I started this practical privacy audit because I got tired of vague privacy promises from big tech and wanted something I could apply to my own phone in under an hour. If you carry a smartphone from Google, Apple or Microsoft, you’re handing that company a lot of signals about your life—even when you think you’ve turned everything off. Below I walk through what these companies actually collect, how to find the evidence on your device and in their cloud services, and the practical steps I take to reduce telemetry while keeping the phone useful.
What “they collect” really means — types of data to look for
When people ask “what does Google/Apple/Microsoft collect?” they usually mean one of several categories. I group them this way because it helps me audit quickly:
Device & diagnostic telemetry — crashes, hardware IDs, OS version, battery and sensor telemetry.Usage & analytics — app-launch events, feature usage, screen time, search queries.Location & motion — GPS, Wi‑Fi/Cell triangulation, and motion sensor data used for activity detection.Personal data & content — contacts, calendars, messages, photos, emails, documents.Communications with assistants — voice recordings, transcripts, assistant requests.Cloud backups & syncing — photos, device backups, app data in the company’s cloud.Ad & profile data — inferred interests, advertising IDs, cross‑service identifiers.Those categories map to different controls and storage locations. For example, diagnostic telemetry often goes to a telemetry endpoint inside the OS; cloud backups are in Drive/iCloud/OneDrive. Knowing where to look shortens the audit.
Quick summary table: where common data is collected
| Data type | Google (Android/Play) | Apple (iOS/iCloud) | Microsoft (Windows Phone/Surface/Your Phone) |
|---|
| Device diagnostics | Android diagnostic logs, Play Services | Analytics & improvements | Telemetry via Diagnostic Data |
| Location | Location history, Maps, Play Services | Significant Locations, Find My | Location via account services, Find My Device |
| Contacts & calendars | Google Contacts/Calendar sync | iCloud Contacts/Calendar | Outlook/Exchange/OneDrive sync |
| Photos & backups | Google Photos, Drive backups | iCloud Photos, iCloud backups | OneDrive camera roll, backup services |
| Voice assistant | Assistant audio & transcripts | Siri requests & transcripts | Cortana/Assistant logs (limited) |
| Ad profile | Advertising ID, Web & app activity | Advertising identifier, app analytics | Advertising ID (if present) |
How I run a fast, reproducible privacy audit on my phone
I break my audit into three phases: local check, cloud account check, and behavioral changes. That way I get immediate wins (turn off a setting) and longer‑term controls (delete history, change backup settings).
Phase 1: Local device check (10–20 minutes)
Start with the device itself. This reveals what apps can do and what diagnostic settings are enabled.
Open Settings → Privacy / Location / Permissions. Look for apps with blanket access to location, microphone, camera, contacts. Revoke any access that’s not explicitly needed (e.g., flashlight app with microphone access).Check Background App Refresh / App Activity. On iOS this is Background App Refresh; on Android it’s background activity and location permissions “allow only while using the app.” Force restrict high‑risk apps like social networks and ride‑sharing to foreground use only.Diagnostic & usage data: on iOS go to Settings → Privacy → Analytics & Improvements. On Android go to Settings → Google → Usage & diagnostics or System → Developer options. Turn off “Share analytics” if you want to stop sending crash reports and device stats.Advertising ID: Reset or limit ad tracking. iOS: Settings → Privacy → Tracking → Allow Apps to Request to Track. Android: Settings → Google → Ads → Opt‑out of Ads Personalisation and reset advertising ID.Check assistant hotword and audio: Inspect whether voice recordings are uploaded. For Google Assistant, go to myactivity.google.com → Filter by Assistant and delete stored recordings. For Siri, check Settings → Siri & Search → Siri & Dictation History.App permissions snapshot: I recommend installing a permission‑auditing app if you use Android (e.g., Exodus Privacy or Blokada’s permission auditor) to produce a quick list of trackers embedded in apps. On iOS, the inbuilt app privacy report (Settings → Privacy → App Privacy Report) now helps show access patterns.Phase 2: Cloud account review (20–30 minutes)
This is where most long‑term data lives. I sign into the web consoles and inspect the obvious places where companies store synced content.
Google account: myactivity.google.com for search, location, YouTube watch history and Assistant logs. Take time to review “Location History” and “Web & App Activity.” Use the Delete activity by → All time to remove. Then enable auto‑delete for history categories you don’t want retained beyond 3 months.Apple ID / iCloud: Visit privacy.apple.com to request a copy of your data if you want to see everything. iCloud Photos and backups live in iCloud; adjust Settings → [your name] → iCloud to disable app backups or selectively turn off Photos or Contacts. Also check Significant Locations in Settings → Privacy & Security → Location Services → System Services.Microsoft account: For people using OneDrive, Outlook and Windows integration, check account.microsoft.com/privacy. Look for diagnostic data, search history, and location activity tied to the account. Microsoft provides some retention controls—turn off things you don’t want stored.Third‑party apps: Go through OAuth and connected apps: Google → Security → Third‑party apps with account access; Apple → Settings → Passwords & Accounts → Websites & App Passwords; Microsoft → Security → Manage app permissions. Revoke any app you no longer use.Phase 3: Behavioral and architectural changes I actually keep
After the cleanup I change a few habits and settings that produce the most telemetry for the least benefit.
Turn on auto‑delete for histories where available (Google’s auto‑delete, Safari’s Private Browsing with iCloud disabled for search). I generally pick a 3‑month window for Web & App Activity and YouTube history because it balances convenience and privacy.Limit cloud backups: I keep photos backing up to Google Photos but disable full device backups in iCloud/Google Drive for some devices. For sensitive phones I use local encrypted backups via my computer.Use a private assistant alternative for sensitive tasks: I still use Google Assistant for timers and music, but for any sensitive query (banks, health) I avoid voice and use a browser in private mode or an on‑device app that doesn’t sync transcripts.Replace risky apps: If an app requires access to contacts or broad background location but doesn’t justify it, I switch to a privacy‑first alternative or use the web version in a browser sandbox.Two‑factor authentication and account hygiene: I enable 2FA on Google, Apple, Microsoft and review recovery options. Compromise of the account is the biggest risk because it unlocks all cloud copies of your phone data.Tools and logs I use to verify changes
I rely on platform tools and a couple of third‑party apps to validate that settings actually cut telemetry:
myactivity.google.com and account.microsoft.com/privacy to validate deletions and retention.iOS App Privacy Report and Screen Time to see background access patterns.Exodus Privacy (Android) to inspect trackers in apps.Jumbo (iOS/Android) as a privacy manager to automate deletions and tighten account privacy on Google/Facebook/Twitter.One tip I use frequently: after changing settings, I monitor network traffic with a personal firewall (on Android: NetGuard, on iOS limited but use a Pi‑hole DNS at home) for a week. That quickly shows which services an app calls home to and whether my changes reduced outbound telemetry.
If you want, I can produce a printable one‑page checklist you can use on your next phone audit (settings to check, web pages to visit and commands to run). Tell me whether you use Android or iOS and I’ll tailor it to your device and to whether you rely heavily on Google, Apple, or Microsoft services.
