A host of standard mobile connections and radio frequencies can be used to identify you through your IP and router, even on any encrypted/privacy/security/degoogled phone.
I’ve listed below some of the most common methods advertisers and others use to identify an encrypted phone user and how to mitigate it.
Keep in mind most modern phones are a treasure store of highly personal and valuable data, and it’s almost impossible for anyone to prevent all mobile tracking and still have a device that doesn’t functionally resemble an expensive paperweight. We can however, reduce the leaking of our personal data with some simple changes and a little understanding of what this device we carry with us 24/7 can do.
- Use the tor network to avoid leaking your unique IP to the router, and its IP to the network provider and websites visited. Tor browser is available for mobile on the Aurora Store and the Orbot app lets you run any app over the Tor network.
- Disable WiFi scanning in the settings, and disable WiFi When not near a trusted network.
- Graphene or Calyx privacy respecting mobile operating systems aren’t leaking connection or ID data directly from your phone to the big Goog, but with an insecure WiFi connection some personal info slips through via aggregated data sharing from your network provider (the company you purchase internet access from). They can then use or disclose that data as they like.
GPS is one of the most reliable forms of location tracking. Airplane mode does not stop GPS tracking. When you’re back online your full location history will be exchanged with any app you have granted location permission to.
Change the in-app permissions of your GPS app (such as Magic Earth) to ‘Allow only while using’ or ‘Ask every time’. Ensure all other apps are denied GPS permissions. Fortunately with your degoogled phone, you have the control over app permissions to actually do this.
Although standard android and IOS provide some of these permissions the operating systems are closed source so you cannot be assured that that they are performing as claimed, and there are plenty of examples of apps, Apple & Google ‘misleading users’ concerning location and other personal data being captured even when users opted out of tracking.
Open Source vs Closed Source
The open source nature of Graphene, Calyx and /e/ means if there is a bug with permissions management and some data is still being leaked, the security community will quickly become aware and Graphene/Calyx will be forced to issue an update or risk losing users. Anyone can audit open source software, so if it contains errors they are plain as day to a large number of programmers the world over. It only takes one of them to report it for the development team to begin fixing it. Closed source software like Android, IOS, Microsoft etc. have comparatively less minds to audit their code, meaning bugs can and do often go unnoticed for years, all the while being capable of exploitation by nefarious actors.
Cell Tower Triangulation
Location & other metadata is stored on each tower that your phone connects to and on your phone. Other towers connect and determine your approximate location based on signal strength. This is a privacy catch-22, as your phone relies on this service for basic functionality like calls and sms.
The only (inconvenient) options are to turn on airplane mode or to remove the sim when you don’t wish to be tracked this way. The amount of entities with this data (particularly advertisers) is significantly reduced with GrapheneOS/CalyxOS.
Since Bluetooth 5.1 it can determine your phones location down to the cm! Turn it off when not in use, keep it off when out and disable Bluetooth scanning.
Zero Permission Acoustic Cross-Device Tracking
Any other network connected device in close proximity to yours is a potential privacy threat. High frequency sounds can be emitted by many modern devices like TV, radio or any broadcast ‘beacon’ and automatically picked up to be stored, profiled and sent out by any app on your mobile device through the always-listening microphone in a process known as ultrasonic/acoustic cross-device tracking. It almost sounds dystopian, but with the right app permissions it’s quite simple and common for data analytics companies to do, all without the users knowledge or permission.
Bonus Tips, Apps and Equipment
A Faraday sleeve for your phone will prevent electromagnetic frequency (EF) waves from being transmitted such as cell tower connection, WiFi, Bluetooth etc. This is an extreme measure but it will effectively prevent all EF connections and any data being collected. Turn your phone on airplane mode before placing it in the sleeve to prevent battery drain caused by the device constantly searching for a signal. Here’s a list of some other privacy friendly apps.
Element is a great app that uses the end to end encrypted & the decentralised open source matrix protocol. Unlike Signal, your messages aren’t sent through a proprietary central server, and no phone number is required for setup. Only you and the recipient have the messages. It does require an email address to create an account. It drops out if the network changes (for security) but is usually as stable as the network being used once connected.
The above should help reduce privacy infringements on your encrypted privacy phone and make your data and mind less profitable to those who want to exploit it.