Mobile Phones: Malware
Malware anchor link
Phones can get viruses and other kinds of malware (malicious software), either because the user was tricked into installing malicious software, or because someone was able to hack into the device using a security flaw in the existing device software. As with other kinds of computing devices, the malicious software can then spy on the device's user.
For example, malicious software on a mobile phone could read private data on the device (like stored text messages or photos). Malware can normally accomplish this by exploiting a security flaw, such as an outdated phone operating system. It could also activate the device's sensors (such as microphone, camera, GPS) to find where the phone is or to monitor the environment, some malware is capable of turning the phone into a remote listening or surveillance device by covertly turning on the camera or microphone. Malware can also be used to read the contents of encrypted messaging services such as Signal or Whatsapp when such messages are unencrypted on the phone for reading or writing.
For more info, check out How Do I Protect Myself Against Malware?
Governments themselves often forbid people, even government employees, from bringing personal cell phones into certain sensitive facilities—mainly based on the concern that the phones could be infected with software to make them record conversations.
As we discussed above, precautions based on powering off phones could be noticed by a mobile operator; for example, if ten people all travel to the same building and then all switch off their phones at the same time, the mobile operator, or somebody examining its records, might conclude that those people were all at the same meeting and that the participants regarded it as sensitive. This would be harder to detect if the participants had instead left their phones at home or at the office.
Pros and Cons of Turning Your Phone Off anchor link
There's a widespread concern that phones can be used to monitor people even when not actively being used to make a call. As a result, people having a sensitive conversation are sometimes told to turn their phones off entirely, or even to remove the batteries from their phones.
The recommendation to remove the battery seems to be focused mainly on the existence of malware that makes the phone appear to turn off upon request (finally showing only a blank screen), while really remaining powered on and able to monitor conversations or invisibly place or receive a call. Thus, users could be tricked into thinking they had successfully turned off their phones when they actually hadn't. Such malware does exist, at least for some devices, though we have little information about how well it works or how widely it has been used. Also, it is generally more difficult to remove batteries from smartphones due to the newer models that have a rear case and front screen that are hard to separate simply by hand (and may void the warranty).
Another method of blocking signals going to phones is using Faraday cages or bags. However, bags are more affordable and practical. These help block signals from reaching the phone while in the bag, even if the device is compromised. These signals include 2G, 3G, 4G, 5G, Bluetooth, WiFi, and GPS.
Burner Phones anchor link
Phones that are used temporarily and then discarded are often referred to as burner phones or burners. People who are trying to avoid government surveillance sometimes try to change phones (and phone numbers) frequently to make it more difficult to recognize their communications. They will need to use prepaid phones (not associated with a personal credit card or bank account) and ensure that the phones and SIM cards were not registered with their identity; in some countries these steps are straightforward, while in others there may be legal or practical obstacles to obtaining anonymous mobile phone service.
There are a number of limitations to this technique.
SIM Cards anchor link
First, merely swapping SIM cards or moving a SIM card from one device to another offers minimal protection, because the mobile network observes both the SIM card and device together. In other words, the network operator knows the history of which SIM cards have been used in which devices, and can track either individually or both together. Second, governments have been developing mobile location analysis techniques where location tracking can be used to generate leads or hypotheses about whether multiple devices actually belong to the same person. There are many ways this can be done. For example, an analyst could check whether two devices tended to move together, or whether, even if they were in use at different times, they tended to be carried in the same physical locations.
A note on eSIM (embedded SIM) technology, or software based SIM cards. This is an embedded component in the phone that gives a network provider the ability to remotely add or ‘provision’ SIM profiles Over the Air (OTA).
Tracking Patterns and Burner Phones anchor link
A further problem for the successful anonymous use of telephone services is that people's calling patterns tend to be extremely distinctive. For example, you might habitually call your family members and your work colleagues. Even though each of these people receive calls from a wide range of people, you're likely the only person in the world who commonly calls both of them from the same number. So even if you suddenly changed your number, if you then resumed the same patterns in the calls you made or received, it would be straightforward to determine which new number was yours. Remember that this inference isn't made based only on the fact that you called one particular number, but rather on the uniqueness of the combination of all the numbers that you called. (Indeed, The Intercept reported that a secret U.S. government system called PROTON does exactly this, using phone records to recognize people who placed phone calls in a “similar manner to a specific target” from new phone numbers.) An additional example can be found in the Hemisphere FOIA document. The document describes the Hemisphere database (a massive database of historical call records) and how the people who run it have a feature that can link burner phones by following the similarity of their call patterns. The document refers to burner phones as "dropped phones" because their user will "drop" one and start using another one—but the database analytics algorithms can draw the connection between one phone and another when this happens, so long as both were used to make or receive calls to similar sets of phone numbers.
Together, these facts mean that effective use of burner phones to hide from government surveillance requires, at a minimum: not reusing either SIM cards or devices; not carrying different devices together; not creating a physical association between the places where different devices are used; not using the burner phone as a long term solution; and not calling or being called by the same people when using different devices. (This isn't necessarily a complete list; for example, we haven't considered the risk of physical surveillance of the place where the phone was sold, or the places where it's used, or the possibility of software to recognize a particular person's voice as an automated method for determining who is speaking through a particular phone.)
Phone Analysis and Seized Phones anchor link
Forensic Analysis of Seized Phones anchor link
There is a well-developed specialty of forensic analysis of mobile devices. An expert analyst will connect a seized device to a special machine, which reads out data stored inside the device, including records of previous activity, phone calls, pictures, Whatsapp messages, location history, app data, and text messages. The forensic analysis may be able to recover records that the user couldn't normally see or access, such as deleted text messages, which can be undeleted. Forensic analysis can sometimes bypass passcode-protected screenlocks, especially on older phones.
There are many smartphone apps and software features that try to inhibit or prevent forensic analysis of certain data and records, or to encrypt data to make it unreadable to an analyst. In addition, there is remote wipe software, which allows the phone owner or someone designated by the owner to tell the phone to erase certain data on request. However, not all wiping mechanisms are the same and can be potentially prevented, especially if the designated party needs remote access to the phone in order to wipe it.
This software can be useful to protect against data being obtained if your phone is taken by criminals. However, please note that intentional destruction of evidence or obstruction of an investigation can be charged as a separate crime, often with very serious consequences. In some cases, this can be easier for the government to prove and allow for more substantial punishments than the alleged crime originally being investigated.
Computer Analysis of Patterns of Phone Use anchor link
Governments have also become interested in analyzing data about many users' phones by computer in order to find certain patterns automatically. These patterns could allow a government analyst to find cases in which people used their phones in an unusual way, such as taking particular privacy precautions.
A few examples of things that a government might try to figure out from data analysis: automatically figuring out whether people know each other; detecting when one person uses multiple phones, or switches phones; detecting when groups of people are traveling together or regularly meeting one another; detecting when groups of people use their phones in unusual or suspicious ways; identifying the confidential sources of a journalist.
These types of pattern-based analysis have become easier now that many people own a smartphone, and therefore have their pockets full of sensors and modules that communicate many types of data. Only each user can define their threat model, and we encourage users to assess their individual risks and the steps they can take to protect themselves.