If you're using Android, I'd highly recommend using a combination of XPrivacy [1] and Android Firewall [2] (iptables frontend).

To make your life easier, disallow everything from accessing the net in Android Firewall. Then, for those apps which you've allowed net access, further tweak what they're allowed to access in XPrivacy. As a rule, turn off account info, clipboard, location, contacts, and storage.

Not perfect, but a decent solution.

[1] https://github.com/M66B/XPrivacy

[2] https://play.google.com/store/apps/details?id=com.jtschohl.a...

Also, put a lock screen on your phone and never let anyone use/borrow it even temporarily because if someone installs an accessibility service, it is game over for your privacy in most apps regardless of whether the network traffic is encrypted.

Illustrating that people who audit apps to see what they are sharing are not being too paranoid at all.

And yet another reason why my next phone is going to be a Jolla:

In the future, I want to be able to run wireshark on my phone.

You can currently do it in Android with standard tcpdump

Hmmm. Exploiting the weak(est) link of trust. In any chain of friends or business associates. Have to say, it's by the book.