You Can Protect Your Browsing Data At Work With This Hidden Android Feature

Your Android smartphone, or tablet, actually contains a hidden feature that can protect you on unsecured networks — and protect your data on work networks — as long as your device is running Android 11 or newer. This is possible thanks to something called private DNS (domain name server). DNS resolution involves the conversion of web domain names into IP addresses, and IPs are what web browsers and apps typically use to connect to remote servers. DNS basically makes it easier for humans to memorize and use those addresses — instead of putting in a bunch of numbers, you can use the domain name of the target website.

The problem with standard DNS, however, is that data queries are not encrypted, but rather sent as plain text. Someone snooping could see the addresses you visit, and potentially what you're doing, by using contextual clues regarding your queries. Private DNS ensures that all information is encrypted. That basically protects the data behind an encryption key. It would then be encrypted from prying eyes, at work or at home.

The good news is that Google says private DNS is enabled by default in Android for "all networks that can use private DNS." But if you want to make sure it's on, or check its status, here's how: Navigate to Settings, then Network & Internet, then Private DNS and select either Off, Automatic, or Private DNS provider hostname — the latter is to enter a private DNS server. On Samsung devices, this setting is under Settings, then Connections, then More Connection Settings, then Private DNS.

By default, or if you set the Automatic option, Android will try using encrypted DNS with the currently connected network. If that does not work, it will revert to standard DNS. If you don't want to use standard DNS at all, which makes sense, you can configure a specific private DNS server. If you have one of your own, you can enter the server information in the Private DNS provider hostname section of the appropriate menu. If you don't have or know a provider, don't fret. You can use something like Cloudflare's 1.1.1.1+WARP app to set it up. Another alternative is using AdGuard's public or private DNS servers.

Assuming you use WARP, once installed, open the app and tap the toggle above "Disconnected." It will prompt you to install a VPN profile. You must select OK to confirm enabling the private DNS servers. You only have to install the VPN profile once. Every time you want to enable the private DNS again it's just a matter of opening the app and tapping the toggle.

Do note, private DNS is not as private as using a virtual private network (VPN). Since all trustworthy VPN providers operate their own DNS servers, DNS requests are routed through VPN tunnels, which are encrypted.