Anything truly safe is not free. Please read that twice.
Services on the internet may not cost you money, but nothing in life is free. If a VPN is not charging you then the VPN owners are monetizing you can read about such cases here https://vpntesting.com/ you in some other way, and that almost always means they sell information about you. Depending on the particular circumstances, that reduces or even eliminates your anonymity, which degrades your safety. Unfortunately, it gets even worse…
There’s a bigger problem
If your Android Device is a smartphone, never forget that in addition to being a device you use to access the internet, it’s also … wait for it … a phone! That means it has a phone number, and that number is associated with a mobile service account containing all your personal details.
Even when you are using the internet and not making phone calls, many apps will provide your phone number to the makers of the app, typically as an invisible part of the initial signup process. Consequently, using a VPN will have no effect on concealing your identity from them.
Where a VPN can help is when you are using the browser in your smartphone to visit websites. Take careful note of these caveats, however…
This is helpful when your device is connected via WiFi.
When you are accessing the internet via your cellular data plan, your phone does not actually have an IP address for a VPN to conceal; instead the phone is in a direct conversation with a cellular tower, which in turn is in a conversation with the mobile phone company’s internet interface, which in turn is supplying an IP address for the internet sites and services you visit. The protection provided by a VPN in that scenario is limited.
You must use a browser that disables WebRTC.
You should use a plugin called Privacy Badger to defeat what’s called Browser Fingerprinting.
In addition to using a VPN and checking all of the above, please be aware that smartphones have built-in GPS receivers that operate with amazing accuracy, and that literally tens of thousands of apps access that data. Consequently, you should disable location services in every app you possibly can, and uninstall all apps you don’t need.
Simplifying your app landscape is really important, as dramatically shown by the Pew Research Center, which examined this for slightly over one million different Android apps, and discovered that 217,304 request approximate geolocation data from the devices on which they are installed, and another 247,420 apps request precise location data.That totals to an astonishing 464,724 (44%) different apps just on Android that want to know where you are.
Even more staggering, 859,684 (82%) of all Android apps request direct access from the app to the internet. Some of that’s perfectly innocent, of course, but for free apps, it also likely includes sending a lot of data about you to the makers of the app so they can monetize you — basically it’s how they can afford to give the app itself away or sell it for just a buck or two.
What should I do?
It’s simple: When you install a new app, pay very close attention to the permissions it asks for, and grant the least rights possible to still gain what you want from the app. Be especially wary of apps that ask for access to your text messages, or for access to your microphone and camera.
For apps that are already installed, go to Settings on your device and spend a few minutes reviewing their permissions, again granting the least rights possible.
For example, most apps that are geo-sensitive will still work reasonably well if you allow approximate location services rather than precise location. Some still work just fine if you shut it off completely. For apps that access your audio or video, you’ll have to decide case-by-case if what you get from the app is worth the privacy you risk using it.
And finally, remove all apps you don’t use!