In 2024, Australian businesses and government agencies reported 1,113 data breaches to the Office of the Australian Information Commissioner — the highest number since mandatory reporting began in 2018, and 25 per cent more than the year before. Every breach makes the news. Companies apologise. Senators ask questions. And everyone goes back to carrying the same phone that’s been quietly sending data to servers in California since the moment they turned it on.
That’s the bit nobody seems to want to talk about. Not the breaches — the tracking that’s working exactly as it’s supposed to.
Phone tracking Australia-wide isn’t a glitch or a hack. It’s the business model. And if you’re on a standard Android phone — which about 54 per cent of Australians are — it starts before you’ve even opened a single app.
In February 2025, Professor Doug Leith at Trinity College Dublin published research showing that Google Play Services stores advertising cookies and unique device identifiers on your handset the moment it connects to a network — before any Google app has been opened, before you’ve signed into anything. His conclusion was blunt: “I think we have completely missed the massive and ongoing data collection by our phones, for which there is no opt out.”
That’s not a blogger. That’s a professor of computer systems who sat down and measured it.
The OAIC’s own 2023 Community Attitudes to Privacy Survey found that 62 per cent of Australians already consider protection of their personal information a major concern — yet only 32 per cent feel they actually have any control over it. Half said they feel like they have no choice but to hand their data over if they want to use a service. That’s not paranoia. On a standard Android phone, that’s an accurate description of reality.
So here are five practical steps to reduce phone tracking in Australia. I’ll be straight with you about what each one actually does — and where its limits are. Some work on any Android phone right now. Others require a more fundamental decision. You deserve to know the difference before you start.
For the broader picture on surveillance in Australia — data brokers, government access, the Bunnings facial recognition scandal — read our post on Big Tech companies in Australia.
Most people, when they think about phone tracking, think about location. It goes a lot deeper than that.
Google’s own privacy policy says your Android phone “periodically contacts Google servers” to share your device type, carrier, which apps you’ve installed, crash reports, and “other information about how you’re using your Android device.” Periodically. Whether you like it or not.
Earlier Trinity research found Android phones send up to 20 times more data to their manufacturer than iPhones send to Apple. A separate Trinity study found that Google’s Messages and Dialer apps — pre-installed on over a billion devices — report to Google every time a message is sent or received, including a timestamp and a unique identifier tied to the message. No opt-out.
A 2025 study in Cybernetics and Information Technologies analysed nearly 5,000 Android apps and found that 67.7 per cent of them misrepresented what they actually collect compared to what they declared in Google’s Data Safety section. Two thirds. The self-reporting system Google relies on has no real enforcement behind it.
And it goes beyond the apps themselves. Location tracking works through GPS, cell towers, and Wi-Fi network positioning simultaneously — your phone can place you within a few metres even with GPS switched off. Airplane mode cuts cellular and Wi-Fi, but the GPS radio keeps running. A torch app that asks for your microphone has one reason for that: someone will pay for what it hears. Your MAC address is being broadcast to every Bluetooth beacon and Wi-Fi probe you walk past, whether you’re connected to anything or not.
Bunnings ran facial recognition across 63 stores for three years, scanning hundreds of thousands of Australians without telling them. The OAIC ruled it a breach of the Privacy Act in 2024. Your phone is running a version of that same silent data collection, every single day, at a scale that makes Bunnings look restrained.
Want to know which apps to replace while you’re at it? Read our complete Android app alternatives guide
This is what Android privacy in Australia looks like in 2026. Here’s what you can do about it.
This is the first thing anyone should do to stop Big Tech tracking their phone, and you can do it right now on any Android.
Go to Settings → Privacy → Permission Manager. Work through every category — Location, Microphone, Camera, Contacts, Calendar, Phone, Body Sensors. For each app, ask yourself one question: does this app actually need this to do its job?
A weather app needs your location. It doesn’t need your microphone. A social media app might need your camera. It doesn’t need your contacts or your precise location running in the background all day. A shopping app has no business touching your call logs.
“Allow only while using the app”
– location and microphone access is limited to when the app is open and visible on screen. The right choice for apps with a genuine need.
“Ask every time”
– the app requests permission each session. Good for camera access on apps you open occasionally.
“Don’t allow”
– the permission is blocked entirely. Use this for anything with no obvious legitimate need for the data.
On Android 12 and above, Settings → Privacy → Privacy Dashboard shows you which apps have accessed your location, microphone, and camera recently. If something accessed your microphone while you weren’t using it, that’s worth a closer look.
One thing to be clear about: this controls what apps collect. It doesn’t touch what Google’s own Play Services infrastructure is doing underneath. That operates at a level app permission controls simply don’t reach.
Every search, every browse, every download through the Google Play Store is logged to your Google account and fed into your advertising profile. There are better options — and using them is one of the more effective ways to reduce Android phone tracking.
F-Droid is a free, open-source app store that operates completely outside Google’s ecosystem. Every app is open-source, reviewed before it’s listed, and signed by F-Droid’s own verification. No trackers, no advertising, no Google account. Around 5,000 apps including Signal, Brave, KeePassXC, and Organic Maps. This should be your first stop.
Aurora Store gives you anonymous access to the full Play Store catalogue — banking apps, work tools, streaming services — without a Google account. It also shows you how many trackers an app contains before you install it. Get it through F-Droid.
APKMirror hosts APKs verified against the original developer’s cryptographic signature. Useful when you need a specific app or version outside the Play Store ecosystem.
There’s something worth knowing about F-Droid in 2026 though. Google has announced that from September 2026, all apps on certified Android devices must pass Google’s verification system — something F-Droid can’t comply with due to how it signs its apps. If you’re on a standard Android, that window is closing. We’ve written about what Google’s Android restrictions mean in detail. On a FreedomTech deGoogled phone running GrapheneOS, none of this applies — more on that below.
A VPN encrypts your traffic between your phone and the VPN server, hides your IP address from the sites you visit, and stops your internet provider logging every site you go to. It’s a meaningful layer when it comes to reducing phone tracking — but it has limits you should know about.
Free VPNs are almost always the wrong move. If you’re not paying, the product is your data. That’s the opposite of what you want.
We recommend Mullvad VPN. No name, no email, no identifying information at signup — you get an account number and that’s it. You can pay in cash. Every server runs on RAM-only infrastructure with no hard drives, so there’s nothing to hand over if anyone came asking. Swedish police already tried and walked away with nothing. About AU$9 a month, independently audited, and pre-installed on every FreedomTech laptop.
If cost matters, Proton VPN has a genuinely functional free tier. Swiss-based, strong no-logs record, and leagues better than anything free you’ll find in the Play Store.
One honest caveat: a VPN on a standard Android phone doesn’t stop Google’s own Play Services communicating with Google’s servers. That traffic runs below the VPN layer. The VPN protects you from outside observers — it doesn’t stop Google seeing what Google’s own software is sending home.
here’s a layer of tracking that permissions and VPNs can’t reach — Google’s own built-in infrastructure. Here’s how to limit it.
Delete your Advertising ID. Go to Settings → Privacy → Ads. On Android 12 and above you can delete it entirely. On older versions, reset it and opt out of personalised ads. This cuts cross-app tracking through the Google Advertising ID. It doesn’t stop Google’s underlying data collection.
Audit your Google account settings. Go to Settings → Google → Manage your Google Account → Data & Privacy. Turn off Web & App Activity, Location History, YouTube History, and Ad personalisation. To be clear — this limits what Google does with collected data. It doesn’t stop the collection itself.
Turn off Hey Google. Go to Settings → Google → Search → Voice → Hey Google and switch it off. Wake word detection works by always listening for the trigger phrase — that’s the whole point of it. Turn it off and delete your voice history at myactivity.google.com.
Replace Chrome with Brave. Chrome reports your browsing to Google by default. Brave is built on the same Chromium base — same sites, same extensions, zero learning curve — but blocks trackers and fingerprinting by default, clears cookies when you close it, and has no connection to Google’s ad network. It’s what we put on every FreedomTech device, configured with Shields on Aggressive.
Everything above is software. And software privacy has a hard ceiling.
Your phone is a radio. It broadcasts cellular, Wi-Fi, Bluetooth, and GPS signals continuously — regardless of what settings you’ve changed, what permissions you’ve revoked, or what VPN you’re running. Cell towers, Wi-Fi beacons, and Bluetooth sensors in your environment all pick up those signals passively. The software can’t turn the radio off.
The only way to deal with that is at the hardware level. A Faraday bag is a signal-blocking pouch that stops radio frequencies entering or leaving. Phone goes in, phone disappears — no cell towers, no Wi-Fi, no Bluetooth, no GPS. It can’t be tracked, located, or contacted.
You don’t carry your phone in one all day. You use it when it matters — sensitive meetings, airport and border crossings, anywhere you need the device to be genuinely unreachable rather than just theoretically unreachable.
We stock the full SLNT range of Faraday bags — phone sleeves, laptop bags, backpacks, key fob guards. Military-grade shielding that blocks cellular, Wi-Fi, Bluetooth, GPS, RFID, NFC, and EMF.
Steps 1 through 4 are worth doing. But here’s what most articles on phone tracking Australia skip over
All of these steps operate inside a system that was designed for data collection. You’re adjusting the settings of that system. You’re not replacing it.
Google Play Services — the background infrastructure running underneath almost everything on a standard Android phone — operates at a level that individual settings don’t reach. The Trinity research showed it’s storing tracking cookies before a single Google app has been opened. Deleting your advertising ID doesn’t stop it. A VPN doesn’t intercept it. Revoking app permissions doesn’t govern it. It runs below all of that.
The OAIC survey found that 58 per cent of Australians don’t know what organisations do with their data, and half feel they have no choice but to hand it over. On a standard Android phone, that’s not confusion — that’s an accurate read of the situation.
If you want to actually stop phone tracking in Australia rather than just reduce it, the answer is removing Google’s infrastructure from the device entirely. That means GrapheneOS.
GrapheneOS is built on Android’s open-source foundation — without Play Services, without advertising identifiers, without any of the telemetry infrastructure. It sends nothing to Google because there is nothing there to send. App permissions are genuinely granular: you can restrict an app to approximate location only, block it from the internet entirely, or limit network access by profile. MAC address randomisation runs per connection. No pre-installed Google apps, no wake word listener, no advertising ID.
It runs on Google Pixel hardware — Titan M2 chip, relockable bootloader, verified boot. Edward Snowden has used and recommended it. We install it on every phone we sell, configure it ourselves, and every phone ships with the FreedomTech manual so you’re never left guessing.
And when Google’s 2026 app restriction policy kicks in? It doesn’t affect GrapheneOS — that policy is enforced through Play Services, which GrapheneOS doesn’t include. F-Droid and everything else keeps working exactly as it does today.
Yes. Cell tower triangulation gives approximate location without GPS. Wi-Fi positioning can narrow it significantly. Airplane mode cuts cellular and Wi-Fi but the GPS radio keeps running — you'd need to turn off GPS separately. A Faraday bag handles all of it at once.
The evidence for continuous background audio recording beyond wake word detection is thin. But the honest answer is — Big Tech doesn't need to listen to your conversations. Your search history, location patterns, app usage, purchase behaviour, and message metadata already build a profile more accurate than anything eavesdropping could produce. Still worth revoking unnecessary microphone permissions.
It masks your IP from external sites and encrypts your traffic from your ISP. It does not stop Google Play Services collecting device data — that happens within Google's own infrastructure, below the VPN layer. A VPN is one useful tool. Anyone telling you it solves phone tracking entirely is overselling it.
Yes. Every app in F-Droid's catalogue is open-source — the code is publicly available for anyone to audit. Apps are reviewed before listing. No advertising, no trackers, no Google account. From September 2026 it faces restrictions on standard Android devices. On GrapheneOS it works without restriction, permanently.
On a standard Android, privacy settings control what individual apps can access. They don't control what Google's own infrastructure collects underneath. A deGoogled phone running GrapheneOS removes that infrastructure entirely. No advertising ID, no telemetry, no background connections to Google's servers, no data collection the user hasn't explicitly switched on. It's the difference between adjusting the settings on someone else's system, and running your own.
Phone tracking Australia — it’s documented, measured, and happening right now on most smartphones in this country. The five steps above are all worth taking — they will reduce what gets collected. But if you’re done managing around the problem and want to remove it, a deGoogled phone running GrapheneOS is how you do that.
Every phone we sell is a Google Pixel running GrapheneOS — built and configured by us here in Australia. F-Droid installed. Privacy apps set up. Your phone ships with the FreedomTech manual so you’re never left guessing.
Reach us at [email protected] or jump on our Telegram channel for quick questions.
Found this useful? Pass it on to someone who needs it.
