>
ADVERTORIAL

Your phone is listening (sort of) — what to switch off

25 Jun 2026 · 3 min read · Comments

This article contains affiliate links. If you buy through them, we may earn a commission — at no extra cost to you.

You mention something in passing. Then you see an ad for it. It feels like the phone was listening. The reality is slightly different — and in some ways more unsettling.

The "phone listening" fear is mostly wrong but not entirely. Most apps don't need your microphone to know what you're thinking about — they know your location, your browsing history, your purchase patterns, your network associations, and the browsing histories of everyone around you. The profile they build is detailed enough that they often seem to predict interests you haven't expressed yet.

That said, some apps do have microphone permissions they don't need. Some use ambient audio features. And the broader data collection happening on your phone, by default, is substantial — location data, app usage, contacts, browsing — shared with advertisers you've never interacted with.

What to actually turn off

PHONE SETTINGS — WHAT TO REVIEW
!
Microphone permissions
Revoke from any app that doesn't need it — social, shopping, utilities
!
Location — always on
Change to "while using" or "never" for apps that don't need it. Very few do.
~
Ad tracking / personalised ads
iOS: Settings → Privacy → Tracking → turn off. Android: Google → Ads → opt out.
~
Contacts, photos, calendar access
Audit which apps have these. Most don't need them.
VPN — on public networks
Encrypts traffic leaving your phone on untrusted Wi-Fi. Worth having set to auto.

The setting that matters on every network

Revoking microphone permissions and turning off ad tracking cuts what apps can collect about you on your device. But once traffic leaves your phone — over public Wi-Fi at a coffee shop or airport — a different problem starts: anything unencrypted is readable by others on the same network.

A VPN with auto-connect on unsecured networks handles this automatically. NordVPN on mobile: set to activate whenever you join a network without a password, and your traffic is encrypted before it leaves your phone. You connect to the airport Wi-Fi, the VPN turns on silently, and you continue.

Your phone knows a remarkable amount about you. Some of that collection is the price of the services you use. But a large portion of it is default settings nobody told you about — and most of it you can turn off in under ten minutes.

Frequently asked questions

What is credential stuffing?+

Credential stuffing is when attackers take email and password combinations exposed in one breach and automatically try them against other services. If you reuse passwords, a breach at one site gives attackers access to every account with the same credentials.

Is it safe to store all your passwords in one place?+

Yes, when using a reputable password manager. The encrypted vault is far more secure than reused or weak passwords. Password managers like NordPass use zero-knowledge architecture — meaning even the company cannot see your stored passwords.

What is two-factor authentication and should I use it?+

Two-factor authentication (2FA) requires a second verification step beyond your password — typically a code from an app. Use an authenticator app (Google Authenticator, Authy) rather than SMS codes, which are vulnerable to SIM-swap attacks.

Encrypt your phone's traffic on every public network
NordVPN auto-connects on open Wi-Fi, runs silently in the background, and keeps your mobile traffic encrypted wherever you are.
⭐ 4.7/5 · 14+ million users
Get NordVPN →

Sam Feldman
Sam Feldman
"A good banner has no fixed form and has no inherent meaning."
Austin, TX · https://sams.blog/weekly
RELATED READING
The password catastrophe nobody thinks about
You reuse one password. The hackers are counting on it.
Password managers, explained for normal people
You’re About to Get the Exact Security Setup I Built for My Own Parents — the One That Actually Works

Most people have one layer of protection. They’re missing three.

  • The 3-layer setup I’d never skip — stripped to what matters.
  • Who’s really watching you — your browser, your provider, and the “free” tools selling your data. How to shut them out.
  • A 30-second leak check — most people’s passwords are already out there. See if yours are, and what to do.
  • Pull your info back, data brokers are selling your address and number right now. Here’s how to get removed.

20 minutes, start to finish — then it runs in the background. Enter your email and I’ll send it over.

Something went wrong — please try again.
You're in — check your inbox shortly.
100% confidential. Unsubscribe anytime.