Your phone is listening (sort of) — what to switch off
25 Jun 2026 · 3 min read · Comments
This article contains affiliate links. If you buy through them, we may earn a commission — at no extra cost to you.
You mention something in passing. Then you see an ad for it. It feels like the phone was listening. The reality is slightly different — and in some ways more unsettling.
The "phone listening" fear is mostly wrong but not entirely. Most apps don't need your microphone to know what you're thinking about — they know your location, your browsing history, your purchase patterns, your network associations, and the browsing histories of everyone around you. The profile they build is detailed enough that they often seem to predict interests you haven't expressed yet.
That said, some apps do have microphone permissions they don't need. Some use ambient audio features. And the broader data collection happening on your phone, by default, is substantial — location data, app usage, contacts, browsing — shared with advertisers you've never interacted with.
What to actually turn off
The setting that matters on every network
Revoking microphone permissions and turning off ad tracking cuts what apps can collect about you on your device. But once traffic leaves your phone — over public Wi-Fi at a coffee shop or airport — a different problem starts: anything unencrypted is readable by others on the same network.
A VPN with auto-connect on unsecured networks handles this automatically. NordVPN on mobile: set to activate whenever you join a network without a password, and your traffic is encrypted before it leaves your phone. You connect to the airport Wi-Fi, the VPN turns on silently, and you continue.
- Auto-connect on open Wi-Fi — set once, runs automatically
- Covers iOS and Android on one subscription
- Threat Protection Lite: blocks known malicious sites and ad trackers on mobile
Your phone knows a remarkable amount about you. Some of that collection is the price of the services you use. But a large portion of it is default settings nobody told you about — and most of it you can turn off in under ten minutes.
Frequently asked questions
What is credential stuffing?+
Credential stuffing is when attackers take email and password combinations exposed in one breach and automatically try them against other services. If you reuse passwords, a breach at one site gives attackers access to every account with the same credentials.
Is it safe to store all your passwords in one place?+
Yes, when using a reputable password manager. The encrypted vault is far more secure than reused or weak passwords. Password managers like NordPass use zero-knowledge architecture — meaning even the company cannot see your stored passwords.
What is two-factor authentication and should I use it?+
Two-factor authentication (2FA) requires a second verification step beyond your password — typically a code from an app. Use an authenticator app (Google Authenticator, Authy) rather than SMS codes, which are vulnerable to SIM-swap attacks.
