For celebrating Android receiving a court complaint that is worth €3.7 billion because of GDPR, write some of my Android experience and self-defense guide~
I started using Android (as a toy but not as a phone :3) with a second-hand Acer Liquid A1 (OS version is probably 2.1 [ref]) in 2010 and at that time I still had no any concept about personal data and privacy. I was using Nokia (N73, 5800) as my main phone and later switched to Blackberry (9700, Q10). My second Android phone is the one I'm holding now - YotaPhone 2, which was bought in Aug. 2016.
And now begins the guide :3
For protecting our privacy, what we need to do is to restrict Internet connection of ~~some~~ many evil components of the Android system, then use only FLOSS apps if possible.
For non-rooted phone, there is NetGuard:
NetGuard provides simple and advanced ways to block access to the internet - no root required.
Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.
But from its Github FAQ page:
(1) Can NetGuard completely protect my privacy?
No - nothing can completely protect your privacy. NetGuard will do its best, but it is limited by the fact it must use the VPN service. This is the trade-off required to make a firewall which does not require root access. The firewall can only start when Android "allows" it to start, so it will not offer protection during early boot-up (although you can disable your network before rebooting). It will, however, be much better than nothing.
Android N and later allows NetGuard to be an Always-On VPN. On Android O do not enable 'Block connections without VPN', see question 51) for more information on this.
To protect yourself more, remember to disable Wi-Fi and mobile data before rebooting, and only enable them on reboot, after the firewall service has started (and the key icon is visible in the status bar).
Yep, there is sth called startup data leak, and for non-rooted phone a user needs to disable Wi-Fi and mobile data everytime before rebooting to avoid it..
For rooted phone, there is AFWall+
Under 3-dot menu > Experimental Preferences:
Fix startup data leak
Prevent data leaks during system startup. Your ROM must have init.d or su.d (superSU) support. HTC devices must be configured for S-OFF.
This feature has been experiemental for more than 1 year btw..
Also I know a proprietary app called Lightningwall, in default it fixes startup data leak and requires Xposed framework. It doesn't require Internet Access permission, so probably a fine choice.
That's all, protecting our privacy in Android phone is that simple, isn't it :D
Actually there are a lot of other things that can be done. You may find some clues from the small note I created after bought and heavily tweaked my Yotaphone 2 :3
Recently bought my first Android phone (Actually I had an Acer liquid A1 in 2010, but I didn't use it as a phone :P also I'm with my third Android tablet ~). Blackberry said they won't develop Android phone until it's secure enough. Well, I likewise but won't use Android as Phone until I can defense my privacy enough ~
So here are the things I have done:
unlock bootloader, install TWRP and flash SuperSU (Later may try this one), also flash xposed framework.
Install Busybox and System App Mover from F-droid and delete all the system apps I can delete, like those from *. Actually after moving a lot of system apps my phone can't boot into UI again :3 but I survived it after manually deleted them from /data/app/, also my phone was shipped with Lollipop, so here I also install Laucher3 from F-Droid before delete the default UI. Then find alternatives from F-Droid, examples are Opencamera, QKSMS, Simple Gallery, OSMAND~, Icecat Mobile, VLC, Vanilla Music, Hacker's Keyboard.
install Xposed Installer and then Prevent Running 2.3.2, AppOpsXposed from it. Install AFWall+, OS Monitor, Autostarts, Network Log, Application Info, Kernel Adiutor from F-droid. Then tweak, tweak, tweak ...
Install GravityBox, Physical Button Music Control 3.0.5 Beta, Xposed Additions from Xposed Installer and tweak ...
Other interesting apps I have installed
From F-Droid: Twidere, Activity Launcher, Hayai Launcher, Kiwix, Notification Notes, Permissions, Pixel Dungeon, QuickLyric, Search Based Launcher, SmartNavi, Tint Browser, Wikipedia, uNote
From Xposed Installer: Fix Lollipop Memory Leak, MobileRadioActiveFix
But in the end, any bored IT student in your next room could easily hack your phone when there was a new interesting 0-day bug.. So.. please support Linux Phone projects like PostMarket OS and Librem 5 :D