My android phone setup 2026 edition

4 years ago I wrote about my Android phone work profile setup [WPS]. As companies become more security conscientious, the (imho useful) topic of work profiles has diminished and employees are just handed a second device, managed 100% by the company. But Android is still an interesting ecosystem which has evolved over time, so I thought I’ll write my current setup down. I’ll discuss only topics that I think might be of general use, I won’t go into location-specific topics like public transportation or fuel price comparison apps.

Bill of materials

OS configuration

Auto-updates disabled: I’ve disable auto-updates in the Play store. For once, the increase in supply chain attacks means that I’ll be among the first to suffer an attack when an app is updated with a compromised dependency. But I’ve also observed a sad trend where developers make well-running applications worse, as happened in the case of Nova Launcher where a recent updated flooded the launcher with advertisement. To disable auto updates: Play store -> Settings -> Network preferences -> Auto-update apps -> Don’t auto-update apps. Two words of warning: you should periodically manually update apps, ideally after checking comments for nasty additions. Also, it has happened to me that after an OS update, auto-updates were enabled again; so you might want to take your phone offline after an update and before the reboot to ensure auto-updates are still disabled.

5G disabled: I don’t live-stream not do I watch videos on the phone, so I don’t need 5G. Disabling 5G might increase battery life, so: Settings -> Connections -> Mobile networks -> Network mode -> 4G preferred

Auto blocker: that’s a set screws that need tightening; blocks installing software from other sources than the play store, hijacking through USB, scans images for maleware in messaging apps etc. Settings -> Security and privacy -> Auto Blocker. I don’t use app protection because it enforces annoyances like no 2G, not auto-connecting to open wifis etc.

Misc. security:
– Settings->security and privacy->More security settings-> block usb connections while locked, inactivity restart, android safe browsing

Manual updates: there are system updates that either aren’t triggered automatically or very rarely, and they’re scattered around the OS.
– Play system updates: Settings -> Security and privacy -> Updates -> Google Play system update
– Google service updates: Settings -> Google -> Google services -> All services -> System services: there’s a ton that’s either deprecated, not being updated, or not installed.

Samsung account/Samsung Galaxy store: no to both. Important updates come via OS and Play store updates. The few times I enabled the Galaxy store it just installed annoying bloatware.

Lock screen: obviously, that’s enabled. But there are tweaks:
– Settings -> Lock screen -> Secure lock settings: enable Lock network and security (if somebody steals your phone, they can’t disconnect network).
– Contact information: record a way to contact you, if a decent person finds your phone and wants to return it.
– Notifications: Settings -> notifications -> hide content while locked

Shortcut maker: Shortcut maker [SHM] creates home screen shortcuts to hidden or buried Android settings. Settings I use:
– a direct link to the Wifi scanner
– a direct link to the mobile radio power setting. That’s a hidden Android setting which allows changing mobile radio settings, like the supported or enforced protocols. It’s useful to force your phone to stay on a particular protocol like 2G in bad conditions (or when you want to save power) or 5G when it downgrades too fast.
– in the past I used a direct link to wifi calling, but that’s a first-class OS setting now

Firewall: Rethink DNS [RDS] stops selected apps from connecting to the internet. This should be an Android feature. Unfortunately it’s not. Fortunately it’s free. Rethink DNS installs itself as a VPN, so Android routes all network connections through the app. You can then monitor each connection (when, what, which app, where to), define rules that allow or block the connections. You can set up custom DNS servers, eg. Cloudflare or your own, which supports secure DNS like DNS-over-HTTPS. Last, not least, you can couple Rethink DNS with your own Wireguard VPN. I recommend starting by blocking all apps and selectively enabling them. Caveat: if you’ve enabled system backups, these backups will kill Rethink DNS at midnight when the backup happens without re-starting it. I’ve found no good solution to that issue. It’s either disabling backups, or re-starting Rethink DNS every morning.

Email: MS Outlook [OUT]. I haven’t tried that many email apps, but I stuck with Outlook because it supports multiple accounts, all major webmail providers and protocols, including Exchange and the widget is very configurable and can display multiple accounts at once.

Launcher: Nova Launcher [NOV] was the best launcher for Android for a long time: light, the pro version is cheap, extremely customisable: flexible home screen grid options, gesture support. It appears that they recently included advertisements, which left them with an overwhelming number of bad reviews. Because I’ve disabled auto updates, I’m thankfully immune to the update, but I dread the day I have to get a new phone.

Widgets: Google calendar in schedule view, Outlook inbox and a clock. Very useful for QR/bar codes you have to show often: use an image widget of the QR code on one of the home screen pages. That way you can just swipe to the QR code and present it. I’m using the “Real simple image widget”, which unfortunately has disappeared from the Play store, but is still installed because I’ve disabled auto updates.