Your Phone Is Tracking You Right Now: Here's What to Do About It

Photo by Nikita Chaturov

You carry a tracking device everywhere you go.

It knows where you slept last night. It knows which coffee shop you were at on Tuesday morning, how long you stayed, and what route you took home. It knows who you called, when, and for how long. It knows your search history, your political interests, your health concerns, your relationship status, and your financial anxieties — because you typed all of it into apps that were designed, first and foremost, to collect that data.

That device is your phone.

This isn't paranoia. This is the documented business model of the most powerful companies on earth. And the first step toward digital sovereignty is understanding exactly what's happening — so you can decide what to do about it.

---

How Your Phone Tracks You

There are multiple layers of tracking happening simultaneously, most of which you never consciously agreed to.

GPS Location

When apps request location access, many use it far more broadly than their stated purpose. Weather apps, delivery apps, games — they all request location, and many log it continuously even when you're not using them.

Cell Tower Triangulation

Even with GPS disabled, your carrier knows your approximate location at all times based on which towers your phone pings. This data is retained, and in the US it has been sold to third-party data brokers — a practice that has faced legal challenges but persists in various forms.

Wi-Fi and Bluetooth Scanning

Your phone constantly scans for nearby Wi-Fi networks and Bluetooth devices even when you're not connected to anything. Retail stores use this to track your movement through their spaces. Your device is broadcasting a unique identifier that can be logged.

Advertising IDs

Both Android and iOS assign your device a unique advertising identifier. This ID connects your activity across apps and is used to build a detailed behavioral profile that follows you around the internet and into the physical world.

App Permissions

Microphone, camera, contacts, calendar, photos — apps request access to far more than they need. And many use that access in ways buried deep in terms of service that no one reads.

Metadata

Even when content is "private," metadata tells a story. Who you called, when, how long. Which apps you opened. When you picked up your phone at 3am. Metadata is extraordinarily revealing.

---

The Business Model Behind the Tracking

This isn't accidental. The entire advertising-funded internet was built on a simple trade: free services in exchange for your data.

Your attention and your behavioral data are the product. Every search, every scroll, every purchase signal gets fed into models that predict your behavior, influence your decisions, and get sold to advertisers, insurers, employers, and governments.

The problem isn't just privacy. It's power. When someone else holds a comprehensive model of your behavior, your fears, your desires, and your vulnerabilities — they have leverage over you that you may not even be aware of.

Reclaiming that is what digital sovereignty looks like in practice.

---

Who Actually Buys Your Data

The advertising pitch is the friendly face of surveillance. Behind it is a much larger market.

Data brokers are companies whose entire business is aggregating, packaging, and selling your behavioral profile. There are thousands of them. They buy from apps, from loyalty programs, from public records, from other brokers. They sell to anyone willing to pay — and the buyers are not always who you'd expect.

Insurance companies use behavioral and location data to assess risk. Where you go, how often, at what hours — this can influence your rates. Some health insurers have experimented with purchasing fitness and lifestyle data to inform underwriting decisions.

Employers increasingly use background check services that pull from data broker profiles. What you do online, what groups you're associated with, what your digital footprint suggests about your lifestyle — all of it can surface in ways you'd never anticipate.

Law enforcement purchases location data from brokers to bypass the warrant requirements that would normally apply to carrier data. This practice — buying what they couldn't otherwise legally obtain — has been documented and is the subject of ongoing legal battles.

Foreign intelligence services actively target commercial data brokers. A comprehensive behavioral profile of millions of Americans is extraordinarily valuable to adversaries. Your data, pooled with everyone else's, becomes a national security issue — not just a personal one.

This isn't hypothetical. These are documented, ongoing uses of the data economy you're participating in every time you open an app without thinking.

---

What You Can Do Right Now

You don't have to throw your phone in the ocean. But you can significantly reduce your exposure with deliberate, layered choices. (For a more curated starter set beyond the phone, see 5 Privacy Tools Every Sovereign Individual Needs.)

1. Audit your app permissions immediately.

Go to Settings → Privacy (iOS) or Settings → Apps (Android). Review which apps have access to your location, microphone, camera, and contacts. Revoke everything that isn't essential. Be ruthless.

2. Disable or reset your advertising ID.

• iOS: Settings → Privacy & Security → Tracking → disable "Allow Apps to Request to Track." Also go to Apple Advertising and turn off personalized ads.
• Android: Settings → Privacy → Ads → Delete advertising ID.

3. Use location sparingly.

Set apps to "While Using" instead of "Always." Better yet, only enable location for apps that genuinely require it. Turn off location entirely when you don't need it.

4. Switch to a privacy-respecting browser.

Brave blocks trackers and ads by default. On mobile it does the same. Use it instead of Chrome or Safari for daily browsing.

5. Use a private search engine.

DuckDuckGo, Brave Search, or StartPage. Stop feeding your queries to Google. Your searches reveal more about you than almost anything else.

6. Move away from Big Tech messaging.

Signal is end-to-end encrypted and open source. Use it for sensitive conversations. iMessage has encryption but Apple holds keys. SMS has essentially no privacy.

7. Use a VPN — but choose wisely.

A VPN masks your traffic from your ISP and network observers. But a bad VPN just moves the trust problem. Use one with a verified no-logs policy, open source code, and a solid privacy track record. Mullvad and ProtonVPN are strong choices.

8. Turn off Wi-Fi and Bluetooth when not in use.

Simple. Eliminates passive scanning. Takes two seconds.

9. Consider a privacy-focused phone.

If you want to go deeper — GrapheneOS on a Pixel device removes Google entirely and gives you granular control over every permission. (Our full degoogle guide walks through every Google service and its replacement.) It's a significant step but a powerful one for serious sovereignty.

---

The Mindset Shift

The goal isn't to become invisible. It's to be intentional.

Every permission you grant is a choice. Every app you install is an agreement. Every convenience has a cost — and that cost is usually data about you.

Once you start seeing it this way, the fog lifts. You stop passively handing over your digital life and start actively deciding what you share, with whom, and on what terms.

That's sovereignty. Not perfection — intention.

Your phone can be a tool that serves you. Right now, for most people, it's the other way around.

Flip that.

---

Your Sovereignty Level: Where to Start

Privacy can feel overwhelming when you look at the full picture. Don't try to do everything at once. Pick your level and start there.

Level 1 — Aware (Start Here)

Audit your app permissions. Reset your advertising ID. Switch to Brave on mobile. Use DuckDuckGo. Turn off Wi-Fi and Bluetooth when you're not using them. These changes take less than an hour and immediately reduce your exposure.

Level 2 — Intentional

Switch to Signal for messaging. Set up ProtonVPN or Mullvad. Move your email to ProtonMail. Start using a password manager. Review which apps you actually need and delete the rest. You're now operating with significantly more control than 95% of people.

Level 3 — Sovereign

De-Google your life. GrapheneOS on a Pixel device. Self-hosted or privacy-first services wherever possible. Minimal app footprint. You understand your threat model and you've made deliberate decisions at every layer.

You don't have to reach Level 3 tomorrow. But you should know it exists — because sovereignty isn't a destination, it's a direction.

Start moving.

---

Tools mentioned: Brave Browser (brave.com), Signal (signal.org), ProtonVPN (protonvpn.com), Mullvad VPN (mullvad.net), GrapheneOS (grapheneos.org)