Skip to main content
  1. Home
  2. Mobile
  3. News

Is your smartphone being tracked? We asked an expert

Simon Hill
By

In the movies, people on the run are often hunted down because of their cell phones. There are countless scenes where expensive smartphones are smashed to bits, or dropped in rivers, to evade capture by nefarious government operatives or well-equipped mobsters.

Hopefully you’re not in that situation. But if you were, do you really need to go that far? We asked the experts what information your cell phone is really broadcasting about you, how to protect yourself, and what it would take to truly go off the grid.

Recommended Videos

The simple options don’t work

If you suspected your phone were being tracked and wanted to start covering your tracks without snapping it in half, your first bet might be to simply turn on airplane mode. That won’t cut it.

Related

“Every phone has two operating systems,” explains Gary S. Miliefsky, CEO of SnoopWall, “One that connects to cellular networks, and one that interfaces with the consumer. Airplane mode may only disable features in the consumer facing operating system, such as Android or iOS, but not in the OS used between the phone and the carrier network. A phone may be giving out a ‘ping’ and you’d never know it.”

Communicating at all with a cell tower could expose you

It doesn’t even need to be sending out GPS coordinates — communicating at all with a cell tower could expose you. By comparing the signal strength of your cell phone on multiple cell towers, someone looking for you can approximate your location with triangulation. This requires access to data from your mobile network, which should keep it out of reach for criminals, but carriers can be compelled to provide that data to law-enforcement agencies.

So how about removing the SIM card?

“Removing the SIM may work to stop most cyber criminals, but every phone has a built-in feature set of identifiers that may be detected via tools like Stingray devices now used by the police and military, as well as fake 2G cell towers put up by the NSA,” Gary explains, “Forcing a phone to 2G means no encryption and it’s easily detected and tracked.”

Stingrays are also known as cell-site simulators, or IMSI catchers. They mimic cell phone towers and send out signals that can trick your cell phone into replying with your location and data that can be used to identify you. And they’re surprisingly widely used.

The American Civil Liberties Union has a map and list of federal agencies known to use cell-site simulators, which includes the FBI, the DEA, the Secret Service, the NSA, the U.S. Army, Navy, Marshals Service, Marine Corps, National Guard, and many more. For obvious reasons, it’s not an exhaustive list.

What about Wi-Fi?

At short range, you can be tracked by Wi-Fi. Every time you turn Wi-Fi on, your phone is sending out a signal that includes your unique MAC address, which is kind of like a fingerprint for digital devices. This kind of technology is already being used by stores to track your movements. It’s not ideal for surveillance, because of the limited range, but if someone has obtained your MAC address it could be used to deduce something like when you enter or leave a specific building.

Phone Wifi
Peter Bernik/Shutterstock
Peter Bernik/Shutterstock

The simple solution here is to avoid unencrypted public Wi-Fi. It’s also possible, on some phones, to change or spoof your MAC address. Some Android apps can help you do it, but you might have to root your phone. With iOS 8, Apple introduced more security by randomizing your MAC address, though, according to iMore, this feature may not work as well in practice as you’d hope.

Miliefsky also notes other reasons to avoid public Wi-Fi networks: so-called man-in-the-middle attacks and fake “trusted” routers. Fake Wi-Fi access points are also sometimes called “evil twins,” and they’re designed to look like a legitimate Wi-Fi network, but they’re actually operated by an attacker. If you connect, then they can eavesdrop, or direct you to a fake website where they can obtain sensitive passwords and other information.

Man-in-the-middle attacks are more common, because an attacker just has to be in range of an unencrypted Wi-Fi access point, and they can potentially intercept messages between two parties, or even interject new messages.

“If you are using HTTPS, TLS, or SSL it’s harder to eavesdrop on public Wi-Fi, but there have been some exploits like the SSL Heartbleed attack,” Miliefsky explains.

The TLS and SSL standards are supposed to ensure that your communications are encrypted. That’s why the Heartbleed vulnerability was such a big deal. It was an OpenSSL bug that potentially enabled cyber criminals to collect sensitive information, like encryption keys, so they could set up undetectable man-in-the-middle attacks.

The threat within

You may have concerns about privacy infringement from threats like Stingray, but there are easier ways to track us. Most criminals go for the low-hanging fruit, and the biggest threat for tracking and spying is probably malware.

“Public Wi-Fi is a smaller risk than trusted apps being creepware and spying on you,” suggests Miliefsky.

There are a lot of commercial, mobile spyware products on the market that can enable someone to intercept your emails, text messages, and calls.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera.

“You may have already installed an app you trust that can do this,” Miliefsky says, “Just go to the Google Play store or Apple iTunes and look at the permissions of some of the most popular apps like Flashlights, Bibles, Battery Maximizers, QR Readers, Password Managers, other utilities and games.”

Gary’s company SnoopWall hit the headlines last year with a Flashlight Spyware Report. It revealed that many popular flashlight apps in the Play Store were asking for a suspiciously long list of permissions, enabling them to theoretically do all sorts of things, like track you via GPS, access text message history, and access call logs.

In some cases it may even be possible for hackers to remotely access your smartphone microphone or camera, as Gary demonstrated on Good Morning America.

Steering clear of malware

The good thing about malware is that you have to install a malicious app. You can avoid opening SMS attachments, avoid apps from unknown sources, and cast a suspicious eye over your installed app list.

“It’s absolutely time for a spring cleaning,” suggests Gary, “Delete all the apps you don’t use.”

For the apps you decide to keep, Gary recommends checking four things:

  1. Permissions (Are there too many for what the app needs to do?)
  2. Privacy policy (Read it closely.)
  3. Company website (Are they based in malware hotbeds like China, Russia, Brazil, or India?)
  4. App developer email (Send one to see how they respond.)

“If you don’t like what you see with these four items, dump it and find a better, less privacy-invasive alternative,” says Gary, “You may have to buy an app to get one that doesn’t use ad networks and have creepware behaviors, but it’s worth 99 cents to reclaim your identity, isn’t it?”

How do you avoid being tracked?

There’s a difference between something being possible and something being probable. With a little bit of common sense, most of us can avoid any problems. Make sure you have lock-screen security, so no one can physically install an app on your phone when you’re not looking, follow the advice above about installing new apps, and avoid public Wi-Fi. If you absolutely must access public Wi-Fi, then use a VPN service or app. That will safeguard you against the most likely criminal threats.

Being tracked by a rogue FBI agent, hostile foreign government, or extremely well-equipped criminal gang is a different matter. If your concerns run this crazy deep, there are only a couple of foolproof options to safeguard your privacy.

“To avoid being tracked it’s best to put your phone in a PrivacyCase, or remove the battery,” says Miliefsky. A PrivacyCase wraps your phone in shielding that blocks signals from going in or out, kind of like going into a basement.

If you’re wondering why turning the phone off might not be enough, it’s because of malware, like PowerOffHijack. You won’t find it in the Play Store, and it requires your device to be rooted in order to work, but AVG reported more than 10,000 installations, mostly in China. It plays your usual shutdown animation and turns the screen blank, but actually keeps the device on, so that it can monitor you.

So if you truly want to go off-grid in a hurry, remove the battery. Of course, many modern smartphones, like the iPhone 6 and the Galaxy S6, don’t let you do that. So maybe the movies weren’t exaggerating after all: You may have to smash or ditch that smartphone if you really want to evade surveillance entirely.

Editors' Recommendations

Topics
Simon Hill
Simon Hill
Former Digital Trends Contributor
Simon Hill is an experienced technology journalist and editor who loves all things tech. He is currently the Associate Mobile…
You can pick up the Google Pixel 7 Pro for only $500 today
The Pixel 7 Pro with its display turned on, showing the home screen.

 

If you've been holding out on buying a new phone for a while because prices are still expensive, then you may want to consider going for one of the older flagship phones. For example, while the Pixel 8 Pro is out, the Pixel 7 Pro is still a powerful and viable alternative, and even better, it has quite a few great deals on it. In fact, you can buy a brand new and sealed Pixel 7 Pro from Woot for just $500, rather than the usual $1,100, and that's for the 512GB version of the phone, so you get a lot of storage with it as well.

Read more
A new Google Pixel Tablet is coming, but it’s not what you think
Google Pixel Tablet on its charging dock.

It's been almost a year since the Google Pixel Tablet went up for preorder, leading many Android tablet fans to wonder when the inevitable Pixel Tablet 2 will arrive. A new rumor suggests that Google could release a new Pixel Tablet as early as next month, but it's probably not what you were expecting or hoping for.

According to @MysteryLupin on X (formerly Twitter), Google is planning to "relaunch" the Pixel Tablet without the charging/speaker dock included in the box. As you'll likely recall, the speaker dock is the Pixel Tablet's standout feature. You can use the Pixel Tablet on its own as a traditional Android tablet when you want, and when you're done, you throw it on the dock to transform it into a smart display. The idea of Google selling the Pixel Tablet without its claim to fame is an interesting one.

Read more
Anker sale: up to 40% off portable chargers, cable, and more
The iPhone 15 Pro Max being charged by the Anker MagGo Power Bank.

If you've been looking to pick up a new charging cable, charger, or all-in-one charging station for your Android phone or iPhone, then you'll be happy to know that Anker is having a rather large Earth-Day sale that you can take advantage of. There are a ton of discounts that you can take advantage of, too, with up to 40% off in some cases. I that wasn't enough, you can even snag yourself some free gifts, for example, one of the best accessories for a Galaxy S24 is the Anker Nano Power Bank if you spend more than $90,  or even an Anker 621 Magnetic Battery if you spend over $120. Either way, there are a lot of options, and while we've shared some of our favorite deals below, it's also worth taking a look at everything Anker has to offer by pressing the button below.

What you should buy during Anker's Sale
One of the most basic things you may need for any device is a charging cable, and Anker has a couple of great options for that. If you're on an older iPhone with a lightning cable, you can grab Anker's Anker 641 USB-C to Lightning Cable that's 6 feet long using the coupon WSPEV2KENJP2. On the other hand, if you need a USB-C to connect and charge your devices, you can grab the 6-foot Anker 543 USB-C to USB-C Cable using the code WSPEV2EHDR0C.

Read more