Skip to main content
  1. Home
  2. Mobile
  3. News

Is your smartphone being tracked? We asked an expert

By

In the movies, people on the run are often hunted down because of their cell phones. There are countless scenes where expensive smartphones are smashed to bits, or dropped in rivers, to evade capture by nefarious government operatives or well-equipped mobsters.

Hopefully you’re not in that situation. But if you were, do you really need to go that far? We asked the experts what information your cell phone is really broadcasting about you, how to protect yourself, and what it would take to truly go off the grid.

Recommended Videos

The simple options don’t work

If you suspected your phone were being tracked and wanted to start covering your tracks without snapping it in half, your first bet might be to simply turn on airplane mode. That won’t cut it.

Related

“Every phone has two operating systems,” explains Gary S. Miliefsky, CEO of SnoopWall, “One that connects to cellular networks, and one that interfaces with the consumer. Airplane mode may only disable features in the consumer facing operating system, such as Android or iOS, but not in the OS used between the phone and the carrier network. A phone may be giving out a ‘ping’ and you’d never know it.”

Communicating at all with a cell tower could expose you

It doesn’t even need to be sending out GPS coordinates — communicating at all with a cell tower could expose you. By comparing the signal strength of your cell phone on multiple cell towers, someone looking for you can approximate your location with triangulation. This requires access to data from your mobile network, which should keep it out of reach for criminals, but carriers can be compelled to provide that data to law-enforcement agencies.

So how about removing the SIM card?

“Removing the SIM may work to stop most cyber criminals, but every phone has a built-in feature set of identifiers that may be detected via tools like Stingray devices now used by the police and military, as well as fake 2G cell towers put up by the NSA,” Gary explains, “Forcing a phone to 2G means no encryption and it’s easily detected and tracked.”

Stingrays are also known as cell-site simulators, or IMSI catchers. They mimic cell phone towers and send out signals that can trick your cell phone into replying with your location and data that can be used to identify you. And they’re surprisingly widely used.

The American Civil Liberties Union has a map and list of federal agencies known to use cell-site simulators, which includes the FBI, the DEA, the Secret Service, the NSA, the U.S. Army, Navy, Marshals Service, Marine Corps, National Guard, and many more. For obvious reasons, it’s not an exhaustive list.

What about Wi-Fi?

At short range, you can be tracked by Wi-Fi. Every time you turn Wi-Fi on, your phone is sending out a signal that includes your unique MAC address, which is kind of like a fingerprint for digital devices. This kind of technology is already being used by stores to track your movements. It’s not ideal for surveillance, because of the limited range, but if someone has obtained your MAC address it could be used to deduce something like when you enter or leave a specific building.

Phone Wifi
Peter Bernik/Shutterstock
Peter Bernik/Shutterstock

The simple solution here is to avoid unencrypted public Wi-Fi. It’s also possible, on some phones, to change or spoof your MAC address. Some Android apps can help you do it, but you might have to root your phone. With iOS 8, Apple introduced more security by randomizing your MAC address, though, according to iMore, this feature may not work as well in practice as you’d hope.

Miliefsky also notes other reasons to avoid public Wi-Fi networks: so-called man-in-the-middle attacks and fake “trusted” routers. Fake Wi-Fi access points are also sometimes called “evil twins,” and they’re designed to look like a legitimate Wi-Fi network, but they’re actually operated by an attacker. If you connect, then they can eavesdrop, or direct you to a fake website where they can obtain sensitive passwords and other information.

Man-in-the-middle attacks are more common, because an attacker just has to be in range of an unencrypted Wi-Fi access point, and they can potentially intercept messages between two parties, or even interject new messages.

“If you are using HTTPS, TLS, or SSL it’s harder to eavesdrop on public Wi-Fi, but there have been some exploits like the SSL Heartbleed attack,” Miliefsky explains.

The TLS and SSL standards are supposed to ensure that your communications are encrypted. That’s why the Heartbleed vulnerability was such a big deal. It was an OpenSSL bug that potentially enabled cyber criminals to collect sensitive information, like encryption keys, so they could set up undetectable man-in-the-middle attacks.

The threat within

You may have concerns about privacy infringement from threats like Stingray, but there are easier ways to track us. Most criminals go for the low-hanging fruit, and the biggest threat for tracking and spying is probably malware.

“Public Wi-Fi is a smaller risk than trusted apps being creepware and spying on you,” suggests Miliefsky.

There are a lot of commercial, mobile spyware products on the market that can enable someone to intercept your emails, text messages, and calls.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera.

“You may have already installed an app you trust that can do this,” Miliefsky says, “Just go to the Google Play store or Apple iTunes and look at the permissions of some of the most popular apps like Flashlights, Bibles, Battery Maximizers, QR Readers, Password Managers, other utilities and games.”

Gary’s company SnoopWall hit the headlines last year with a Flashlight Spyware Report. It revealed that many popular flashlight apps in the Play Store were asking for a suspiciously long list of permissions, enabling them to theoretically do all sorts of things, like track you via GPS, access text message history, and access call logs.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera, as Gary demonstrated on Good Morning America.

Steering clear of malware

The good thing about malware is that you have to install a malicious app. You can avoid opening SMS attachments, avoid apps from unknown sources, and cast a suspicious eye over your installed app list.

“It’s absolutely time for a spring cleaning,” suggests Gary, “Delete all the apps you don’t use.”

For the apps you decide to keep, Gary recommends checking four things:

  1. Permissions (Are there too many for what the app needs to do?)
  2. Privacy policy (Read it closely.)
  3. Company website (Are they based in malware hotbeds like China, Russia, Brazil, or India?)
  4. App developer email (Send one to see how they respond.)

“If you don’t like what you see with these four items, dump it and find a better, less privacy-invasive alternative,” says Gary, “You may have to buy an app to get one that doesn’t use ad networks and have creepware behaviors, but it’s worth 99 cents to reclaim your identity, isn’t it?”

How do you avoid being tracked?

There’s a difference between something being possible and something being probable. With a little bit of common sense, most of us can avoid any problems. Make sure you have lock-screen security, so no one can physically install an app on your phone when you’re not looking, follow the advice above about installing new apps, and avoid public Wi-Fi. If you absolutely must access public Wi-Fi, then use a VPN service or app. That will safeguard you against the most likely criminal threats.

Being tracked by a rogue FBI agent, hostile foreign government, or extremely well-equipped criminal gang is a different matter. If your concerns run this crazy deep, there are only a couple of foolproof options to safeguard your privacy.

“To avoid being tracked it’s best to put your phone in a PrivacyCase, or remove the battery,” says Miliefsky. A PrivacyCase wraps your phone in shielding that blocks signals from going in or out, kind of like going into a basement.

If you’re wondering why turning the phone off might not be enough, it’s because of malware, like PowerOffHijack. You won’t find it in the Play Store, and it requires your device to be rooted in order to work, but AVG reported more than 10,000 installations, mostly in China. It plays your usual shutdown animation and turns the screen blank, but actually keeps the device on, so that it can monitor you.

So if you truly want to go off-grid in a hurry, remove the battery. Of course, many modern smartphones, like the iPhone 6 and the Galaxy S6, don’t let you do that. So maybe the movies weren’t exaggerating after all: You may have to smash or ditch that smartphone if you really want to evade surveillance entirely.

Editors’ Recommendations

Topics
Simon Hill
Simon Hill
Former Digital Trends Contributor
Simon Hill is an experienced technology journalist and editor who loves all things tech. He is currently the Associate Mobile…
iPhone 17e surfaces in new leak, and it might be closer than you think
A person holding the Apple iPhone 16e showing the screen.

Apple's iPhone 16e is still fresh, but it still made a good impression and earned its place among some of the best smartphones for budget-oriented users. This led many Apple fans to wonder whether the 16e was a one-off or not. According to a reliable leaker, it seems that Apple is set on making the iPhone 17e, and it's already working on the new phone.

Anyone who wonders about the future of the iPhone 16e is most likely not alone. After all, the 16e replaced the iPhone SE, and that left it in a peculiar position in Apple's smartphone range. As it was made clear that the 16e belongs to Apple's iPhone 16 lineup, many expected it to receive a yearly release schedule, much like what the higher-end models follow. On the other hand, the SE had its own update schedule and wasn't refreshed at the same time as the other iPhones. It's hard not to wonder where that leaves the iPhone 16e, which both belongs to a generation and is a replacement for the SE.

Read more
The iPhone 17 Pro might debut a never-before-seen iPhone color
Alleged concept render of the iPhone 17 Air in black.

The iPhone 17 lineup is expected to launch in September, assuming Apple sticks to its usual schedule and isn't impacted by tariffs. The iPhone 17 Pro, in particular, could come with a new color never seen on an iPhone before: Sky Blue, the same finish that's on the new MacBook Air units.

Majin Bu, a well-known leaker, shared the news on his website. According to Bu, "sources close to the supply chain confirm that several iPhone 17 Pro prototypes have been made in various colors, with Sky Blue currently the frontrunner." Compared to the more muted colors Apple has gone with in its more recent devices, a Sky Blue option is a welcome (and brighter) change.

Read more
Google Gemini: Everything you need to know
Gemini Live running on Google Pixel 9a.

Artificial intelligence (AI) is everywhere right now. Applications like ChatGPT are in the news almost daily for their advancements, while others like Claude are being used to do everything from drafting cover letters to writing (admittedly bad) novels. Google Gemini is Google's latest foray into that AI arena, replacing Google Assistant in many ways — and it's integrated into numerous mobile devices, like the Google Pixel line of phones.

Understanding what Gemini is and what it can do might seem daunting, but it's easier than you think. It can also greatly simplify specific day-to-day tasks and help you find answers to questions you didn't even know you had, all without reading through pages and pages of articles. Here's everything you need to know to not only start using Gemini, but making it work for you.

Read more