Chrome on Android: The Privacy Settings to Change

Google Chrome remains the default choice for most people using Android, yet its out-of-the-box configuration is designed for convenience and data collection rather than maximum security. While Chrome offers robust protection against malware, your browsing habits, location data, and device identifiers are constantly packaged for the advertising engine that powers Google's business model. Managing chrome android privacy effectively requires moving beyond the basic settings and digging into the internal flags and API controls that Google has recently introduced to replace traditional tracking methods.

I have tested these configurations across a Pixel 8 Pro running the Android 15 beta, a Samsung Galaxy S24 Ultra with One UI 6.1, and a Xiaomi 14 running HyperOS. While the Chrome interface remains mostly consistent across these devices, how the underlying operating system handles permissions and background data varies. In this guide, I will show you which settings to toggle and which ones to avoid if you want to stop cross-site tracking, limit the data synced to your Google account, and understand the real implications of the new Privacy Sandbox features.

Safe Browsing levels

Safe Browsing is Chrome’s primary line of defence against malicious websites and file downloads. On Android, this feature has three distinct tiers: No Protection, Standard Protection, and Enhanced Protection. By default, most devices are set to Standard. In Android 14 and 15, Google has updated the "Standard" mode to perform real-time checks for known or suspected malicious URLs. However, this still lacks the proactive scanning found in the higher tier. If you value security over total anonymity from Google’s scanners, making a change here is necessary.

To adjust this, open Chrome and go to: 1. Tap the three dots (top-right) > Settings. 2. Privacy and security. 3. Safe Browsing. For the highest level of security, select Enhanced Protection. Note that this sends more data about your activity to Google, including snippets of page content and system information, to identify new threats. If you are on a Samsung device running One UI 6, you might notice that Samsung’s "Device Protection" in the main system settings (Settings > Security and privacy > App protection) overlaps with this, but it is still recommended to keep the browser-level protection active as it catches threats before they reach the local storage.

For those targeting a more private experience, keeping Standard Protection active while disabling "Help improve security for everyone" is a middle ground. This prevents your specific URL hit history from being sent to Google for analysis. On Xiaomi HyperOS, the "Security" app often attempts to scan downloaded APKs from Chrome. You should ensure that Chrome's internal Safe Browsing is not disabled just because the OEM has a secondary scanner, as Chrome’s database for web-based phishing is significantly more comprehensive than local system scanners provided by Xiaomi or Samsung.

Cookie behaviour

Third-party cookies have long been the primary tool for advertisers to follow you from one site to another. While Google is currently transitioning to the Privacy Sandbox (which we will cover next), managing local cookie storage remains a vital part of chrome privacy android. In earlier versions of Android, the setting was a simple "Block third-party cookies" toggle. In newer versions of Chrome on Android 13, 14, and 15, this has been moved under the "Site settings" menu and refined with more granular controls.

To limit tracking, browse to: 1. Settings > Site settings. 2. Cookies (or "Third-party cookies" in current builds). 3. Select "Block third-party cookies." This will prevent most "ad-tech" domains from placing trackers on your device while you visit unrelated sites. On Samsung One UI, I’ve observed that the "Samsung Internet" browser is actually stricter by default, but if you stick with Chrome, you must manually ensure that "Allow related sites to see your activity" is turned off. This prevents sites owned by the same parent company from sharing your data between different domains.

You should also look at the "Clear browsing data" section under Privacy and security. A pro tip for Android users: change the time range from "Last hour" to "All time" and check only "Cookies and site data." Do this once a month. On Xiaomi devices, the aggressive RAM management in HyperOS sometimes kills Chrome processes, but it does not clear these cookies. You must do it manually within the app to ensure stale trackers are purged. If you find that blocking all third-party cookies breaks certain login pages (like those using Microsoft or third-party SSO), you can add specific exceptions under "Add site exception" rather than lowering your global privacy shield.

Topics API and Privacy Sandbox

The Privacy Sandbox is Google’s sweeping initiative to replace third-party cookies with a supposedly more private system. Instead of individual trackers, Chrome now uses your browsing history locally on your Android device to assign you "Topics" (e.g., "Fitness," "Travel," or "Technology"). Advertisers then query these topics rather than your individual identity. While Google frames this as a privacy win, it still involves your browser actively categorising your personality and interests for commercial use. This feature is enabled by default on virtually all Android installs.

To find these controls, navigate to: 1. Settings > Privacy and security. 2. Ad privacy. Here you will find three menus: Ad topics, Site-suggested ads, and Ad measurement. For maximum privacy, you should enter each of these and flip the toggle to "Off." On a Pixel device running Android 15, these settings are deeply integrated with the system-level "Ads" menu found in Settings > Privacy > Ads. Disabling them in Chrome prevents the browser from generating a profile based on the sites you visit, which is essential if you want to stop seeing surprisingly specific advertisements across the web.

The "Ad measurement" toggle is particularly intrusive; it allows websites and advertisers to measure the performance of their ads by storing data on your device about how you interacted with an ad. This is essentially "attribution tracking" by another name. Even on high-end Xiaomi or Samsung devices with their own ad-tracking toggles, Chrome’s internal Privacy Sandbox settings take precedence when you are using the browser. If you don't turn these off, you are essentially allowing Chrome to act as a local profiling agent for Google’s ad network.

Sync and account data

The most significant privacy leak in Chrome often comes from the very feature people love most: Sync. When you sign into Chrome with your Google account, your history, bookmarks, passwords, and even open tabs are uploaded to Google’s servers. While this is convenient for switching between your Samsung tablet and your Pixel phone, it creates a permanent, centralised cloud log of your digital life. If your Google account is compromised, your entire browsing history is exposed. On Android 13 and above, Chrome makes it very easy to just "Sign in and sync," but you should be more selective.

Go to: 1. Settings > Google Services. 2. Manage Sync. Instead of "Sync everything," toggle the switch off and manually choose what to sync. I recommend disabling "History" and "Open tabs" while keeping "Bookmarks" and "Passwords" (if you use Google’s password manager). For even better privacy, scroll down to "Encryption options" and select "Encrypt synced data with your own sync passphrase." This means Google cannot read your data even on their servers. Note: if you forget this passphrase, you will be locked out of your data, as Google does not keep a recovery key for it.

On Xiaomi HyperOS and Samsung One UI, there is often a secondary "Cloud" sync for the entire device. Be aware that syncing Chrome data is separate from your Samsung Cloud or Xiaomi Cloud backups. Even if you disable Samsung's "Pass" sync, Chrome will continue to sync to Google unless you change these specific settings within the browser. Furthermore, disable the "Help improve Chrome's features and performance" and "Make searches and browsing better" options under Google Services. These functions send the URLs you visit to Google to "anticipate" your needs, but in reality, it’s just another stream of metadata being fed to the mothership.

Alternative browsers worth trying

Even with every privacy setting tightened, Chrome is still a Google product designed to facilitate data flow. If you find the chrome android privacy options insufficient, several Chromium-based alternatives offer the same speed and extension support (on some platforms) with much better privacy defaults. Brave is the most popular choice; it is built on the same engine as Chrome but strips out the Google-specific tracking code and includes a built-in ad blocker that functions much better than any "Lite" version of an ad blocker you might find for Chrome.

DuckDuckGo’s browser for Android is another excellent alternative, particularly because of its "App Tracking Protection" feature. While Chrome only protects what happens inside Chrome, the DuckDuckGo app can act as a local VPN to block trackers across your entire Samsung or Pixel device—preventing apps like Facebook or LinkedIn from tracking you even when they are in the background. If you are on a Samsung device, "Samsung Internet" is surprisingly good; it allows for high-quality ad-blocking extensions (like AdGuard or uBlock) which Chrome for Android famously does not support.

For those who want to move away from the Chromium engine entirely, Firefox for Android is the gold standard. It allows you to install real desktop-class extensions like uBlock Origin and Privacy Badger. On Android 14 and 15, Firefox supports the "Predictive Back" gesture and has improved its engine speed to match Chrome. If you are a Xiaomi user, you should avoid the pre-installed "Mi Browser" despite its speed; it has a history of questionable data collection practices. Switching your "Default browser app" (Settings > Apps > Choose default apps) to Firefox or Brave is one of the single best privacy moves you can make on any Android hardware.

Incognito reality check

There is a widespread misconception that Incognito mode makes you invisible to the internet. This is categorically false. When you use incognito android mode, the only thing that changes is what is stored locally on your device. Chrome will not save your browsing history, cookies, or form data from that session after you close the tab. However, your Internet Service Provider (ISP), the websites you visit, and your employer (if you are on a work Wi-Fi or using a managed Samsung/Pixel work profile) can still see exactly what you are doing.

A recent update to Chrome on Android 13/14 now includes a warning in the Incognito splash screen acknowledging that Google still collects data in this mode. To make Incognito more private, you must still navigate to the privacy settings and ensure "Block third-party cookies" is active specifically for Incognito. On Android 15, there is a helpful feature in Settings > Privacy and security > "Lock Incognito tabs when you leave Chrome." Turning this on means that if you switch apps, someone holding your phone cannot see your private tabs without using your fingerprint or PIN. This is a must-have for Samsung and Pixel users who frequently share their devices with family or friends.

In summary, Chrome is a powerful tool that requires a "trust but verify" approach. By adjusting your Safe Browsing level, disabling the Privacy Sandbox's Topics API, and setting up a custom sync passphrase, you can significantly shrink your digital footprint. As Android 15 rolls out to more Samsung and Xiaomi devices throughout 2024 and 2025, expect Google to introduce even more "privacy" features that are actually aimed at consolidating their control over advertising data—always check the fine print in the "Ad privacy" sub-menus after any major system update.