Is your phone being tracked? How to tackle mobile device privacy and security risks

For most of us, the primary gateway to our digital world is our smartphone. That makes it an attractive target for cybercriminals, government snoopers, advertisers and even jealous partners. This represents a potentially serious security and privacy risk.

We carry our smartphone around at all times, so if someone knows where it is, they know where we are.  That’s not to mention all the personal and financial data we store and access on these devices; including log-ins to all of our online accounts. No one wants these to fall into the wrong hands.

There’s also a privacy risk from the large volumes of location and web browsing data that advertisers, social media companies and others collect via our devices. As the US government warned in 2022: “Businesses collect, use, and sell consumer data. But consumers may be unaware of how it's being collected and used and generally aren't able to stop its collection or verify its accuracy.”

By better understanding these risks, you can take steps to start minimizing them.

The Main Ways Your Phone is Tracked 

Perhaps the most obvious way your phone could be tracked is via GPS. Many applications use this feature to monitor your location—ostensibly to improve the service they deliver. But what’s appropriate for a maps app may seem like overreach for, say, a game. Malicious or suspicious apps could abuse this feature to track your movements. Also, legitimate app developers could be breached, compromising historic location data.

However, even if you switch location services off on your iOS/Android device, there are ways for third parties to track you. These include:

Spyware and Malware

Malicious software installed on your device designed to monitor activities, including location tracking, is generally referred to as “spyware”. It exploits device vulnerabilities to function and is designed to operate covertly. Spyware could do anything from keylogging and stealing browsing info to recording audio and video, and taking screenshots. It could be unwittingly installed via clicking on a phishing link, visiting an infected web page (i.e. a drive by download), clicking on a malicious ad, or downloading a malicious app.

Cell Tower Triangulation

Your mobile operator will also be able to track your approximate location by analyzing your phone’s signal strength, as received by nearby cell towers. This data could theoretically be handed to law enforcement or government agencies.

Stingrays

Also known as “IMSI Catchers,” these mobile devices imitate cell towers and allow sophisticated threat actors and government agents to track the location and other data from nearby phones.

Wi-Fi and Bluetooth Tracking

Smartphones are constantly communicating with nearby Wi-Fi networks and Bluetooth devices. Some of these may be malicious and, if you connect, will seek to track your location and spy on your device. The risk is particularly acute in built-up urban areas with a large volume of overlapping networks and nearby devices. “Legitimate” tracking by retail stores and the like is mitigated by mobile operating systems, which use randomized MAC address to hide your unique device serial number. But as EFF warns, there are exceptions.

Web tracking 

Visit any website on your phone and you’ll be tracked by the operator of that site (first-party tracking) as well as potentially shady third parties. They do so mainly via your IP address, HTTP cookies, web beacons and Canvas, as well as browser fingerprinting, and may want to know all about your internet activity.

Physical phone trackers

Physical trackers like Apple AirTag, Tile or Samsung SmartTag use Bluetooth and ultra-wideband (UWB) technology to track devices and display their location in apps such as Apple’s Find My or Samsung’s SmartThings Find. They could theoretically be used by abusive or controlling partners to discreetly monitor your movements, if slipped into a bag or pocket.

Signs Your Phone Is Being Tracked

Watch out for these warning signs that you’re under active surveillance:

Unusual Battery Drain

If your phone's battery is running down quicker than usual, it could indicate spyware or risky apps running continuously in the background. There’s guidance on how to check for iOS and Android.

High Data Usage

Excessive and/or unexpected spikes in data consumption may indicate that some malware or unknown application is continually sending your location data to a third party. You can check for this on Android and iOS devices.

Overheating

Mobile phones do get warm through overuse. But a persistently overheating device, even when not in use, could indicate unauthorized background activity.

Unfamiliar Apps

Tracking apps and/or spyware may disguise themselves as legitimate applications. It pays to take a look at your home screen once in a while to check if something doesn’t look right.

Strange Messages, Notifications and Symbols

If your device receives unusual SMS messages containing symbols or unfamiliar numbers, it could be that spyware is attempting to communicate with a third party. It’s also worth checking to see if the camera or mic on your Android or iPhone device has been activated by an app/spyware.

Unusual Devices

Look out for the presence of anything unusual in coat pockets or bag compartments. These small, slim physical trackers come in a variety of shapes and sizes. 

How to Block Phone Tracking 

The good news is that by taking a few simple steps, you can proactively head off any privacy and security concerns around device tracking. They include: 

Reviewing App Permissions

Take time to regularly review the permissions you grant to your apps, especially those accessing location services. Revoke any that seem unnecessary, and vet new apps with more rigor.

Installing Trusted Security Software

Deploy antivirus/anti-malware software from a reputable security vendor to detect and remove potential threats, and ensure any future downloads are scanned and secure.

Avoiding Public Wi-Fi 

If possible, don’t log on to public Wi-Fi networks as they may not be secured, making it easier for hackers to eavesdrop on your device. Some may even be lookalike hotspots that are actually malicious. If you must use them, be sure to download a virtual private network (VPN) first.

GET ESET HOME SECURITY ULTIMATE

Keeping Your Device Updated

Ensure your device OS and any applications installed are up to date with the latest patches. This means they’re optimized for use and any known vulnerabilities have been fixed.

Staying Clear of Phishing Attempts

Be cautious of replying to any unsolicited emails, texts or social media messages. Never click through or open attachments in these, as they could contain malware.

Securing authentication 

Use multi-factor authentication (MFA) alongside strong, unique passwords (ideally stored in a password manager) for all applications, and secure the device with a PIN code or password.

Downloading From Trusted Stores

Malware thrives in third-party app stores. So be sure only to install from the official Google Play/App Store marketplaces, and always check the reputation/reviews of a new app before downloading. Be aware of fraudulent websites pretending to be legitimate app stores.

What to Do If You Suspect Tracking

In a worst-case scenario, there are still a few steps you can take to minimize risk. Consider the following:

Perform a Factory Reset

This will remove most malware, including spyware variants. But be sure to back up any critical data beforehand.

Consult the Experts

Call your device manufacturer customer support if the issue persists. 

Report to the Authorities

Unauthorized tracking is illegal in many jurisdictions. Reporting these incidents can help prevent further abuse and put you in touch with someone who could help with next steps.

ESET Tips and Insights

“In today’s digital world, true anonymity is rare. Devices, browsers, social media and apps collect trackable information. However, your phone typically isn’t “listening” to every word—metadata from your online behavior alone creates a detailed profile that often reveals more than your private conversations. And even your family and friends’ data helps shape ads. For instance, you are shown lawn mower ads because your father is searching for one and you might consider it as a gift; while you talked about it, no eavesdropping was needed to craft and target the ad. It just means that modern tracking extends beyond a single device, reflecting the entire digital network around us.

While mobile devices are generally secure, user behavior remains an important factor in limiting tracking risks. Practicing basic cyber hygiene helps avoid the common pitfalls, but scheduling an automated restart every week or even every day can help remove hidden malicious code installed without user’s knowledge. High-risk individuals — potentially targeted by commercial spyware such as Pegasus or Predator — may benefit from iOS Lockdown Mode or Graphene OS on Android. Alternatively, they can leave all internet-enabled devices in secure storage during sensitive meetings. If doing so, they should always inform someone of their whereabouts.” 

 - Ondrej Kubovič, Security Awareness Specialist

To get back on the front foot against covert mobile phone trackers, try this option:

ESET Mobile Security offers award-winning protection against various threats including viruses, ransomware, phishing, smishing and spyware.

try ESET mobile SECURITY for android

Frequently Asked Questions

1. How can someone track my phone without using GPS?

Even with GPS turned off, your phone can still be tracked through methods like spyware, cell tower triangulation, IMSI catchers (Stingrays), Wi-Fi/Bluetooth tracking, and web tracking using IP addresses and browser fingerprinting.

2. What are signs that my phone might be secretly tracked?

Watch for unusual battery drain, high data usage, overheating, unfamiliar apps, strange messages or symbols, and unknown physical trackers like AirTags slipped into your belongings.

3. How can I reduce the risk of my phone being tracked or compromised?

You can reduce risk by reviewing app permissions, avoiding public Wi-Fi, keeping your device updated, using trusted security software, downloading apps only from official stores, and practicing good cyber hygiene.

4. What should I do if I suspect my phone is being tracked?

Start with a factory reset (after backing up important data), contact your device’s support team, and report any suspected illegal tracking to authorities for further help and investigation.