Interesting question

Can Your Android Phone Be Tracked When It’s Turned Off?

As technology advances, debates continue to arise over geographical tracking. Today, cell service providers, internet service providers, and other parties can track your location through your devices, including your smartphone.

But if you have an Android phone, what happens when it’s turned off? Can your location still be tracked?

I wrote a significate portion of the code used for “Location Services” on Windows Phone 7. I understand as much as almost anyone on obtaining location information from the phone side of things. Obtaining location from the carrier side is different, but I can make some intelligent speculation about that.

The basics of what I read in the article above is true:

When you turn your phone off, you’re temporarily deactivating all of its functions, including wireless communication. By cutting this off, your phone cannot be tracked via cell tower triangulation or GPS. The only location that can be discerned using these methods is that which was last shown before the device was turned off.

So, the general answer is no, your phone cannot be tracked when switched off.

They go on to say:

But this has been called into question numerous times.

There have been talks of certain authorities still being able to track your phone when turned off. For example, various reports have come out over the years claiming that the NSA (National Security Agency) can track a turned-off device. For example, Slate published a piece in 2013 discussing the NSA’s alleged tracking of phones, as briefly mentioned in a Washington Post story.

In the same piece, Slate mentioned that in 2006, it was reported that the FBI had “deployed spyware to infect suspects’ mobile phones and record data even when they were turned off”. A CNET post was referred to here as the source. It is not known if the NSA is truly capable of tracking phones while turned off, but the reports mentioned seem to indicate that this is the case to some extent.

From the referenced Washington Post article:

By September 2004, a new NSA technique enabled the agency to find cellphones even when they were turned off. JSOC troops called this “The Find,” and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit.

This is a very interesting claim.

It was in about 2010 through 2011 I was writing the location services code for Windows Phone 7. Had I read the Washington Post article from a half dozen years earlier I would have given it something like a 25% chance of being correct. That assessment would have been unchanged today except for another data point.

I recently I talked to someone who told me, “I know for a fact that GCHQ can track phones even if they are turned off.” This was not someone who received their electrical engineering degree out of a tin-foil hat. It was someone who I have a lot of respect for as an electrical engineer.

That conversation and the article above which I stumbled across has caused me to reevaluate my position on this claim. I have given the problem some thought. With the right equipment, I can imagine some plausible ways this might be possible.

Here are some hints:

  • The power button is not a mechanical power switch. It is similar to other mechanical buttons on the phone. There is at least some portion of the electronics “alive” enough to recognize the switch has been pressed.
  • Your credit cards, smart car keys, passport, shoplifted merchandise, automatic road toll cards, and company ID badges can all be identified at varying distances.

Plan appropriately.


10 thoughts on “Interesting question

  1. That is why I tell people who are paranoid of things like IoT devices that they are overlooking things like their cell phone.
    For that reason, I have Faraday bags in each of my vehicles and in my home. I also have a mechanical switch that I can use that instantly shuts off all Internet and Cable to my house. I call it a “privacy switch.”

    • It is not a challenge to figure out where your IoT devices are-in your home or car. The problem with them is not tracking but hacking to eavesdrop or take control of something. Simplest fix is don’t have them. Some of us old farts remember how to use a light switch. Cars are actually a bigger problem because of all the electronic crap built into them.
      As for phones, it is faraday bags for the win. Still working on the protocols as to whether to use them all the time or only when I am engaged in some legal activity that may be outlawed in the future.
      RFID shielding on wallets may provide some protection but I have not seen any reports on that.

  2. I think the easiest way to do it would be a malware app that hijacks the on/off button to MIMIC the off condition: blacked out screen, rejects user inputs, until the user turrns the phone back “on.”

    That’s one reason I refused to get a smart phone until quite recently, as all I could find have integral batteries that can’t be casually removed (as I would do with my older phones).

    And I rarely carry my phone with me anyway, except when I’m expecting a specific need to use it. It mostly stays at home. Anyone calling me unexpectedly can leave a message, just like the good old days.

  3. The “never really off” because of a software rather than a hardware switch is an easy one.
    But it also depends on how actively they are trying. If you look into the history of radar, and radar-detection, jamming, and radar-detector-detectors, etc., they did some amazing things even way back in WWII. Anything electron that is not entire powered down or properly shielded will change a radio signal in some way. If they are really looking for an anomaly, they are mostly likely able to find it. These days, anyone NOT carrying a smart-phone I’d imagine they automatically put on the “suspicious activity” list.

    • All a reflection off a turned-off device will tell you is that there is a transmitter/receiver device in the area. It’s probably possible to build a library of signal signatures and identify the model of the turned-off device, but it’s not going to be unique to an individual cell-phone. To identify the individual, it has to transmit the ID code, and it has to be _on_ to do that.

      If you are the only one with a key to a room that carries a particular model of cell-phone, it would be possible to design a device that tells that you were in that room with your phone turned off, assuming no one breaks in. I cannot think of a reason to buy that device – even if someone designed it and placed it in mass production.

      OTOH, if they can install malware that intercepts the software off button and fakes turning off, they could be monitoring everywhere you take that phone and the only sign you’ll see is the battery goes down while it’s “off”.

      It’s also possible that your phone was designed for remote turn-on via a wireless signal. I can’t imagine why they’d do that, but if you want to be paranoid, maybe there’s a top secret government requirement… All the circuits I know that do this require a trickle of power from the battery to keep the switch circuit alive, but one of my friends in grade school 60 years ago played with a receiver that was powered by the AM radio broadcast signal – a crystal radio. Imagine a top-secret government requirement to build that into each cell-phone!

      It’s possible, but I can’t see getting it manufactured without the factory engineers noticing that there’s something extra on the circuit board, and eventually the secret would leak.

  4. “Short” press or “long” press of the power button to turn off the device? Makes a difference.

    I have an Amazon Fire tablet I keep in the library to use when I’m on the throne. I normally just press the power button on it when done (short press).

    I was on my router’s management page and noticed three wireless devices connected. Hmmmm goes me…. I’ve got a laptop turned on and a DirecTV receiver using wireless, what’s this third device only named * ?

    To make a short story even longer, I checked every device in my house and finally discovered it was the Amazon Fire tablet which I had turned “off” with the power button (short press). As an experiment, to power it off, I held down the power button until a menu popped up with a “power off device” option which I pressed. The anomalous * device disappeared from my router’s wireless connected devices.

    Just because you think a device is off doesn’t make it so. With a soft power button like on a cell phone, you have no idea what is still running in the background after you’ve “turned off” your device.

    • I think of the “short press” as a “screen off” or “sleep”, and the “long press” as a “” (as much as the power can BE turned off).

      I’ve had to check my router’s connected devices and been surprised how many there really are at any given time. All the family’s phones, laptops, tablets, media players, and game consoles … plus those of any friends or extended family who are over … plus a printer and a couple other IoT convenience items we’ve allowed (not many — zero Alexa or Nest devices). It all adds up; we rarely have fewer than a dozen devices connected.

      I’ve found Amazon Fire devices, especially, are kind of creepy. First, they don’t always indicate they’re on and connected; unlike most phones, if the battery dies and you plug it in, it won’t just charge while “off” — it powers itself fully on once it’s above about 3% charge. Second, even while “off”, unless the battery is discharged, they will still periodically “check in” with the router and be visible for a moment, then disconnect again (read: unless the battery is dead, they’re never fully off).

      Finally, computers and phones will usually identify themselves to the router: computers will transmit their host name; iPhones will ID themselves as iPhones; Android phones, depending on make/model, will either show their host name (which might default to their model number), or at least say “Android phone” or “Android tablet”. Fire tablets in my experience don’t do this; they usually display their MAC address, with no indication what type of device they are. I only recognize our Fire tablets because I’ve specifically named them in router settings, but that’s on the router end, not the tablet.

      Any one of those behaviors by itself would be a quirk, but all together, as I said, it’s kind of creepy.

  5. We’ve experimented with “Wake on LAN” on computers at work.

    The gist: A network-connected computer is powered off. It’s “off enough” that it won’t respond to normal pings, but the NIC (Network Interface Card) is “on enough” to listen for a specific command, upon which the NIC will trigger the normal boot up sequence.

    I could absolutely see this with cell phones. As long as the battery has power, the wireless NIC-equivalent chip is “on enough” to wake up the phone even when powered off. I could even see it being sophisticated enough for a “partial wake-up” that activates some systems — say, location services (to track you), the microphone (to listen to you), or Bluetooth/wifi (to see who else is near you) — while still appearing to be powered off.

    The solution would be to either remove the battery (the phone would need power to receive and act on a wake-up ping) and/or block the network signal. Increasingly, modern smartphones contain internal, non-user-serviceable batteries, so the latter is your second-best bet.

    Your best bet is to simply not have your phone with you when you go anywhere or do anything to which someone, now or in the future, might take offense.

  6. So Joe should we hold it against you for our location. ha ha just kidding

Comments are closed.