Privacy Breakdown of Mobile Phones (2023)

Location Tracking

The deepest privacy threat from mobile phones—yet one that is often completely invisible—is the way that they announce your whereabouts all day (and all night) long through the signals they broadcast. There are at least four ways that an individual phone's location can be tracked by others.

  • Mobile Signal Tracking from Towers
  • Mobile Signal Tracking from Cell Site Simulators
  • Wi-Fi and Bluetooth Tracking
  • Location Information Leaks from Apps and Web Browsing

Mobile Signal Tracking — Towers

In all modern mobile networks, the operator can calculate where a particular subscriber's phone is located whenever the phone is powered on and registered with the network. The ability to do this results from the way the mobile network is built, and is commonly called triangulation.

Privacy Breakdown of Mobile Phones (2)

One way the operator can do this is to observe the signal strength that different towers observe from a particular subscriber's mobile phone, and then calculate where that phone must be located in order to account for these observations. This is done with Angle of Arrival measurements or AoA. The accuracy with which the operator can figure out a subscriber's location varies depending on many factors, including the technology the operator uses and how many cell towers they have in an area. Usually, with at least 3 cell towers the operator can get down to ¾ of a mile or 1km. For modern cell phones and networks trilateration is also used. In particular, it is used where the “locationInfo-r10” feature is supported. This feature returns a report that contains the phone’s exact GPS coordinates.

There is no way to hide from this kind of tracking as long as your mobile phone is powered on, with a registered SIM card, and transmitting signals to an operator's network. Although normally only the mobile operator itself can perform this kind of tracking, a government could force the operator to turn over location data about a user (in real-time or as a matter of historical record). In 2010, a German privacy advocate named Malte Spitz used privacy laws to get his mobile operator to turn over the records that it had about his records; he chose to publish them as an educational resource so that other people could understand how mobile operators can monitor users this way. (You can visit here to see what the operator knew about him.) The possibility of government access to this sort of data is not theoretical: it is already being widely used by law enforcement agencies in countries like the United States.

(Video) The Complete Android Privacy & Security Guide: Your Best Protection!

Another related kind of government request is called a tower dump; in this case, a government asks a mobile operator for a list of all of the mobile devices that were present in a certain area at a certain time. This could be used to investigate a crime, or to find out who was present at a particular protest.

  • Reportedly, the Ukrainian government used a tower dump for this purpose in 2014, to make a list of all of the people whose mobile phones were present at an anti-government protest.
  • In Carpenter v. United States, the Supreme Court ruled that obtaining historical cell site location information (CSLI) containing the physical locations of cellphones without a search warrant violates the Fourth Amendment.

Carriers also exchange data with one another about the location from which a device is currently connecting. This data is frequently somewhat less precise than tracking data that aggregates multiple towers' observations, but it can still be used as the basis for services that track an individual device—including commercial services that query these records to find where an individual phone is currently connecting to the mobile network, and make the results available to governmental or private customers. (The Washington Post reported on how readily available this tracking information has become.) Unlike the previous tracking methods, this tracking does not involve forcing carriers to turn over user data; instead, this technique uses location data that has been made available on a commercial basis.

Mobile Signal Tracking — Cell Site Simulator

A government or another technically sophisticated organization can also collect location data directly, such as with a cell site simulator (a portable fake cell phone tower that pretends to be a real one, in order to “catch” particular users' mobile phones and detect their physical presence and/or spy on their communications, also sometimes called an IMSI Catcher or Stingray). IMSI refers to the International Mobile Subscriber Identity number that identifies a particular subscriber's SIM card, though an IMSI catcher may target a device using other properties of the device as well.

Privacy Breakdown of Mobile Phones (5)

The IMSI catcher needs to be taken to a particular location in order to find or monitor devices at that location. It should be noted that IMSI traffic interception by law enforcement would meet the parameters for a warrant. However, a “rogue” CSS, (not set up by law enforcement) would be operating outside of those legal parameters.

(Video) Cybersecurity Phone vs Privacy Phone - Not the Same + Q&A

Currently there is no reliable defense against all IMSI catchers. (Some apps claim to detect their presence, but this detection is imperfect.) On devices that permit it, it could be helpful to disable 2G support (so that the device can connect only to 3G and 4G networks) and to disable roaming if you don't expect to be traveling outside of your home carrier's service area. Additionally, it could be helpful to use encrypted messaging such as Signal, WhatsApp, or iMessage to ensure the content of your communications can’t be intercepted. These measures may protect against certain kinds of IMSI catchers.

Wi-Fi and Bluetooth Tracking

Modern smartphones have other radio transmitters in addition to the mobile network interface. They usually also have Wi-Fi and Bluetooth support. These signals are transmitted with less power than a mobile signal and can normally be received only within a short range (such as within the same room or the same building), although someone using a sophisticated antenna could detect these signals from unexpectedly long distances; in a 2007 demonstration, an expert in Venezuela received a Wi-Fi signal at a distance of 382 km or 237 mi, under rural conditions with little radio interference. However, this scenario of such a wide range is unlikely. Both of these kinds of wireless signals include a unique serial number for the device, called a MAC address, which can be seen by anybody who can receive the signal.

Privacy Breakdown of Mobile Phones (6)

Whenever Wi-Fi is turned on, a typical smartphone will transmit occasional “probe requests” that include the MAC address and will let others nearby recognize that this particular device is present. Bluetooth devices do something similar. These identifiers have traditionally been valuable tools for passive trackers in retail stores and coffee shops to gather data about how devices, and people, move around the world. However, on the latest updates on iOS and Android, the MAC address included in probe requests is randomized by default programmatically, which makes this kind of tracking much more difficult. Since MAC randomization is software based, it is fallible and the default MAC address has the potential to be leaked. Moreover, some Android devices may not implement MAC randomization properly (PDF download).

Although modern phones usually randomize the addresses they share in probe requests, many phones still share a stable MAC address with networks that they actually join, such as sharing a connection with wireless headphones. This means that network operators can recognize particular devices over time, and tell whether you are the same person who joined the network in the past (even if you don't type your name or e-mail address anywhere or sign in to any services).

(Video) Privacy: Mobile Phone Tracking (subtitles)

A number of operating systems are moving towards having randomized MAC addresses on WiFi. This is a complex issue, as many systems have a legitimate need for a stable MAC address. For example, if you sign into a hotel network, it keeps track of your authorization via your MAC address; when you get a new MAC address, that network sees your device as a new device. iOS 14 has settings per-network, “Private MAC addresses.”

Location Information Leaks From Apps and Web Browsing

Modern smartphones provide ways for the phone to determine its own location, often using GPS and sometimes using other services provided by location companies (which usually ask the company to guess the phone's location based on a list of cell phone towers and/or Wi-Fi networks that the phone can see from where it is). This is packaged into a feature both Apple and Google call “Location Services”. Apps can ask the phone for this location information and use it to provide services that are based on location, such as maps that display your location on the map. The more recent permissions model has been updated for applications to ask to use location. However, some applications can be more aggressive than others asking to either use GPS or the combination of Location Services.

Privacy Breakdown of Mobile Phones (7)

Some of these apps will then transmit your location over the network to a service provider, which, in turn, provides a way for the application and third parties they may share with to track you. (The app developers might not have been motivated by the desire to track users, but they might still end up with the ability to do that, and they might end up revealing location information about their users to governments or a data breach.) Some smartphones will give you some kind of control over whether apps can find out your physical location; a good privacy practice is to try to restrict which apps can see this information, and at a minimum to make sure that your location is only shared with apps that you trust and that have a good reason to know where you are.

In each case, location tracking is not only about finding where someone is right now, like in an exciting movie chase scene where agents are pursuing someone through the streets. It can also be about answering questions about people's historical activities and also about their beliefs, participation in events, and personal relationships. For example, location tracking could be used to find out whether certain people are in a romantic relationship, to find out who attended a particular meeting or who was at a particular protest, or to try to identify a journalist's confidential source.

(Video) Why Apple Takes Privacy Seriously

The Washington Post reported in December 2013 on NSA location-tracking tools that collect massive amounts of information “on the whereabouts of cellphones around the world,” mainly by tapping phone companies' infrastructure to observe which towers particular phones connect to, and when those phones connect to those towers. A tool called CO-TRAVELER uses this data to find relationships between different people's movements (to figure out which people's devices seem to be traveling together, as well as whether one person appears to be following another).

Behavioral Data Collection and Mobile Advertising Identifiers

In addition to the location data collected by some apps and websites, many apps share information about more basic interactions, such as app installs, opens, usage, and other activity. This information is often shared with dozens of third-party companies throughout the advertising ecosystem enabled by real-time bidding (RTB). Despite the mundane nature of the individual data points, in aggregate this behavioral data can still be very revealing.

Advertising technology companies convince app developers to install pieces of code in software development kit (SDK) documentation in order to serve ads in their apps. These pieces of code collect data about how each user interacts with the app, then share that data with the third-party tracking company. The tracker may then re-share that information with dozens of other advertisers, advertising service providers, and data brokers in a milliseconds-long RTB auction.

Privacy Breakdown of Mobile Phones (8)

This data becomes meaningful thanks to the mobile advertising identifier, or MAID, a unique random number that identifies a single device. Each packet of information shared during an RTB auction is usually associated with a MAID. Advertisers and data brokers can pool together data collected from many different apps using the MAID, and therefore build a profile of how each user identified by a MAID behaves. MAIDs do not themselves encode information about a user’s real identity. However, it’s often trivial for data brokers or advertisers to associate a MAID with a real identity, for example by collecting a name or email address from within an app.

(Video) Want some protection? Let's talk about your phone's privacy

Mobile ad IDs are built into both Android and iOS, as well as a number of other devices like game consoles, tablets, and TV set top boxes. On Android, every app, and every third-party installed in those apps, has access to the MAID by default. Furthermore, there is no way to turn off the MAID on an Android device at all: the best a user can do is to “reset” the identifier, replacing it with a new random number. In the latest version of iOS, apps finally need to ask permission before collecting and using the phone’s mobile ad ID. However, it’s still unclear whether users realize just how many third parties may be involved when they agree to let a seemingly-innocuous app access their information.

Behavioral data collected from mobile apps is used primarily by advertising companies and data brokers, usually to do behavioral targeting for commercial or political ads. But governments have been known to piggyback on the surveillance done by private companies.

Further reading on browser tracking: What Is Fingerprinting?


What is privacy on mobile device? ›

System Settings

Android 12 includes a privacy dashboard to show what apps have been up to, as well as shortcuts to managing the information that Google collects and stores in one's Google Account. If you are curious, Apple and Google have posted statements about how they use your data.

Why is privacy an important issue when using smartphones? ›

Applications running on your phone may be granted access to certain sensors or data, and may be sharing that data with the developer (and advertisers). Criminals may infiltrate your phone through malware, hacking, or physical access to your device.

Which phone has highest privacy? ›

Top 5 Best and Most Secure Smartphones for Privacy in 2022
  • Blackphone PRIVY 2.0 – Top-level security.
  • Sirin Labs Finney U1 – Best for crypto users.
  • Bittium Tough Mobile C – Best for private key management.
  • Purism Librem 5 – Best for maximum security.
  • Sirin Solarin – Best for preventing incoming threats.

What is the most secure phone 2022? ›

Top 10 Most Secure Phones in 2022
  • Google Pixel 5. ...
  • Samsung Galaxy S20 Ultra. ...
  • Apple iPhone SE. ...
  • Silent Circle Blackphone 2. ...
  • Sirin Labs Finney U1. ...
  • BlackBerry Key2. ...
  • Blackberry DTEK50. ...
  • BlackBerry KeyOne.

Are mobile phones an invasion of privacy? ›

Some experts believe that smartphones pose privacy risks because they can easily be turned into surveillance devices without impairing their functions. They also say that smartphones can be used as tracking devices by private hackers, the government, or cloud service provider.

Who can see what I do on my phone? ›

Unfortunately, spyware apps aren't the only way that someone can spy on your phone activity, though. ISPs, governments, WiFi administrators, search engines, website owners, and hackers all have the capacity to spy on certain aspects of what you do on your phone – without having to install any spyware software.

Are cell phones really private? ›

Cell phones can be tracked by the government pulling information from your service provider. A person places or receives a call on their cell phone, which connects to the nearest cellular tower transmitting information through the strongest signal.

How can we protect our privacy when using smartphones? ›

The research
  1. Enable two-factor authentication.
  2. Set a strong passcode (and consider disabling fingerprint or face login)
  3. Audit app permissions.
  4. Enable automatic updates.
  5. Enable Find My Device.
  6. Keep sensitive notifications off the lock screen.
  7. Disable personalized ads.
  8. Give your Google account a privacy check-up.
23 Aug 2022

What are the risks of smartphones? ›

Short wavelength blue light emitted by smartphones and other types of screens can cause health effects like eye strain and pain. This type of light may even damage the cornea and impact vision. The cornea is a clear lens on the front of the eye.

Which phones get hacked the most? ›

You are 192 times more at risk to get hacked if you have THIS phone
Most hacked phone brands (US)Total search volume
2 more rows
11 Dec 2019

What phone is hardest to hack? ›

Among the most secure Phones – Purism Librem 5

The Purism Librem 5 comes with three kill switches, hardware-wise, that can turn off the sensors. These switches are located for the cameras, microphone, Wi-Fi, Bluetooth, and cellular baseband. This phone has all the significant trackers disabled by default.

Which is safer iPhone or Android? ›

Apple's mobile devices and their operating systems are inseparable, giving them far more control over how they work together. While iOS device features are more restricted than an Android device, the iPhone's integrated design makes security vulnerabilities far less frequent and harder to find.

Which phone does not spy on you? ›

A Security and Privacy Focused Phone

“The Purism Librem 5 is designed with security in mind and has privacy protection by default.”

Can my phone be tracked if it is turned off? ›

A phone that is turned off is difficult to track because it stops sending signals to cell towers. However, the service provider or internet provider can show the last location once it's switched back on.

Can your phone hear your conversation? ›

Foremost, our phones listen to us to virtually assist us. That's through voice assistant apps, like Siri and “Hey Google,” but also through personalized advertisements that follow conversations had on them.

Does government check your phone? ›

Even if the international supply chain of phone location data is opaque, the data often eventually gets into the hands of law enforcement authorities. Overall, you should realize that the state can track your phone, just in the same way they can easily track your physical location.

Can you tell if your phone is being monitored? ›

Can you tell if your phone is being monitored? Yes, there are signs that will tell you when your phone is being monitored. These signs include overheating of your device, the battery draining fast, receiving odd text messages, hearing weird sounds during calls, and random reboots of your phone.

Can you tell if someone has access to your phone? ›

Pick Digital Wellbeing & parental controls from Android Settings or Screen Time from iOS Settings. There, you can dig in to see which apps have been in use over the past 24 hours or the past few days—if there are apps you don't remember using, it might be a sign that someone else has been on your phone.

Can someone watch you through your phone camera? ›

Plenty of spy and stalkerware exists that could compromise your device, and anyone with the right software and expertise could realistically use your phone's camera to spy on you. On top of that, popular app developers aren't immune to accusations of watching you through your phone's camera.

Are phones always listening? ›

Smartphones do pick up audio in your environment, but it's not the same as actively listening to your conversations unless you activate a voice assistant. Unless you start your sentences with “Hey, Siri,” “OK, Google,” or “Alexa,” there's no need to worry that your phone could be spying on specific conversations.

Is the government listening to me? ›

Government cannot spy or listen without a search warrant

But the good news is, according to the law, the government or any of its subsidiary bodies has no right to deliberately tap or listen in on any U.S. citizens and resident without a search warrant.

Why is privacy so important? ›

Privacy is important because: Privacy gives us the power to choose our thoughts and feelings and who we share them with. Privacy protects our information we do not want shared publicly (such as health or personal finances). Privacy helps protect our physical safety (if our real time location data is private).

How do I make my phone completely private? ›

How to stay private when using Android
  1. The basic principle: Turn everything off. ...
  2. Avoid Google Data Protection. ...
  3. Use a PIN. ...
  4. Encrypt your device. ...
  5. Keep your software up-to-date. ...
  6. Be wary of unknown sources. ...
  7. Check app permissions. ...
  8. Review your cloud sync.
13 Dec 2019

Can hackers get your phone camera? ›

All sorts of apps can request permission to access the camera, microphone, and other features, such as location information, on your phone or computer. Using the steps below, it's easy to see which apps have requested permission and revoke permissions that you've granted in the past.

What are 4 dangers to be aware of for mobile phone users? ›

Radiation: Health risks of mobile phones and base stations
  • cancer.
  • other health effects.
  • electromagnetic interference.
  • traffic accidents.
20 Sept 2013

What are some privacy issues that students might have with smartphones? ›

In fact, modern smartphones are as powerful as desktop computers, but “know” much more about their owners: current and past location, contents of their private text messages, photos and other sensitive information, as well as their online banking credentials and other financial data.

What are your privacy settings? ›

Privacy settings are controls available on many websites and apps to limit who can access your profile and what information visitors can see. When online profiles are created, it's often assumed that they will be private by default.

How do I make my phone private? ›

Tips to make your Android phone as private as possible:
26 Jul 2022

How do I block my phone from being tracked? ›

On Android: Open the App Drawer, go into Settings, select Location, and then enter Google Location Settings. Here, you can turn off Location Reporting and Location History.

Why is privacy so important? ›

Privacy is important because: Privacy gives us the power to choose our thoughts and feelings and who we share them with. Privacy protects our information we do not want shared publicly (such as health or personal finances). Privacy helps protect our physical safety (if our real time location data is private).

Who can see my data? ›

Internet Service Providers (ISPs) can see everything you do online. They can track things like which websites you visit, how long you spend on them, the content you watch, the device you're using, and your geographic location.

Who can see my Google activity? ›

Choose what info to show
  1. Go to your Google Account.
  2. On the left, click Personal info.
  3. Under “Choose what others see”, click Go to About me.
  4. Below a type of info, you can choose who currently sees your info.
  5. Choose one of the following: To make the info private, click Only you. .

What happens to your data when you close your account? ›

You'll lose all the data and content in that account, like emails, files, calendars, and photos. You won't be able to use Google services where you sign in with that account, like Gmail, Drive, Calendar, or Play.

Are Iphones really private? ›

Full device encryption scrambles all of the data stored on the device making it unreadable from outside of the device. Lucky for us, today's smartphones come with full device encryption enabled by default, making it almost impossible to steal information from the phone if it is lost or stolen.

Can someone steal data from your phone? ›

Skilled hackers can take over a hacked smartphone and do everything from making overseas phone calls, sending texts, and using your phone's browser to shop on the Internet. Since they're not paying your smartphone bill, they don't care about exceeding your data limits.

How do I make my iPhone completely private? ›

The research
  1. Enable two-factor authentication.
  2. Set a strong passcode (and consider disabling Touch ID or Face ID)
  3. Change what's accessible on your lock screen.
  4. Clean up lock-screen widgets and notification settings.
  5. Audit app permissions.
  6. Use “Sign in with Apple”
  7. Enable automatic updates.
  8. Disable ad tracking.
14 Sept 2022

How can you tell if your phone is being monitored by someone else? ›

Mobile Spyware: How to Tell If Your Phone Is Being Monitored
  • Your phone randomly reboots without your permission.
  • You notice your phone is slow and takes longer to load than before.
  • You receive strange text messages you can't place.
  • Your device tends to overheat for no reason.

Can someone watch you through your phone camera? ›

Plenty of spy and stalkerware exists that could compromise your device, and anyone with the right software and expertise could realistically use your phone's camera to spy on you. On top of that, popular app developers aren't immune to accusations of watching you through your phone's camera.

What to dial to see if your phone is being monitored? ›

*#21# This simple code let you find out whether your calls, messages, and other data are being diverted. The status of the different types of diversions that are taking place along with the number the information is being transferred to will be displayed on your phone's screen.


1. Samsung Privacy: The Private Vault
2. Data Privacy: How to Prevent Your Phone From Sharing Too Much | Tech News Briefing Podcast | WSJ
(Wall Street Journal)
3. Privacy and smartphone apps: What data your phone may be giving away (CBC Marketplace)
(CBC News)
4. #DataPrivacyDay2022 A Complete Guide to Web-Based Mobile Phone Privacy and Solutions
(Wondershare MobileTrans Phone Transfer Solution)
5. How To Protect Your Mobile Phone Privacy - Android
6. How Cell Phones Reveal Your Location - Computerphile
Top Articles
Latest Posts
Article information

Author: Duncan Muller

Last Updated: 30/04/2023

Views: 5797

Rating: 4.9 / 5 (59 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Duncan Muller

Birthday: 1997-01-13

Address: Apt. 505 914 Phillip Crossroad, O'Konborough, NV 62411

Phone: +8555305800947

Job: Construction Agent

Hobby: Shopping, Table tennis, Snowboarding, Rafting, Motor sports, Homebrewing, Taxidermy

Introduction: My name is Duncan Muller, I am a enchanting, good, gentle, modern, tasty, nice, elegant person who loves writing and wants to share my knowledge and understanding with you.