Is your smartphone being tracked? We asked an expert

Can cops and hackers track your phone
blurAZ/Shutterstock
In the movies, people on the run are often hunted down because of their cell phones. There are countless scenes where expensive smartphones are smashed to bits, or dropped in rivers, to evade capture by nefarious government operatives or well-equipped mobsters.

Hopefully you’re not in that situation. But if you were, do you really need to go that far? We asked the experts what information your cell phone is really broadcasting about you, how to protect yourself, and what it would take to truly go off the grid.

The simple options don’t work

If you suspected your phone were being tracked and wanted to start covering your tracks without snapping it in half, your first bet might be to simply turn on airplane mode. That won’t cut it.

“Every phone has two operating systems,” explains Gary S. Miliefsky, CEO of SnoopWall, “One that connects to cellular networks, and one that interfaces with the consumer. Airplane mode may only disable features in the consumer facing operating system, such as Android or iOS, but not in the OS used between the phone and the carrier network. A phone may be giving out a ‘ping’ and you’d never know it.”

Communicating at all with a cell tower could expose you

It doesn’t even need to be sending out GPS coordinates — communicating at all with a cell tower could expose you. By comparing the signal strength of your cell phone on multiple cell towers, someone looking for you can approximate your location with triangulation. This requires access to data from your mobile network, which should keep it out of reach for criminals, but carriers can be compelled to provide that data to law-enforcement agencies.

So how about removing the SIM card?

“Removing the SIM may work to stop most cyber criminals, but every phone has a built-in feature set of identifiers that may be detected via tools like Stingray devices now used by the police and military, as well as fake 2G cell towers put up by the NSA,” Gary explains, “Forcing a phone to 2G means no encryption and it’s easily detected and tracked.”

Stingrays are also known as cell-site simulators, or IMSI catchers. They mimic cell phone towers and send out signals that can trick your cell phone into replying with your location and data that can be used to identify you. And they’re surprisingly widely used.

The American Civil Liberties Union has a map and list of federal agencies known to use cell-site simulators, which includes the FBI, the DEA, the Secret Service, the NSA, the U.S. Army, Navy, Marshals Service, Marine Corps, National Guard, and many more. For obvious reasons, it’s not an exhaustive list.

What about Wi-Fi?

At short range, you can be tracked by Wi-Fi. Every time you turn Wi-Fi on, your phone is sending out a signal that includes your unique MAC address, which is kind of like a fingerprint for digital devices. This kind of technology is already being used by stores to track your movements. It’s not ideal for surveillance, because of the limited range, but if someone has obtained your MAC address it could be used to deduce something like when you enter or leave a specific building.

The simple solution here is to avoid unencrypted public Wi-Fi. It’s also possible, on some phones, to change or spoof your MAC address. Some Android apps can help you do it, but you might have to root your phone. With iOS 8, Apple introduced more security by randomizing your MAC address, though, according to iMore, this feature may not work as well in practice as you’d hope.

Miliefsky also notes other reasons to avoid public Wi-Fi networks: so-called man-in-the-middle attacks and fake “trusted” routers. Fake Wi-Fi access points are also sometimes called “evil twins,” and they’re designed to look like a legitimate Wi-Fi network, but they’re actually operated by an attacker. If you connect, then they can eavesdrop, or direct you to a fake website where they can obtain sensitive passwords and other information.

Man-in-the-middle attacks are more common, because an attacker just has to be in range of an unencrypted Wi-Fi access point, and they can potentially intercept messages between two parties, or even interject new messages.

“If you are using HTTPS, TLS, or SSL it’s harder to eavesdrop on public Wi-Fi, but there have been some exploits like the SSL Heartbleed attack,” Miliefsky explains.

The TLS and SSL standards are supposed to ensure that your communications are encrypted. That’s why the Heartbleed vulnerability was such a big deal. It was an OpenSSL bug that potentially enabled cyber criminals to collect sensitive information, like encryption keys, so they could set up undetectable man-in-the-middle attacks.

The threat within

You may have concerns about privacy infringement from threats like Stingray, but there are easier ways to track us. Most criminals go for the low-hanging fruit, and the biggest threat for tracking and spying is probably malware.

“Public Wi-Fi is a smaller risk than trusted apps being creepware and spying on you,” suggests Miliefsky.

There are a lot of commercial, mobile spyware products on the market that can enable someone to intercept your emails, text messages, and calls.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera.

“You may have already installed an app you trust that can do this,” Miliefsky says, “Just go to the Google Play store or Apple iTunes and look at the permissions of some of the most popular apps like Flashlights, Bibles, Battery Maximizers, QR Readers, Password Managers, other utilities and games.”

Gary’s company SnoopWall hit the headlines last year with a Flashlight Spyware Report. It revealed that many popular flashlight apps in the Play Store were asking for a suspiciously long list of permissions, enabling them to theoretically do all sorts of things, like track you via GPS, access text message history, and access call logs.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera, as Gary demonstrated on Good Morning America.

Steering clear of malware

The good thing about malware is that you have to install a malicious app. You can avoid opening SMS attachments, avoid apps from unknown sources, and cast a suspicious eye over your installed app list.

“It’s absolutely time for a spring cleaning,” suggests Gary, “Delete all the apps you don’t use.”

For the apps you decide to keep, Gary recommends checking four things:

  1. Permissions (Are there too many for what the app needs to do?)
  2. Privacy policy (Read it closely.)
  3. Company website (Are they based in malware hotbeds like China, Russia, Brazil, or India?)
  4. App developer email (Send one to see how they respond.)

“If you don’t like what you see with these four items, dump it and find a better, less privacy-invasive alternative,” says Gary, “You may have to buy an app to get one that doesn’t use ad networks and have creepware behaviors, but it’s worth 99 cents to reclaim your identity, isn’t it?”

How do you avoid being tracked?

There’s a difference between something being possible and something being probable. With a little bit of common sense, most of us can avoid any problems. Make sure you have lock-screen security, so no one can physically install an app on your phone when you’re not looking, follow the advice above about installing new apps, and avoid public Wi-Fi. If you absolutely must access public Wi-Fi, then use a VPN service or app. That will safeguard you against the most likely criminal threats.

Being tracked by a rogue FBI agent, hostile foreign government, or extremely well-equipped criminal gang is a different matter. If your concerns run this crazy deep, there are only a couple of foolproof options to safeguard your privacy.

“To avoid being tracked it’s best to put your phone in a PrivacyCase, or remove the battery,” says Miliefsky. A PrivacyCase wraps your phone in shielding that blocks signals from going in or out, kind of like going into a basement.

If you’re wondering why turning the phone off might not be enough, it’s because of malware, like PowerOffHijack. You won’t find it in the Play Store, and it requires your device to be rooted in order to work, but AVG reported more than 10,000 installations, mostly in China. It plays your usual shutdown animation and turns the screen blank, but actually keeps the device on, so that it can monitor you.

So if you truly want to go off-grid in a hurry, remove the battery. Of course, many modern smartphones, like the iPhone 6 and the Galaxy S6, don’t let you do that. So maybe the movies weren’t exaggerating after all: You may have to smash or ditch that smartphone if you really want to evade surveillance entirely.

Computing

Here’s how to install Windows on a Chromebook

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…
Computing

3 easy ways to get that perfect screenshot

Capturing a screenshot of your desktop is easier than you might think, and it's the kind of thing you'll probably need to know. Here's how to perform the important function in just a few, easy steps.
Computing

How to easily record your laptop screen with apps you already have

Learning how to record your computer screen shouldn't be a challenge. Lucky for you, our comprehensive guide lays out how to do so using a host of methods, including both free and premium utilities, in both MacOS and Windows 10.
Deals

Keep an eye on things with the Alexa-enabled Ring video doorbell, now only $93

Smart home devices like the Ring video doorbell make it easier to keep an eye on your castle right from your smartphone – no matter where you are. If you want to smarten up your home security, here's how you can grab a Ring doorbell on…
Mobile

On a budget? We found the best affordable smartphones you can buy

Here are the best cheap phones for anyone working with a tight budget, whether you're a fan of stock Android or marathon battery life. Find out what you can get for under $500 or far, far less as we round up the best budget smartphones.
Home Theater

Set your ears free with the best completely wireless earbuds

If you can't stand the tangle of cords, or you're just excited about completely wireless earbuds, you're going to need some help separating the wheat from the chaff. Our list serves up the best wireless earbuds around.
Deals

REI clearance sale extends discounts on Garmin, Fitbit, and GoPro devices

Beyond the things you typically expect to find at REI — like tents, skis, and jackets — there are tons of great deals on quality tech foryour outdoor adventures. From smartwatches to action cameras, here are the best tech deals.
Mobile

Put down the controller and pick up the best phones for gaming on the go

Which phones are the best if all you want to do is play some mobile games? We've done the hard work and put together a list of the best gaming phones on Android and iOS, so you can keep playing and winning.
Social Media

#ThrowbackThursday is only the start: Instagram hashtags for every day of the week

Not getting your hashtag fill with #ThrowbackThursday or #ManCrushMonday? Here's a list of some of the more popular Instagram hashtags, so you can outfit your next post with the proper tag, regardless of what day it is.
Mobile

Protect your new iPhone with one of our favorite iPhone XR cases

Apple's new iPhone range is the toast of 2018, with beautiful style and more power than you can shake a stick at. But beauty can often be fragile -- keep the damage to a minimum with the best iPhone XR cases.
Computing

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement or an unwanted trip to your local repair shop.
Mobile

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Mobile

5G Coverage

Curious about 5G and what it means for you? Well here is our awesome one stop shop for all things 5g.
Social Media

Instagram could be making a special type of account for influencers

Instagram influencers fall somewhere between a business profile and a typical Instagram, so the company is working on developing a type of account just for creators. The new account type would give creators more access to analytical data.