Android is pretty leaky with analytics out of the box, even before OEM bloatware is considered. Here’s a fairly comprehensive guide on how to lock down your Android device. Some measures are quite extreme, but there are some good common-sense recommendations throughout. At the very minimum, granular app permissions (App Ops) and a per-app firewall are the necessities. I’d also like to add that TextSecure (for encrypted SMS communications) and Redphone (encrypted phone calls), should be a must have as well. They are easy to install and work transparently.
“Unfortunately though, mobile devices in general and Android devices in particular have not been designed with privacy in mind. In fact, they’ve seemingly been designed with nearly the opposite goal: to make it easy for third parties, telecommunications companies, sophisticated state-sized adversaries, and even random hackers to extract all manner of personal information from the user. This includes the full content of personal communications with business partners and loved ones. Worse still, by default, the user is given very little in the way of control or even informed consent about what information is being collected and how.”