurations on NextDNS, but they’ll still take care of the basics.
Local Firewalls. Some custom Android ROMs have networking toggles to fully disable internet for apps that don’t need it. On a more universal note, apps like DuckDuckGo, Netguard & Trackercontrol for Android allow you to limit internet access and even block trackers. Lockdown and AdGuard are options for iOS, and Blokada is an option that works on both Android & iOS. If you’re more technical, you can use something like a Pi-hole.
While firewalls are overall great, combining all techniques is going to give the best possible results: strategically deciding which apps to all-out remove and use alternatives for, utilizing user accounts if you can, using Firewalls, and contacting the support team with your concerns. Everything combined will give you a massive layer of control.
With the trackers stopped - you should be aware this was just a small part of the privacy journey, so if you want to learn about all the ins & outs of your phone, your computer, your accounts, and more, I suggest looking into our Go Incognito Course to learn the ins & outs of privacy and security.
If you want more visuals, I made a video covering this topic: