When a mobile phone is off, what does it continue to do?

Factual Questions
1

I’ve always laughed at the silly people in movies and TV shows who stomp on and destroy their phones to keep from being traced by the bad guys. I always figured that simply turning it off was sufficient.

However, I was watching a newsy show (20/20 perhaps) and the detective being interviewed said that the perpetrators were unusually clever to remove the battery from a phone, rather than just to turn it off, so the authorities couldn’t determine the phone’s whereabouts. (Later they were silly enough to send a mobile photo, which includes GPS info. Oops! Maybe not so smart!)

Is this correct? Can a phone be traced when it’s off? How about when it’s in airplane mode? (Isn’t turning it off at least as good or better than airplane mode regarding any transmission or reception? Note that reception always causes transmission, so even AM radios were not permitted to be on during takeoff/landing.)

Now, I do know that even when “off”, a phone may still be using some juice, often to detect a button push. But is it doing any more than that? I would have guessed not, but if the detective mentioned above is correct, I’m wrong. And I’d expect him to know.

How about removing the SIM card? Would that make one untraceable? Or does the phone still have an ID that could be tracked with a warrant?

Thanks!

2

What do you mean by “off?”

When you press the on/off button on a smart phone, it doesn’t turn off - how could it, and still receive calls? On the iPhone, if you hold the button down, and then follow the prompt on the screen to turn if OFF, it’s OFF! It might as well be a brick for all the network cares.

3

When my phone is totally off… it does still deplete battery(quite a lot actually). I lose about %4 charge every day. My phone certainly is doing a lot more than just keeping a clock running. Whether that involves communicating with the cell tower/gps I can’t say.

4

Even Powering Down A Cell Phone Can’t Keep The NSA From Tracking Its Location

5

Self discharge rate of many rechargeable batteries is not that far off 4% a day - so a lot of the consumption is likely there rather in powering electronics. That said, any device with a soft power button requires some basic operation of the device to continue. Phones contain a number of processors, and the power management chip alone can be smart enough to watch the power button, as well as manage the rest of the phone. The main processing systems will be powered down, as will the RF systems (of which a smartphone has many.)

One suspects that the smartness of the criminals in the OP was not so much that the battery was removed, but that they recognised the need to ensure that the phone was not in some partly active mode, and removing the battery was a clear - if extreme - way of doing this.

6

That may simply be the battery discharging. It’s not like an alkaline battery that will hold its charge for 10 years, Li-Ions will discharge over much quicker timespans.

7

Only if they’ve managed to put spyware on your phone. Without that you can’t track a phone that is turned off.

8

Does it happen? We don’t know. Could it? Easily.

The criminals don’t sound particularly smart, just a bit panicky.

There is this not-very-informative Slate article about trojans installed on Middle-Eastern Blackberries:

It talks about phone-home code remotely installed (delivered as a “performance-enhancing update”):

But that code runs on the Blackberry’s native OS, through its Java VM. It was draining the battery even with the phone on, meaning it incurred a significant battery overhead, so it’s unlikely that code alone would do what the Slate article implied, i.e. continue to function once the phone was turned off. That kind of program is too power-inefficient to leave on as a continuous standby-mode backdoor.

Nonetheless, it is conceivable that a software, firmware, or hardware patch could cause phones to continue pinging their base towers when switched off. As mentioned above, the “off” switch isn’t really a physical circuit disconnect, but an electronic button that tells some lower-level programming to enter an extremely low power standby mode – the same way your TV continues to use a little bit of power to watch out for the “ON” signal from your remote control.

If they were smart, they would just turn on the GPS chip every hour or two, log its location, and then go quiet again and not transmit anything until the phone was turned on normally. This wouldn’t be real-time tracking – there’s probably no way to do that without significantly affecting the battery life, if consumer cellular GPS trackers are any guide – but it would leave a trace of where the phone was even when switched “off”, to be transmitted once the phone switched back on. It would tell you the locations people were trying to hide, which could be useful even if it was a few hours late.

Do they do this? Nobody knows, or at least nobody has publicly proven it. Every cell phone company will deny it if asked because it would kill trust in their products, but all it takes to silence them and force compliance is a sternly-worded letter.

Ask yourself: Do you trust humongous, anonymous cell phone chip companies to fight for your privacy against the security agencies of the USA and the world? Do you think some group of engineers would willingly face prison time or worse to protect the few supposed enemies of the state that this kind of functionality would be used on? These days, the baseline for paranoia has shifted from “Are they watching us?” (yes) to “Do they care what I say?” (most of the time, still no).

9

And to address these two points: Technologically, cell phones can already be used on planes. Airplane mode is a safety precaution, not a technological barrier. It can easily be ignored. Again, it’s just a software switch, not anything actually disconnecting the radios. That’s why you can individually switch back on certain radios after enabling airplane mode.

The SIM card includes subscriber info, but the phone itself has other uniquely-identifiable parts. At the very least, every smartphone has a WiFi chip with a unique MAC address that can be discovered. They probably also have serial numbers that cell phone companies can track. And anybody who installs tracking software can also generate unique identifiers based on metadata, such as a hash of the phone’s flash memory + its hardware configuration.

10

When I turn my phone on after it has been off, it takes a minute or so to pick up the time and cannot if I am in a dead zone. So I think that when it’s off, it really is off. Of course, it is a pretty simple phone–no photos, no texting, no email, just a phone.

11

All modern mobile phones have an IMEI - International Mobile Equipment Identity- code. This is a unique code that is used during the setup protocol with base stations - and so is already available as a means of tracking the physical phone, and not just the SIM. It is useful in that it is what allows a stolen phone to be blacklisted.

However, nowadays, all the identity numbers, including WiFi and Bluetooth Mac addresses, are soft, and are loaded into the respective devices at boot time. They are kept on a non-writable piece of non-volatile memory. It is technically possible, if very difficult, to change these numbers.

12

CDMA only devices have an MEID instead of an IMEI. But it’s basically the same idea.
It’s not the latest technology, but they are still produced, so they’re kind of modern.

Networks can use these unique IDs to track a device if it is powered on.

To answer the powered-off question. All the devices I worked on absolutely were not traceable when actually turned off. One of my jobs was to measure current draw of the phones. If they were waking up, transmitting, or doing anything other than keeping a very low resolution clock running, I’d have seen it in the current draw profile. At least those devices were off, for all user purposes.

13

I’ll repeat what the others have said (to reinforce the learning experience).

“OFF” as we understand it on a phone is simply standby, putting the screen and computer activity of the smartphone to “sleep”. The radio continues to run, the phone continues to wait for incoming calls. A running phone radio basically pings the local tower every few seconds to say “I’m here”. If you move, it may receive a reply ping from a tower saying “I’m closer” and switch to that tower. (For an iPhone, off means simply pushing the top button). BTW, a text message is inserted into the otherwise blank characters in the end portion of the ping packets - hence the 144-char limit, and note then a text message basically costs nothing for the phone company to send.

If you power down your phone, it is no longer running. Everything is turned off. the radios are off, it cannot receive incoming calls. For the iPhone, it involves “power off” function - hold the top button in until the "slide to power off message appears, then… slide to power off. At this point the phone is effectively dead and the NSA cannot track you with it, alarmist articles to the contrary. You can also achieve this result by letting the battery drain.

I have an old iPhone 3GS and an iPhone 4 - in “off” or standby, they will work for a few days depending on cell strength, before the battery is dead. Powered off, they still have decent battery life (50%?) after two or three months.

A phone has several unique identifying numbers - if I go to my iPhone’s Settings - General - About, there is a serial number, a Wifi (MAC) Ethernet address, a Bluetooth MAC address, an IMEI number, and an ICCID. Plus, your SIM card also has the phone number you acquired, and its own identifying information. All these are accessible by software running on the phone, and I assume to some extent they could be picked up by the phone company. A wifi or Bluetooth device in an interesting location might pick up all the phones wandering by.

Putting your phone in aircraft mode turns off the radios - in software. You have to trust that the NSA or CIA does not have the means to push an app onto your phone to bypass that.

So yes, taking out the battery or powering down your smartphone will make it untraceable - until you turn it on again. However, smashing it is far more dramatic for the movies - provided, of course, you break it well enough to disconnect the phone function. It is entirely possible to break the case and still have an intact battery attached to an intact enough circuit board…

14

I’m surprised people consider the state where screen is turned off but it still receives calls as “off”. It’s just the display that’s off. It’s no more “off” than your PC is when you turn off the monitor.

15

I’ve never heard it called like that, either. But I have heard users say lots of things that don’t make technical sense, so I’m certainly willing to believe that some do this.

16

I am totally baffled - is there anyone here actually saying that a phone is to be considered ‘off’ when the screen isn’t on and its in its typical standby mode waiting for a call or action by the user?

I know its a big world full of technological incompetents, but honestly? I guess I am a pedant.

17

Thanks, folks. I should have been clearer and said “fully powered down” to eliminate any confusion.

FluffyBob – just last week someone didn’t understand the difference, here on an SMDB thread. So, yes, there are people like that.

To folks who replied about the IMEE etc., yeah, I figured that had to be the case. My guess is if you pulled your SIM before anyone thought to track you, it might be hard for them to get it, but you’re better off just powering down.

And yeah, I can imagine it wouldn’t be hard to change the software in a phone to allow it to power up various subsystems and use them when the user thinks it’s powered down. My guess is that for most of us, our phones have not been hacked this way, and the cop in the TV show I mentioned didn’t care about the distinction, and possibly didn’t care whether it was battery-removed or just powered down. In any case, thanks for the links about the cracking of Blackberry phones for this purpose.

It’s a real PITA to get the battery out of a lot of phones, including iPhones and my Motorola RAZR M. I’ve had the battery out, trying to fix it after having dropped it in a fountain. No luck – it still works, but very short battery life, and I didn’t find the usual traces of salts to clean up that usually fixes this kind of thing.

18

On television shows (and we all know how realistic those are, especially when talking about technology):

When the bad guys want to make sure their prisoners can’t be tracked, they remove the batteries from their phones.

When the good guys want to track somebody, sometimes they are able to remotely get a phone to “turn itself back on”. That is, send wireless commands to a phone that has been “switched off” so it won’t receive calls or report its gps location, and get it to start trying to connect to the network. But often, on the same shows, they can’t. Perhaps it only works with certain phones.

It wouldn’t surprise me if that were actually possible, but … a lot of the tech stuff on tv shows is entirely fictional, and that could well be an example.

But it is at least theoretically possible. (By which I mean that, since every cell phone I’ve seen uses a button rather than a physical switch, one could design into a phone a means to make it “wake up” in response to something other than a press of that button. This leaves open the question of whether anyone has actually done so.)

19

It is entirely possible, if you install spyware on some models of phone. But an unaltered phone doesn’t have that capability.

20

If you’re still concerned at this pointthen buy one of these. End of thread.