Skip to main content

Is your smartphone being tracked? We asked an expert

In the movies, people on the run are often hunted down because of their cell phones. There are countless scenes where expensive smartphones are smashed to bits, or dropped in rivers, to evade capture by nefarious government operatives or well-equipped mobsters.

Hopefully you’re not in that situation. But if you were, do you really need to go that far? We asked the experts what information your cell phone is really broadcasting about you, how to protect yourself, and what it would take to truly go off the grid.

The simple options don’t work

If you suspected your phone were being tracked and wanted to start covering your tracks without snapping it in half, your first bet might be to simply turn on airplane mode. That won’t cut it.

“Every phone has two operating systems,” explains Gary S. Miliefsky, CEO of SnoopWall, “One that connects to cellular networks, and one that interfaces with the consumer. Airplane mode may only disable features in the consumer facing operating system, such as Android or iOS, but not in the OS used between the phone and the carrier network. A phone may be giving out a ‘ping’ and you’d never know it.”

Communicating at all with a cell tower could expose you

It doesn’t even need to be sending out GPS coordinates — communicating at all with a cell tower could expose you. By comparing the signal strength of your cell phone on multiple cell towers, someone looking for you can approximate your location with triangulation. This requires access to data from your mobile network, which should keep it out of reach for criminals, but carriers can be compelled to provide that data to law-enforcement agencies.

So how about removing the SIM card?

“Removing the SIM may work to stop most cyber criminals, but every phone has a built-in feature set of identifiers that may be detected via tools like Stingray devices now used by the police and military, as well as fake 2G cell towers put up by the NSA,” Gary explains, “Forcing a phone to 2G means no encryption and it’s easily detected and tracked.”

Stingrays are also known as cell-site simulators, or IMSI catchers. They mimic cell phone towers and send out signals that can trick your cell phone into replying with your location and data that can be used to identify you. And they’re surprisingly widely used.

The American Civil Liberties Union has a map and list of federal agencies known to use cell-site simulators, which includes the FBI, the DEA, the Secret Service, the NSA, the U.S. Army, Navy, Marshals Service, Marine Corps, National Guard, and many more. For obvious reasons, it’s not an exhaustive list.

What about Wi-Fi?

At short range, you can be tracked by Wi-Fi. Every time you turn Wi-Fi on, your phone is sending out a signal that includes your unique MAC address, which is kind of like a fingerprint for digital devices. This kind of technology is already being used by stores to track your movements. It’s not ideal for surveillance, because of the limited range, but if someone has obtained your MAC address it could be used to deduce something like when you enter or leave a specific building.

The simple solution here is to avoid unencrypted public Wi-Fi. It’s also possible, on some phones, to change or spoof your MAC address. Some Android apps can help you do it, but you might have to root your phone. With iOS 8, Apple introduced more security by randomizing your MAC address, though, according to iMore, this feature may not work as well in practice as you’d hope.

Miliefsky also notes other reasons to avoid public Wi-Fi networks: so-called man-in-the-middle attacks and fake “trusted” routers. Fake Wi-Fi access points are also sometimes called “evil twins,” and they’re designed to look like a legitimate Wi-Fi network, but they’re actually operated by an attacker. If you connect, then they can eavesdrop, or direct you to a fake website where they can obtain sensitive passwords and other information.

Man-in-the-middle attacks are more common, because an attacker just has to be in range of an unencrypted Wi-Fi access point, and they can potentially intercept messages between two parties, or even interject new messages.

“If you are using HTTPS, TLS, or SSL it’s harder to eavesdrop on public Wi-Fi, but there have been some exploits like the SSL Heartbleed attack,” Miliefsky explains.

The TLS and SSL standards are supposed to ensure that your communications are encrypted. That’s why the Heartbleed vulnerability was such a big deal. It was an OpenSSL bug that potentially enabled cyber criminals to collect sensitive information, like encryption keys, so they could set up undetectable man-in-the-middle attacks.

The threat within

You may have concerns about privacy infringement from threats like Stingray, but there are easier ways to track us. Most criminals go for the low-hanging fruit, and the biggest threat for tracking and spying is probably malware.

“Public Wi-Fi is a smaller risk than trusted apps being creepware and spying on you,” suggests Miliefsky.

There are a lot of commercial, mobile spyware products on the market that can enable someone to intercept your emails, text messages, and calls.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera.

“You may have already installed an app you trust that can do this,” Miliefsky says, “Just go to the Google Play store or Apple iTunes and look at the permissions of some of the most popular apps like Flashlights, Bibles, Battery Maximizers, QR Readers, Password Managers, other utilities and games.”

Gary’s company SnoopWall hit the headlines last year with a Flashlight Spyware Report. It revealed that many popular flashlight apps in the Play Store were asking for a suspiciously long list of permissions, enabling them to theoretically do all sorts of things, like track you via GPS, access text message history, and access call logs.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera, as Gary demonstrated on Good Morning America.

Steering clear of malware

The good thing about malware is that you have to install a malicious app. You can avoid opening SMS attachments, avoid apps from unknown sources, and cast a suspicious eye over your installed app list.

“It’s absolutely time for a spring cleaning,” suggests Gary, “Delete all the apps you don’t use.”

For the apps you decide to keep, Gary recommends checking four things:

  1. Permissions (Are there too many for what the app needs to do?)
  2. Privacy policy (Read it closely.)
  3. Company website (Are they based in malware hotbeds like China, Russia, Brazil, or India?)
  4. App developer email (Send one to see how they respond.)

“If you don’t like what you see with these four items, dump it and find a better, less privacy-invasive alternative,” says Gary, “You may have to buy an app to get one that doesn’t use ad networks and have creepware behaviors, but it’s worth 99 cents to reclaim your identity, isn’t it?”

How do you avoid being tracked?

There’s a difference between something being possible and something being probable. With a little bit of common sense, most of us can avoid any problems. Make sure you have lock-screen security, so no one can physically install an app on your phone when you’re not looking, follow the advice above about installing new apps, and avoid public Wi-Fi. If you absolutely must access public Wi-Fi, then use a VPN service or app. That will safeguard you against the most likely criminal threats.

Being tracked by a rogue FBI agent, hostile foreign government, or extremely well-equipped criminal gang is a different matter. If your concerns run this crazy deep, there are only a couple of foolproof options to safeguard your privacy.

“To avoid being tracked it’s best to put your phone in a PrivacyCase, or remove the battery,” says Miliefsky. A PrivacyCase wraps your phone in shielding that blocks signals from going in or out, kind of like going into a basement.

If you’re wondering why turning the phone off might not be enough, it’s because of malware, like PowerOffHijack. You won’t find it in the Play Store, and it requires your device to be rooted in order to work, but AVG reported more than 10,000 installations, mostly in China. It plays your usual shutdown animation and turns the screen blank, but actually keeps the device on, so that it can monitor you.

So if you truly want to go off-grid in a hurry, remove the battery. Of course, many modern smartphones, like the iPhone 6 and the Galaxy S6, don’t let you do that. So maybe the movies weren’t exaggerating after all: You may have to smash or ditch that smartphone if you really want to evade surveillance entirely.

Editors' Recommendations

Simon Hill
Former Digital Trends Contributor
Simon Hill is an experienced technology journalist and editor who loves all things tech. He is currently the Associate Mobile…
The best iPhone 15 Plus cases in 2023: 11 best ones right now
iPhone 15 color family includes: Black, Green, Blue, Yellow, and Pink.

One of Apple’s latest and greatest, the iPhone 15 Plus, is finally here. Announced at Apple's big iPhone 15 event, the iPhone 15 Plus gives you a huge 6.7-inch Super Retina XDR OLED display with Dynamic Island, an A16 Bionic chip for fast performance, and a powerful dual-camera system with a 48MP wide and 12MP ultrawide lenses. It has also ditched Lightning for USB-C, and it comes in five fun colors this year.

But considering that the iPhone 15 Plus still starts at a hefty $899 for the base model, that’s some pricey glass and aluminum. You definitely want to protect your investment, and one of the easiest ways to do so is with a good case. Here are some of the best iPhone 15 Plus cases you can buy right now.

Read more
Is this our first look at the Google Pixel 8a?
Side by side images of a reported Google Pixel 8a.

In May, there were reports that the Google Pixel 7a could be the last of Google's budget-friendly Pixel A smartphone series. Despite the series' success, it was believed that the 7a would be the last one. However, a recent post on X, formerly known as Twitter, by @yabhishekhd has sparked new rumors that there might actually be a Google Pixel 8a after all.

The tweet includes hands-on images of the supposed Google Pixel 8a, which is indeed interesting. The leak comes several months before any new Pixel A series would likely be released. The current Google Pixel 7a was only released this past May.

Read more
Hurry — OnePlus 11 just dropped to its cheapest-ever price
Angled view of OnePlus 11 Marble Odyssey Edition.

Amazon has some great phone deals for anyone who's been keen to buy a OnePlus 11 in recent times. Both the 8GB/128GB and the 16GB/256GB models have been reduced for a limited time only. The 8GB/128GB model is down to $600 with a $100 saving from $700, while the 16GB/256GB model is down to $650 reduced from $800 so you save $150 off the usual price. Anyone interested to learn more should keep reading. Alternatively, simply hit the respective buy button below if you know this is the one for you.

Why you should buy the OnePlus 11
The OnePlus 11 is a return to form for the company. It has an eye-catching design with its smooth glass, unusually shaped camera module, and a textured alert slider that makes it feel more tactile than most of the best phones around. It's slim and lightweight too which is always good to see, even if it does offer only IP64 water resistance and isn't particularly durable.

Read more