Every app on your phone is collecting something. The question is what, and whether you can do anything about it. Since 2022, both Apple and Google have made this easier to check — though with some important caveats about how much you can actually trust what they tell you.
Here's a practical walkthrough for both platforms, plus the tools that go further than what the app stores show you.
The honest caveat upfront
Both Apple's App Store and Google Play now show privacy labels — summaries of what data an app collects and how it uses it. These are better than nothing. They're also self-reported, meaning developers fill them in, and neither Apple nor Google independently verifies the claims.
Multiple independent studies have found inaccuracies in both. The labels are a reasonable starting point, not a definitive answer. Keep that in mind as you go through this.
iOS: three places to check
1. The App Store privacy label
Open the App Store, find any app, and scroll down to the App Privacy section. You'll see one of three categories:
- Data used to track you — data collected and shared with third parties for advertising, or shared across apps you don't own
- Data linked to you — data tied to your identity: name, email, purchases, location, usage data
- Data not linked to you — collected anonymously, not tied to your account
Apps with nothing listed show "Data Not Collected." That's either genuinely privacy-respecting or a label that wasn't filled in properly. Worth a search before assuming the former.
Since 2025, Apple also requires apps to disclose specific third-party recipients — so instead of vague "advertising purposes," you might see "Share with Meta for advertising." More specific, and harder to hide behind.
2. iOS Settings → Privacy & Security → Tracking
This shows every app that has requested permission to track you across other companies' apps and websites. You can see what's been granted and revoke it per-app. Any app that shouldn't need cross-app tracking (a note-taking app, a recipe app, a weather app) should be denied here immediately.
3. iOS Settings → Privacy & Security → App Privacy Report
Available since iOS 15.2. Go to Privacy & Security → App Privacy Report and turn it on. After a few days it builds a log showing:
- Which apps accessed your camera, microphone, location, contacts, and other sensors
- Which domains each app contacted in the background
This is the most useful tool iOS gives you — it's based on actual observed behaviour, not developer self-reporting. An app claiming "Data Not Collected" that's quietly pinging ad networks will show up here.
4. Per-permission audit
Settings → Privacy & Security lists every sensor and data type — Location, Contacts, Microphone, Camera, Photos, Health, etc. Tap into each one and review which apps have access. The iPhone Privacy Setup Guide covers this in detail, including which permissions are genuinely needed vs. which are just asked for opportunistically.
Android: two places to check
1. Google Play Data Safety section
Open the Play Store, find an app, scroll to Data safety. Similar structure to Apple: what's collected, whether it's shared, whether it's encrypted in transit. Same self-reporting caveat applies.
2. Settings → Privacy → Permission Manager
Lists every permission type and which apps have access. Go through Location, Microphone, Camera, Contacts, and Phone at minimum. Android lets you set location to "only while using" — anything set to "allow all the time" that doesn't need it (a flashlight app, a game) should be changed.
The tool that actually goes deeper: Exodus Privacy
For Android, Exodus Privacy is the most useful independent tool available. It analyses the actual APK — not the store listing — and shows you which third-party tracking SDKs are embedded in the app, plus what permissions it requests.
The difference matters. A Play Store Data Safety label might say an app collects "anonymous usage data." Exodus might reveal it's running the Facebook SDK, Google Analytics, AppsFlyer, and Adjust simultaneously. All of that can be true at once.
You can use it two ways:
- Web: Go to reports.exodus-privacy.eu.org, search any free Play Store app, get a full report without installing anything
- Android app: Available on Google Play and F-Droid — scans apps you have installed and shows results per-app
Exodus is Android-only. There's no equivalent for iOS because Apple doesn't allow the kind of APK-level analysis Exodus performs.
What to actually do with this information
Finding trackers is the easy part. Your options once you find them:
Delete the app. The cleanest option. If an app you use occasionally has an aggressive tracker profile, ask whether it's worth keeping.
Use the web version instead. Many apps have a mobile website that works fine and runs in a browser you've already configured with content blocking. The uBlock Origin guide covers how to get that set up.
Revoke permissions aggressively. Most apps work fine with fewer permissions than they ask for. Location is the most abused — deny it entirely for anything that doesn't genuinely need it, and set it to "only while using" for anything that does.
Deny tracking requests on iOS. When an app asks "Allow [App] to track your activity across other companies' apps and websites?" — the answer is almost always no. The app continues to work. It just can't link your behaviour across platforms for advertising.
The bigger picture
App tracking is one piece of a larger data collection problem. The digital footprint guide covers what else is out there — data brokers, public records, account leaks — and what you can do about each.
The practical goal here isn't zero data collection (that's not realistic). It's reducing the collection you haven't consciously agreed to — the background SDKs, the cross-app tracking, the permission grabs you approved without thinking. That's achievable.
Updated April 2026. Originally published June 2023.
