Most privacy advice treats tracking like a single problem with a single fix. Install a VPN, the thinking goes, and you’re covered. The truth is that a modern smartphone leaks identity across at least seven separate layers, and almost every privacy tool only touches one or two of them. If you don’t know which layer a tool actually protects, you can spend money and effort and still be wide open everywhere else.
Here’s the stack, from the hardware up to the network, and what each layer gives away.
1. The IMEI: your hardware fingerprint
The IMEI is a serial number burned into the phone’s cellular modem. Every time the device touches a mobile network, it presents this number. It identifies the physical handset, not the SIM, so swapping SIM cards doesn’t change it. You’ll see products that promise to roll or randomize your IMEI. Be skeptical. On modern cellular radios this isn’t really possible without specialized intervention, the projects that tried it have largely given up, and in much of the world deliberately changing an IMEI is a crime. A VPN does nothing to this layer at all.
2. The IMSI: your SIM’s identity
The IMSI lives on your SIM card and identifies your subscriber account to the carrier. It’s the other half of the pair the network uses to know who and where you are. Devices called IMSI catchers, or cell-site simulators, exploit this layer by pretending to be a cell tower so nearby phones reveal themselves. Changing your IMSI means changing SIMs, and the carrier still ties that SIM back to whatever identity you used to activate it.
3. The MAC address: how you’re tracked indoors
Your Wi-Fi and Bluetooth radios each have a MAC address, a hardware identifier that retailers, airports, and venues use to follow devices around a building or across visits. This is one of the few hardware layers where the defense actually works: modern Android, including the GrapheneOS base that SovereignOS is built on, randomizes the MAC address per network, which breaks most of this passive tracking. If your phone doesn’t randomize its MAC, every Wi-Fi network it has ever seen is a tracking opportunity.
4. The advertising ID: the one you can reset
The advertising ID is an identifier the operating system hands to apps so they can link your behavior across different apps and sell the profile. Unlike the hardware layers, this one is software, which means it can be reset or removed entirely. A de-Googled phone removes the Google advertising ID at the source. On a normal phone you can reset it, but the apps that depend on it have every incentive to re-link you through other signals.
5. OS telemetry: the phone phoning home
Underneath your apps, the operating system itself talks to its maker. On a stock phone, Google Play Services is a constant background presence: location, connectivity, app activity, and more, reported on a schedule you don’t control. This is the layer de-Googling exists to address. Remove the always-on Google layer and you remove one of the largest and most persistent sources of background telemetry on the device.
6. App SDKs: the trackers you invited in
Even on a clean operating system, the apps you install carry their own tracking code. A single free app can contain a dozen third-party SDKs, each shipping data to a different advertising or analytics company. This is why a hardened phone is necessary but not sufficient: you can lock down the whole system and still leak your life one app at a time. Tools that scan apps for embedded trackers, and the discipline of compartmentalizing untrusted apps into separate profiles, are what address this layer. No VPN sees inside it.
7. Network metadata: the layer a VPN actually covers
Finally, the layer everyone talks about. Your IP address, the domains you look up, the size and timing of your traffic: this is network metadata, and it’s the one layer a VPN helps with. A good VPN hides your IP and encrypts your DNS lookups from your carrier and the networks you pass through. That’s real and worth having. It’s also one seventh of the picture.
Why the stack matters more than any single tool
Look at the seven layers together and a pattern emerges. The hardware layers, IMEI and IMSI, are largely outside your control and are best handled by compartmentalization and good habits rather than gadgets that promise to rewrite them. The software layers, advertising ID and OS telemetry, are where de-Googling does its heaviest work. The app and network layers are where your daily choices, which apps you trust and which network tools you run, make the difference.
No product collapses all seven into one switch, and anyone selling you that switch is selling the IMEI-rolling fantasy in a new costume. The honest approach is to know your threat model, figure out which layers actually matter for it, and pick the specific defense for each. That’s less satisfying than one magic app. It’s also the only thing that works.
Related reading
- Why Your VPN Isn’t Hiding Your IMEI
- What Your Phone Actually Broadcasts (RF 101)
- MAC vs IMEI Randomization: One Works, One’s a Myth
- Metadata: What Your Phone Leaks Even When Your Messages Are Encrypted
SovereignOS is a hardened, de-Googled phone, set up the way we would build one we had to rely on ourselves. One-time price, no subscription, no account required.
See SovereignOSRecent Comments
Post Widget
Should You Trust Signal?
Social Media Widget
Customer service
Real people, ready to help. Reach our team anytime at hello@spicycorp.com.
Fast Free Shipping
Get free shipping on orders of $150 or more (within the US)
Returns & Exchanges
We offer free returns and exchanges within 30 days of purchase.