> It is unclear whether enabling airplane mode stops this tracking. The only way to make sure is to remove the SIM card and battery from the phone.
It is possible for a handset to attach to a network without a SIM card for the purposes of making an emergency call. Please don't think removing or swapping your SIM card stops tracking.
I've yet to see 2G or 3G phones try and talk to a local network in aeroplane mode (though you shouldn't believe me). I did see some oddness years ago when testing an early and proprietary LTE handset, but I'm not sure I'd believe that either.
It also seems like phones have their own tracking ids that they report, it's not just the sim card.
There was a great talk about some of this from black hat; how the CIA renditioned Abu Omar out of Italy and how they were found out: https://youtu.be/BwGsr3SzCZc
There are two numbers on the cellular network that matter: international mobile equipment identifier (IMEI). This identifies the cellular radio in question, usually the phone but a dual SIM phone will have one for each slot.
The second is the international mobile subscriber identifier, IMSI. This is the identifier the SIM sends to ask the network for functionality.
Even without a sim installed, the phone may transmit and will transmit its IMEI when doing so. This is so that cell towers can talk back to the device (a bit like ssids in WiFi networks). As mentioned in other replies to you you can often dial emergency numbers and your calls are routed. To do that you need to know which device is calling.
So yes you can track individual phones. You can also tell when a phone has changed SIM or a SIM has changed phone and so on. No idea if networks do this, but the data is there.
All GSM phones have at least one of these (multi-SIM devices have multiple), they uniquely identify devices with SIMs and are held in databases shared intentionally amongst many nations for blacklisting and such.
If a phone is reported stolen in the UK and reported, it's IMEI can be added to this list and the device becomes useless in participating countries, say for example, Spain, or Germany or the US.
My point is, it's a globally unique identifier; tempering with, modifying or cloning them is illegal in some countries.
The SIM itself is almost irrelevant, but, with the information mobile providers hold, it's trivial to link a SIM account, a device identifier and a person (particular given some countries require ID by law to obtain a SIM).
Furthermore, being criminalized in some countries has caused discussion of how to change IMEIs to be censored in technical forums everywhere. The obvious draw is stolen phones, so nobody wants to touch the topic with a ten foot pole, despite its straightforward relevance to privacy.
That attitude reflects the dead ends I've experienced when looking around for how to change IMEIs for various phone models I was interested in. Also note all the disclaimers in the thread you linked.
Maybe recent phones are still so straightforward with QPST that any time the question is actually asked it's bound to get flooded with crap? It certainly doesn't feel that way. Eventually I'll get around to setting up another Windows VM and seeing what modern QPST can actually do.
Will removing the battery but leaving the SIM card in be enough, though? It seems surprising that the phone would be able to send a signal without the battery for very long
"airplane mode means no transmission. The phone can still receive and might be remotely activated by a so-called silent text."
I don't think that's workable.
Remember, the phone is not a walkie-talkie - it's a node on a cellular network and has to participate on that network to be addressable and receive messages.
This means it is answering status requests, sending ACKs, etc. In order to receive a text, the phone has to be sending TX outward.
Is it possible that there could be a phone network built to send RX only transmissions to network nodes (handsets) that were otherwise silent ? Sure - but I don't believe any of the GSM/3G/LTE specs define any such behavior.
In short, if your phone is truly in an RX mode, I don't think it can receive a SMS - or participate on the cellular network in any way.
Back when I worked with LTE (now 4G) there was no such thing in the S1AP protocol at least.
Me, and a colleague, where actually the first to get a paging through from network to a UE in LTE. Sure, it was a test UE the size of a small refrigerator, and the network was a simulated network. But still. All layers involved.
The paging, at the time, was the only way for the network to silently contact the UE, and that message didn’t contain any information. It was basically just a: “Hello IMEI X, are you here?”
Airplane mode means no radio. Handsets will not transmit anything, and thus obviously will not attempt to connect to a network, in airplane mode.
The article is largely fear mongering, though. The way the system is designed means that the location of every connected device is known at least at cell level. If that wasn't the case you could not be called!
Edit: by law they have have to keep location data, though I'm not sure to what extent.
The author of this article does not seem to know the topic but makes sweeping, borderline conspiratist, claims...
Oddly it turns out that these days airplane mode doesn mean turn off all RF transmissions. e.g. it can mean "configure for use in an aircraft under fcc jurisdiction" which means turn off cell radio but keep Wifi on.
Apparently Apple phones will silently phone home an SMS as an iMessage heartbeat when you turned off data.
I bought a SIM card in France, loaded 10 EUR for a 9,95 plan. But my balance declined to 9,85 despite having data turned off and not making any calls/SMSs.
There was no record in Messages, but my provider showed me sending a text.
Ugh. Another 5 EUR added just to buy the 9,95 plan.
> Apparently Apple phones will silently phone home an SMS as an iMessage heartbeat
I recently traveled abroad and bought a local SIM card, and when I first activated it I got a dialog asking if I approved of it sending the iMessage activation SMS. It wasn't silent.
Seems new. I still dunno why Apple made it such a secret.
Drove me bonkers when my carrier claimed I sent an SMS but my phone showed I had not.
Edit: others reported that there’s a message that said “Your Carrier May charge for SMS messages used to activate iMessage” that would still send even if you hit “Cancel”.
Seems like a lot of providers don’t charge for this SMS, but for those that do, it can be a costly int’l SMS.
It is possible for a handset to attach to a network without a SIM card for the purposes of making an emergency call. Please don't think removing or swapping your SIM card stops tracking.
I've yet to see 2G or 3G phones try and talk to a local network in aeroplane mode (though you shouldn't believe me). I did see some oddness years ago when testing an early and proprietary LTE handset, but I'm not sure I'd believe that either.