Smartphones are one of the fastest evolving technologies. Just a few decades ago, mobile phones were relatively weak computational devices with limited functionality. In comparison, today’s smartphone is almost a must-have gadget, that usually has access to the internet, can send and receive large amounts of data, even monitor a person’s heart rate.

However, with broader functionality comes new challenges. Each unique smartphone became a deeply personalized and filled with sensitive data device, raising questions about its security. Since smartphone stays nearby most of the time, it became a perfect tool for location tracking. Mainly used for marketing purposes, location tracking was also deployed for shutting down political unrest and exploited by cyber criminals for potential crime organization. In this article, I will outline five ways to track a smartphone.

1. The Triangulation method

Triangulation method was developed way before the emergence of smartphones. It works by calculating the distance from three known points, in this example, three mobile cell sites. For a mobile phone to work, it must have a connection to a mobile cellular network, and each phone is sending a signal to a mobile cell site nearby. By measuring the strength of the signal, an approximate distance to the cell site can be obtained, and by measuring the distance to three cell sites, a relatively accurate location of the device can be extracted.

Cyber criminals can hardly exploit this operation because access to cell site data in question is mandatory to make the measurements. However, this technique can be used by governmental law agencies or the governments themselves. For example, access to cell sites data can be requested by law agencies to investigate a particular crime.

It can also be demanded because of surveillance reasons. In 2014 Ukrainian protesters got a frightening message “You Were Identified as a Participant in a Mass Disturbance”. It is speculated, that by using this tracking method Ukrainian government gathered location data of their citizens and tried to use it to deter from further action.

2. Cell Site Simulator

The saying “where there is a will, there is a way” fits perfectly when talking about Cell Site Simulation. If there is no way for hackers or law agencies to gain access to mobile cell sites, fake mobile towers can be deployed to which smartphones are expected to connect, and then triangulation can be deployed. This falls under the category of MITM attacks, because third parties are intercepting the communication and by doing that obtain access to private information, this time, the location data.

3. GPS tracking

GPS stands for Global Positioning Systems and is probably the most powerful tracking system there is. To be precise, GPS technology itself does not track individual devices, but only absorbs and responds to their signals and provides an interconnected network sustained by satellites orbiting the earth.

However, many Apps rely on GPS information. Google Maps and Pokemon Go are two examples that collect GPS data to provide a service. This way, a leaking App with access to GPS data can acquire and transmit the location of individual devices that are connected to the network. In early 2018, two security experts exposed vulnerabilities in hundreds of GPS services that allowed third-party access to personal information.

4. Wi-Fi and Bluetooth Tracking

Contemporary smartphones, in addition to a mobile network, can also connect via Bluetooth or Wi-Fi. Both connections require and expose device MAC (media access control) address, which is unique to each device and cannot be changed without additional effort. Furthermore, even if a mobile phone is not connected to any wireless network or does not use Bluetooth at any given moment, it will still send signals to nearby networks including it’s MAC address if the Wi-Fi option is turned on.

This way, third parties, like shops or airports, can track how many people are around and how long do they stay in a particular location. Also, fake Wi-Fi access points can be set up by cyber criminals to monitor these signals and link device MAC address to an approximate location.

4. Location leaks from Mobile Apps

Application leaks are one of the most dangerous phenomena when it comes to location tracking. Usually, most Apps do not have an intention to collect or leak location data, but regarding the poor state of cyber security nowadays, exploiting weak security features of mobile Apps is still a popular way to get access to confidential information.

Facebook’s Onavo VPN is a perfect example of a malicious App. It was marketed as security software that allows controlling background Apps data as well as provides a secure and private connection to the internet. However, in practice it was spyware that once installed on device starts gathering “time you spend using apps, mobile and Wi-Fi data you use per app, the websites you visit, and your country, device and network type.” Once disclosed, Facebook had to take the service down.

Moreover, some Apps, like Instagram, do need access to certain information in order to function. In other words, denying this information would render the App useless. But that does not mean each and every App needs access to location, or other personal information. Reading the terms and conditions before accepting them should be a must before using any application.

5. Tracking location by power consumption

In 2015, Usenix, the advanced computing systems association, released a paper where another tracking method was analysed. One way or another, Apps do need to get permission to access sensitive location data. In the case of Onavo VPN, a user could notice it’s spyware by carefully reading terms and conditions. Sadly, most people skip through several boring and poorly written pages, and it becomes easier for Apps to extract personal information “with a users consent.”

However, if the App does not have permission to access location data, it can still be extracted by monitoring the smartphones power consumption. According to this research, it can be done by “using seemingly benign sensor: the phone’s power meter that measures the phone’s power consumption over a period of time.” They noticed that power consumption varies if the signal strength changes, and signal strength changes in relation to the distance (and obstacles in between) of a cell site.

Figure 3: For two different phone models, power variations on the same drive are similar. https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-michalevsky.pdf

It must be mentioned that there are a lot of preconditions for this to work. An attacker must have at least some idea where the victim is, and have access to data of the surroundings. Sadly, the same GPS and Google maps can provide useful information, and once the suspect is in the area, his or her movement can be traced by solely monitoring the power consumption. The trick is, most personal data requires specific permissions to be monitored, while “reading the phone’s power meter requires no special permissions”, making this a tricky, yet possible way to track users location.