How To Prevent Cross Device Tracking Between Phone Tablet

Cross-device tracking represents one of the most insidious privacy threats in modern computing. Advertisers, data brokers, and even some operating system vendors maintain extensive profiles that link your activity across phones, tablets, and computers. Understanding how these tracking mechanisms work and implementing concrete countermeasures protects your digital footprint from unwarranted surveillance.

Understanding Cross-Device Tracking Mechanisms

Cross-device tracking operates through several interconnected methods. The most common approach involves advertising identifiers—unique strings assigned to your devices that sync across platforms. On iOS, this is the Identifier for Advertisers (IDFA), while Android uses the Advertising ID. When you log into services like Google, Facebook, or Tikka across multiple devices, these platforms link your activities through account data, building behavioral profiles.

Cookie synchronization represents another powerful technique. When you visit a website on your computer, third-party trackers place cookies that communicate with partner networks. Visit the same site on your phone, and those partners recognize the connection through shared data pools, linking your device identities.

Operating system features designed for convenience often enable tracking. Apple’s Universal Clipboard, Google’s Cross-Device Sync, and Windows Your Phone all transmit data between your devices. While useful, these features create data bridges that trackers can exploit.

Blocking Advertising Identifiers

The first line of defense involves disabling advertising identifiers on each device. On iOS, navigate to Settings > Privacy & Security > Apple Advertising and toggle off Personalized Ads. On Android 12 and later, go to Settings > Privacy > Ads and select “Delete advertising ID.” For deeper privacy, use the Android Settings API to programmatically reset the advertising ID in your applications.

For developers building privacy-conscious applications, you can detect advertising ID availability and respect user preferences:

// Android: Check advertising ID availability
fun isAdTrackingEnabled(context: Context): Boolean {
    val advertisingIdClient = AdvertisingIdClient.getAdvertisingIdInfo(context)
    return advertisingIdClient.isLimitAdTrackingEnabled
}

On desktop platforms, browser-based solutions provide cross-browser protection. Firefox’s Enhanced Tracking Protection blocks third-party trackers by default, while Brave Browser goes further with aggressive cookie and fingerprinting blocking.

Network-Level Tracking Prevention

Network-level filtering provides protection across all applications on your network. Pi-hole functions as a DNS-level ad and tracker blocker that operates on your local network, filtering requests from all connected devices simultaneously.

Configure Pi-hole to block known tracking domains:

# Add privacy-tracking domains to Pi-hole blacklist
pihole -b adtract.dev tracker.network analytics.cloud

For mobile devices that support custom DNS, configure system-wide DNS-over-HTTPS (DoH) with a privacy-focused provider. On iOS, navigate to Settings > Wi-Fi > (tap your network) > Configure DNS and select Automatic with a provider like Cloudflare (1.1.1.1) or NextDNS.

Browser Configuration for Developers

Developers and power users should implement browser-specific anti-fingerprinting measures. Firefox provides canvas fingerprinting protection through privacy.resistFingerprinting. Add this to about:config:

privacy.resistFingerprinting: true
privacy.firstparty.isolate: true
webgl.disabled: true

For Chrome-based browsers, the Brave Browser includes built-in fingerprint randomization, which assigns random values to browser fingerprinting APIs on each session. This prevents persistent tracking while maintaining functionality.

Create a browser extension manifest that blocks known tracking scripts:

{
  "manifest_version": 3,
  "name": "Tracker Blocker",
  "version": "1.0",
  "permissions": ["declarativeNetRequest"],
  "host_permissions": ["<all_urls>"],
  "declarative_net_request": {
    "rule_resources": [{
      "id": "tracker_blocking",
      "enabled": true,
      "path": "rules.json"
    }]
  }
}

Disabling Operating System Sync Features

Each major operating system provides sync features that, while convenient, create tracking opportunities. Review and disable unnecessary sync options.

On macOS, disable Universal Clipboard and Handoff:

# Disable Universal Clipboard
defaults write com.apple.AppleMultitouchTrackpad ANDSFCPlist -dict-add "NSAllowsContinuousPathForPasteboard" -bool false

# Disable Handoff
defaults write com.apple.coreservices.useractivityd "NSAllowsUserActivityPicking" -bool false

On Windows 11, navigate to Settings > Privacy & security > Activity history and disable “Send my activity history to Microsoft.” For Android, review Google Account settings under “Data & privacy” and disable “Web & App Activity” and “Location History.”

Implementing Device Isolation

For developers building privacy-focused applications, device isolation prevents tracking through application-layer techniques. Generate unique, per-device identifiers that cannot be correlated:

// Generate a device-specific, non-trackable identifier
function generateDeviceToken() {
  const randomValues = new Uint32Array(4);
  crypto.getRandomValues(randomValues);
  return Array.from(randomValues, v => v.toString(16).padStart(8, '0')).join('-');
}

// Store locally, never sync to cloud
const deviceToken = generateDeviceToken();
localStorage.setItem('device_token', deviceToken);

Avoid using hardware identifiers like MAC addresses or IMEI numbers for user tracking. Instead, use cryptographically random tokens generated on first launch and stored locally.

Network Partitioning with VPN

VPN services with multi-hop capabilities provide additional isolation between devices. By routing each device through different exit nodes, you prevent network-level correlation of your activities:

# Example WireGuard configuration for device-specific routing
[Interface]
PrivateKey = <device-specific-private-key>
Address = 10.0.0.x/24

[Peer]
PublicKey = <vpn-server-public-key>
Endpoint = vpn.example.com:51820
AllowedIPs = 0.0.0.0/0

Some VPN providers offer dedicated IP addresses per device, preventing the assignment of IP ranges that trackers can correlate across your devices.

Monitoring and Verification

After implementing countermeasures, verify their effectiveness. The Cover Your Tracks (formerly Panopticlick) test from the Electronic Frontier Foundation analyzes your browser’s fingerprint and tracking resistance. Run tests from each device to confirm consistent protection.

For network-level verification, use Wireshark to monitor DNS queries:

# Capture DNS queries to identify trackers
tshark -i en0 -f "port 53" -Y "dns.qry.name contains tracker" -T fields -e dns.qry.name

This command reveals which tracking domains your devices attempt to contact, allowing you to refine blocklists.

Building Privacy-Conscious Applications

If you develop applications, minimize cross-device tracking in your own products. Implement device attestation without creating persistent identifiers. Use ephemeral session tokens rather than persistent device bindings. When users log out or request data deletion, ensure complete removal of device associations from your servers.

# Flask example: Ephemeral session tokens
from datetime import datetime, timedelta
import secrets

def create_session(user_id):
    token = secrets.token_urlsafe(32)
    session_data = {
        'user_id': user_id,
        'created_at': datetime.utcnow(),
        'expires_at': datetime.utcnow() + timedelta(hours=24),
        'device_fingerprint': None  # Never store device fingerprints
    }
    redis.setex(f"session:{token}", 86400, json.dumps(session_data))
    return token

Building privacy-respecting applications contributes to a healthier ecosystem while protecting your users.

Deep Dive: Tracking Correlation Methods

Understanding exactly how cross-device tracking works helps you defend against it:

Probabilistic Matching

Data brokers use machine learning to match users across devices without explicit identifiers:

# Simplified example of probabilistic matching
import hashlib
from datetime import datetime

def correlate_users(device_a_data, device_b_data):
    """
    Match users across devices using probabilistic signals
    """
    match_score = 0

    # Signal 1: IP address similarity (same household)
    if ip_in_same_subnet(device_a_data['ip'], device_b_data['ip']):
        match_score += 25

    # Signal 2: Timing patterns (person uses both at specific times)
    if correlate_usage_times(device_a_data['usage_times'], device_b_data['usage_times']):
        match_score += 30

    # Signal 3: Location patterns (same GPS coordinates at similar times)
    if correlate_locations(device_a_data['locations'], device_b_data['locations']):
        match_score += 25

    # Signal 4: App browsing patterns (identical sites visited)
    if calculate_browsing_overlap(device_a_data['sites'], device_b_data['sites']) > 0.8:
        match_score += 20

    return "same_user" if match_score > 75 else "different_user"

These probabilistic matches are often 90%+ accurate, creating persistent profiles even without account login.

Privacy-Focused Alternatives to Major Services

Google Play Services Alternative: GrapheneOS

GrapheneOS removes Google Play Services and replaces tracking with privacy-respecting alternatives:

# Install GrapheneOS
# 1. Check device compatibility: https://grapheneos.org/faq#device-support
# 2. Install via adb
adb reboot bootloader
fastboot flash system system.img
fastboot reboot

# 2. Configure microG (open-source Play Services replacement)
# Install microG from F-Droid
# This provides API compatibility without tracking

Apple Intelligence Alternative: Manual Configuration

For Apple users, disable Siri and on-device features that sync:

# Disable Siri device sync
defaults write com.apple.assistant -bool false

# Disable Handoff
defaults write com.apple.coreservices.useractivityd "NSAllowsUserActivityPicking" -bool false

# Disable iCloud Sync (selective)
# Settings > [Your Name] > iCloud > Toggle off specific services

Advanced Fingerprinting Defense

Modern fingerprinting captures hundreds of subtle device characteristics. defense requires multiple layers:

// Disable canvas fingerprinting (Firefox)
user_pref("privacy.resistFingerprinting", true);

// Disable WebGL fingerprinting
user_pref("webgl.disabled", true);

// Spoof screen resolution
user_pref("privacy.resistFingerprinting.letterboxing", true);

// Disable plugin enumeration
user_pref("plugins.enumerable_names", "");

// Spoof user agent variations
// Use Firefox Multi-Account Containers to rotate user agents per site

Network-Level Defenses with Pi-hole and NextDNS

Pi-hole blocks tracking at the DNS level for your entire home network:

# Installation on Raspberry Pi
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh

# Configure DNS blocklists
# Access: http://pi.hole/admin
# Settings > DNS > Add blocklists:
# - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
# - https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt

# For advanced users: NextDNS provides cloud-based filtering
# Set DNS to NextDNS (45.90.28.0)

Testing Your Cross-Device Protection

Verify your protections work:

# Test 1: Check if IDFA is disabled
adb shell getprop ro.com.google.idfa | grep -q "00000000-0000-0000-0000-000000000000" && echo "IDFA disabled" || echo "IDFA enabled"

# Test 2: Verify DNS leaks
# Visit: https://www.dnsleaktest.com
# Should show VPN provider's DNS, not ISP's

# Test 3: Check canvas fingerprinting resistance
# Visit: https://www.browserleaks.com/canvas
# Results should randomize on refresh if protection is active

# Test 4: Verify IP masking
# Visit: https://www.whatismyipaddress.com from each device
# IPs should differ if using multi-hop VPN

Document your test results to confirm effectiveness.

Organizational Cross-Device Tracking Defense

For IT administrators protecting organizational networks:

# Network-level DoH enforcement (Windows via Group Policy)
# Computer Configuration > Policies > Windows Settings > DNS Client

# macOS: Force DNS-over-HTTPS system-wide
defaults write /Library/Preferences/SystemConfiguration/com.apple.dnsSettings.plist \
  DNSSettings -dict-add "doh-servers" -array \
  "https://dns.quad9.net/dns-query" \
  "https://dns11.quad9.net/dns-query"

# Linux: Configure systemd-resolved for DoH
echo -e "[Resolve]\\nDNS=9.9.9.9\\nFallbackDNS=1.1.1.1\\nDNSSEC=yes\\nDNSSECNegativeTrustAnchors=\\nDNS_OVER_TLS=yes" | \
  sudo tee /etc/systemd/resolved.conf

sudo systemctl restart systemd-resolved

Continuous Monitoring Strategy

Implement ongoing monitoring to detect new tracking attempts:

#!/usr/bin/env python3
import requests
import json
from datetime import datetime, timedelta

def monitor_third_party_trackers():
    """
    Daily check for known tracking domains accessed by your devices
    """
    tracking_domains = [
        'google-analytics.com',
        'doubleclick.net',
        'facebook.com/tr',
        'scorecardresearch.com',
        'taboola.com'
    ]

    # Check against your DNS logs (if using Pi-hole)
    pi_hole_api = 'http://pi.hole/admin/api.php'

    for domain in tracking_domains:
        response = requests.get(f"{pi_hole_api}?query={domain}")
        blocked = response.json().get('blockedQueries', 0)
        print(f"{domain}: {blocked} blocked requests today")

    # Alert if tracking attempts exceed threshold
    if sum([requests.get(f"{pi_hole_api}?query={d}").json().get('blockedQueries', 0)
            for d in tracking_domains]) > 1000:
        print("WARNING: Unusual tracking activity detected")

# Run daily
monitor_third_party_trackers()

Built by theluckystrike — More at zovo.one