​If you cannot convince them, confuse them. This is the basic for selling lies. And very basic for anonymous SIM card scam.

​There is no way to make a phone call from your cell phone without a SIM card, unless you are calling emergency numbers or you are using app voice calls via WIFI (as Skype or WhatsApp). But because scammers are trying to sell you a SIM that pretend to be "anonymous", that SIM might use a cell tower. Also, even when using data voice calls instead of regular voice calls, your phone will connect to nearest cell tower (data connection channels instead of voice channels). Unless using WIFI, there is no way to circumvent a cell tower if you want to communicate. A cell tower means mobile network, servers, SS7 vulnerabilities and exploits, IMSI Catchers, GSM Interceptors, location tracking and monitoring. Least but not last, mass surveillance.

​Are you a happy buyer of one of those Anonymous SIM cards? Are you sure that IMSI is protected and your SIM security is "hardened"? Well, time has come now for a small and quick test.

Most of people have no idea what IMSI is, and also no idea on how to get it from their own SIM card. Moreover, they have no idea what can be done when someone is getting IMSI from your SIM card. So let's start testing. No need for any technical skills, special knowledge or payments.

​Anonymous SIM card vendors pretend that card security is "hardened" and IMSI is not revealed to interception systems due to some security tricks.
Whether you have a classy Android or swanky iPhone, you can test your new bought "anonymous" SIM card, right now. Just go to Google Play or App Store and install any app that shows your SIM card info. Example: Whats My IMSI.
On iPhone is even simple: go to Settings menu and from there you pick "Mobile Data". Choose "SIM Applications" and that's pretty much you have to do.

Got your IMSI now? Good. Now you can throw away your "anonymous" SIM. And have a look on your window: your "protected" calls might actually "call" the police straight in front of your gaff.

The IMSI you can see is being used by your phone when connecting to any cell tower, in order to make/receive calls and messages. There is no other way around. The phone cannot connect directly to any "telephone switchboard", as scammers pretend. Because "telephone switchboard" is not a cell tower. Your phone call is routed first trough local mobile network, then trough SS7 network, to recipient mobile network. In this particular case, your phone call is also routed trough your "anonymous" SIM issuer servers located in Russia, before reaching recipient local network. Hence, instead of "hardened" security you've got less security than you have expected. And sure, with an extra payment which will make you think that is serious yet affordable security.

Google for SS7 attack, SIM Toolkit attack, IMSI Catcher to see how IMSI can be retrieved over the air and then what can they do with it.

​Buy cheap pay as you go SIM cards and sell them as anonymous SIM cards, with 500% profit margin.

Straight forward: there are no anonymous SIM cards. This is technically impossible. All of them are just a big time scam that take advantage on lack of knowledge from regular people. And nothing more.

Fact: there is no SIM card without an IMSI.
Fact: there is no connection to a cell tower without IMSI being used for connection purposes.
Fact: even data only SIM cards have an IMSI assigned by the manufacturer.
Fact: there are so called IMSI catchers, designed especially for call/SMS interception based - as its name says - on IMSI.
Fact: if you can call whatever number or you can receive calls, that means your phone is connected to a cell tower, by using voice/data channels.
Fact: once connected to a cell tower, almost ANY cell phone location can be (and it is) tracked by various technologies and systems, taking advantage on mobile network weaknesses or mobile network nodes (SS7).
Fact: once connected to a cell tower, any phone call can be (and it is) intercepted, no matter if voice call is routed on standard voice channels (regular voice call) or on data channels (as Skype, IM, WhatsApp, etc.).
Fact: not the SIM card is choosing the cell tower to connect on it, but the phone. This is the way that all mobile networks are designed (no matter if 2G, 3G, 4G, etc.), a SIM card being only used to identify a certain subscriber.
Fact: the phone number is not stored on the SIM card. Phone number is stored on mobile network servers (HLR/VLR) and cannot be altered/changed directly from the phone/SIM. A phone number can be altered/changed ONLY by using data connection and 3rd party servers. Some particular "russian SIM cards" are using standard voice channels that still route the call trough some russian server, where in fact take place voice changing, and only then the call is routed to call recipient.
Fact: ANY SIM card is encrypted by default, using comp128 algorithm. There is no other encryption that a SIM card support. This is meant for anti-cloning purposes. Some early comp128 versions has been compromised, old SIM cards (until 2012) being easy to clone.
Fact: ANY regular phone call on ANY mobile network (no matter if 2G, 3G, 4G, etc.) is encrypted by default. Otherwise, anyone with a radio receiver can intercept that call. A SIM card CANNOT ad another layer of encryption on top of existing one, nor additional encryption.
Fact: ANY SIM card is trackable and any phone calls and SMSs done with a SIM card can be intercepted.
Fact: IMSI is not the same with phone number, nor with ICCID. IMSI is stored on SIM, since phone number is stored on carrier servers.
Fact: IMSI is not printed on SIM, but ICCID.
Fact: anyone can figure out its own SIM card IMSI, by using freely available apps (both on Google Play and App Store). If you average Joe can do this, then law enforcement or hackers can do that remotely, over the air.
Fact: IMSI change is possible by sending special requests to SIM issuer (the mobile network that issued that particular SIM). The request cannot be sent directly by the SIM user but by other company, in his name (used for example when porting a phone number). Changing IMSI this way is not a standard procedure, despite the fact that IMSI change is mentioned on GSMA and 3GPP procedures. Fraudulent MVNO companies (mostly russian) are taking advantage on this procedure, enforcing the law because the MNO doesn't care, changing SIMs IMSI based on user direct request.

Started back in 2014, anonymous SIM card scam refers to a few types of SIM cards that are being sold to people without a decent knowledge regarding mobile networks:

1. Pay as you go SIM cards (aka prepay SIM)

Some European countries as well as non European ones still issue pay as you go SIM cards with no need to show any personal ID and with no prior registration. This type of SIMs are considered "anonymous" just because there is no connection between user name and phone number. There are no other "special" features or "security hardened" things, whatever that means. At first sight, using a pay as you go SIM (eventually issued by a foreign carrier) looks as an advantage for SIM user. But stepping down on real life, this is what is happening: when a suspect is using whatever SIM, law enforcement ground teams are using IMSI Catchers and/or GSM Interceptors that collect both SIM IMSI and phone IMEI, for further tracking and monitoring. Hence, doesn't matter if the suspect is using a pay as you go SIM: IMSI catcher has done the job, matching all together: suspect identity, SIM identity (IMSI) and phone identity (IMEI). Simple and effective. A good article regarding this type of anonymous SIM scam can be found here.

2. SIM cards that have so called "multi IMSI" option.

This is nothing unusual, and are not adding any additional security to phone calls or location tracking. Just google it by yourself. Multi IMSI SIM cards are sold worldwide by various carriers as SIM cards for frequent travelers which can have up to 4 different IMSIs, corresponding to 4 different phone numbers. The user can choose which IMSI (phone number) is used at a time, by local low rates policies. Nothing to do with additional security or dynamic IMSI change. This type of "anonymous" SIM cards create a false security feeling just because user can alternatively choose from 4 phone numbers to use. Any multi IMSI SIM card can be tracked and intercepted as any other SIM card.

3. Russian "anonymous" SIM cards.

These are SIMs issued by russian MVNOs, which have assigned 1 or multiple IMSIs (up to 4). To place "anonymous" calls, the phone (along with the SIM) will connect to the closest cell tower, by disclosing both IMSI and IMEI. There is no other way around. IMSI and IMEI have to be used in order to connect to the network. Hence, no anonymity: since IMSI and IMEI are disclosed, a wide range of tracking procedures (SS7, GSM Interceptors) are possible, also call interception and SMS interception are just a kids play. Going further, the call is rooted from local mobile network (which is the first weak link that instantly disclose user identity), to russian MVNO servers, where phone number and voice are eventually changed (if user choose to use voice changing and phone number changing), and then the phone call is finally reaching the recipient number. What this clowns are trying to hide from you by taking advantage on your lack of knowledge regarding GSM network standards and specifications is the call route: instead of standard call route (simplified: cell phone > cell tower > core network HLR/VLR > network switch SS7 > russian MNO > russian MVNO servers > russian MNO > SS7 switch > recipient network HLR/VLR > recipient local cell tower > recipient cell phone), they claim that the call originating from your cell phone does not connect to any surrounding cell tower but to some sort of "telephone switchboard", which obviously is not technically possible. Do not forget that even when using data connection to place a IM call (Skype, WhatsApp, etc.), your phone will connect to THE CELL TOWER, by using the same IDs: IMSI and IMEI. In other words, unless you are using WIFI, any call will go trough nearest cell tower, no matter which SIM you are using. With a lot of nonsense blah blah and using apparently a technical vocabulary just to make you think they are professionals and/or skilled hackers, a vocabulary that in the end of the day will probably convince you by confusing you, scammers succeed to sell SIM cards as "anonymous" SIM cards.

We all know that SS7 network is compromised, but it takes more than a few keystrokes to abuse the SS7 network: it takes expertise, money and more important - SS7 access. But from what we have seen, once attackers have all 3 they are making sophisticated use of SS7, because once you have this ability, you want to exploit it fully. The real problem with these unscrupulous russian MVNOs is the access they have to SS7 nodes based on contracts they have with other international carriers, access that make available for them a wide range of SS7 exploits, including call interception and location tracking.

 * Anomalous, but not malicious traffic. This can be everything from malfunctioning nodes, attempting to send for all subscribers rather than their own, to unusual implementations of legitimate services, to anything else which is not known to be malicious. The skill here is in identifying this and making sense of what is malicious and what isn’t – not always easy to understand.
 * Malicious attacks, up to a medium-level complexity. These are the more well-known location tracking, fraud and information harvesting attacks, and were the main type of attacks that operators encountered when they started to investigate SS7 security in depth. As time has gone on, the perception of ‘simple’ has risen in complexity to cover more and more types of attacks.
 * Malicious attacks, of advanced complexity. This is the type of attack that takes investigation to even identify in the first place, and once identified requires detailed understanding of what the attacker is trying to achieve and how, in order to build consistent defense against it. These are the most advanced type of attacks they will increase in complexity as time goes on.

We are actually seeing a progression over time (i.e. over the last 2 years), where some of the attackers who have access to the SS7 network have progressed to trying to use more and more sophisticated methods to achieve what they want, especially now that a large number of operators have begun to implement defense. Most relevant example: ULIN.

One more thing: as always when something is too nice to be true, you never know who is really hiding behind that servers. You have no means to check that russian MVNOs and its hidden strings that eventually lead to local intelligence services.

4. Writable/Programmable blank SIM cards, widely available on Alibaba and other Chinese web shops, also on eBay and Amazon, at really low prices that comes in bundle with read/wright device and software. This way, you can make your own SIM card, with any IMSI.
This is all you need:
a. A programable blank SIM card
b. SIM card Reader/Writer device
c. Software (usually 128k Milenage algorithm and XOR algorithm, Matching the standards of GSM11.11, GSM11.12, GSM11.14, GSM11.17)
The (big) problem consist in Ki (encryption key) which need to be written on that new SIM. You need to know the Ki key, and there is no way to retrieve this key 99.9% of the time from another SIM card, because it is only known by the operator itself. This is why SIM cloning (comp128 v2, v3, v4) is not successful.
Ki problem can be easily solved by a malicious MVNO, which know the Ki and can program its own blank SIM cards.
Chinese vendors has solved this: SIM factory can program the SIM for you when ordering in bulk, including custom printing as you can see on most "anonymous" SIM cards. See it in action:

​Even if Ki is known, once written, the new "anonymous" SIM card will encounter real security issues that make it more vulnerable than a regular SIM, nulling this way the IMSI change function:
a. does not support GSM 11.14: digital cellular telecommunications system (Phase 2+) - specification of the SIM Application Toolkit for the Subscriber Identity Module - Mobile Equipment(SIM - ME) interface.
b. does not support GSM 03.48: security mechanisms for SIM Application Toolkit - Stage2 (GSM 03.48 version 8.8.0 Release 1999).
This mean that the SIM card is vulnerable to a wide range of remote SIM Toolkit attacks.
c. comes with STK menu that supports various applications, which can be updated by OTA download. That means you are not in control of your "anonymous" SIM card: various and potential dangerous executables can be downloaded and executed on your SIM, without your consent and acknowledgement.

Just google it. Crowds of scammers using tens of websites, eBay and Amazon accounts are trying to scam you big time with "anonymous" SIM cards. You can even call them, asking more explicit about how anonymous SIMs work. No doubt, you will get as many explanations as scammers are. Every single one will come up with his own evasive explanations, sometimes even hilarious for an advised person. Those are "professional experts" type. The other ones - "honest" seller type - will simply reply that they are only selling those SIMs, and more explanations can be found on manufacturer website.

​Judging only by the number of items sold via eBay and Amazon, there are thousands of fooled people. And their number is still on the rise.

Beside billing, phone number changing is a feature that work. On the other phone you are calling will appear always another phone number that is calling. At first sight, this is a stunning security feature for most of users, which will certainly impress the buyer that can see a live demo of the feature. But:
Phone number changing take place on their servers, so the phone number will be changed only when routed call will arrive on their servers, on its way to called cell phone. The call is leaving your cell phone with the same IMSI and phone number every single time, and changes are done only when your phone call hits the server.
From the point of view of an IMSI Catcher or SS7 attack, NOT the phone number is relevant, but the IMSI. This is why interception systems are called "IMSI Catchers" and not "Phone number catchers".
And yes, your cell phone location can be tracked and your calls can be intercepted as any other ones. From law enforcement point of view, changing phone number have no relevance when it comes to call interception and location tracking just because the phone number is NOT STORED on SIM card. Phone number changing is actually the single feature that can be tested by the user, which will convince any skeptical person to buy a anonymous SIM card.

Find out more

source

​Back in 2014, some Russian white hat hackers have revealed Anonymous SIM card scam. Read below their study and conclusions.

​"If encryption made any difference, they wouldn't let us use it", said someone.

Encrypted calls are protecting you from the ones that don't want to (or cannot) intercept your phone calls, and does not protect you at all against the ones that can intercept your calls - law enforcement, homeland security and intelligence agencies. Make sense to you? If not, please read below.

Most people think that call encryption is the Holly Grail of secure communications, being also a mainstream when it comes to software development for mobile security. Why is that? Because of 007 movies? Not at all. Because is the only product you can find on nowadays security overcrowded market. From hardware devices to sophisticated software applications, all claim that encrypting your mobile voice calls is the best you can get and there are no other trustworthy solutions. Unfortunately encrypted calls does not offer real security when you are targeted not just by (abusive or not) law enforcement, homeland security or intelligence agencies, but worst, even when you are a target for a skilled hacker.

You don't have to trust us. Just google for voice call encryption hack and tons of articles are available at a glance.

For those of you that use voice encryption products on mobile phones the last thing you would expect is for it to be easily decrypted and intercepted. You may have shelled out good coin for your application and rely upon it for your intellectual security, but what if that security was not as tight as you had imagined, what if a readily available wiretapping utility attainable by anyone, and a simple Trojan slipped on to your device could compromise all of your calls?

Back in 2010 blogger, hacker and IT security expert Notrax has done just that. For his own safety we will not reveal his name, however, Notrax has discovered that 12 commercially available mobile voice encryption products can be intercepted and compromised using a little ingenuity and creativity as he has carefully detailed on his website.
He tested 15 voice encryption products in total, 12 of them were “worthless”. It’s easy to take the software at face value when it “tells you” that the call is secured. But how does someone actually go about being sure that it is secured? Notrax did some digging and discovered he could break in to almost all of them in under 30 minutes.

Secure means that Notrax did not manage to crack it. It does not mean that someone else would not be able to crack it.

These calls can be tapped by anyone that has basic technical skills or the money to back up such an endeavor. “Statistics show Government agencies on average conduct 50,000 legal wiretaps per year (legal= those where a court order is required), (Let’s not forget Echelon) another 150,000 phones are illegally tapped by private detectives, spouses and boyfriends and girlfriends trying to catch a potential cheater. Another estimate shows up to 100,000 phones are wiretapped by companies and private industry in some form of industrial espionage. It is happening and it is a big business.”

SnapCell was safe, it’s a private encryption device that snaps on to your mobile, they claim to protect your mobile voice, fax and data communications from wiretapping, eavesdropping and line interference. SnapCell’s website has been offline since January 21st for unknown reasons.
If you are using one of the above voice encryption technologies, you may want to be on the lookout for a new solution, as XCell Stealth Phones. Although these applications cracked are not entirely secure, it would take much effort to bypass them, like having the attacker be able to load software or a trojan on your phone without you knowing. It’s similar to a credit card, so as long as you keep it with you in a secure place you should be fine for the most part.
How govt is using spyware to circumvent call encryption? Read more here.

Think that LTE mobile networks are secure? Well, think twice: hackers decrypt VoLTE encryption to spy on people calls. More here.

Though using of encryption to protect your privacy might be the prudent choice, the method has its own disadvantages:

• Because a cell phone (no matter brand, OS, ram or chipset) does not have enough computation capabilities to encrypt/decrypt a phone call locally, voice encryption take place on 3rd party servers. That means your voice encryption app that you just installed on your "secure" smartphone act like a link to encryption server. This way, only by using data connection (WIFI, etc.) and stepping out on phone outer world you can use such application. The problem is that a server is actually someone else computer. You can't find out who is really hiding behind that servers. Some manufacturers of cryptographic equipment have a track record of hidden cooperation with intelligence agencies and interested private companies. Some of them are not even using publicly scrutinized and standardized crypto algorithms (like Diffie-Hellman, SHA256, AES and Towfish), but “proprietary” encryption methods that are not available for public evaluation. Several “proprietary” crypto-algorithms that were not subject to public review have been shown to be easily breakable in the past, like the COMP128 algorithm that is in use in many GSM networks for authentication, so the “proprietary crypto” approach has to be regarded as very risky. In the end of the day that means you have no real control on your voice calls.
• Introducing a back door into a crypto system does not even require active cooperation of the manufacturer of the equipment or software. All it takes is one bribed programmer to compromise an entire product.
• You never know if encryption solution you use is indeed trustworthy and there is no reliable way to check it. Most of the encryption applications developers are not making public the source code. There can be (and most of the time there are) back doors used by law enforcement agencies. Sure, you can find source code for some encryption apps, which are made available for public by the developer itself. Unless you are not a cryptographer or cryptanalyst, there is no way for you average Joe, to find out if some security flaws affect your encryption app.

Open sesame of encryption solutions
Will you use an encryption app that have servers located in let's say... North Korea? Probably not, but you have to reconsider your opinion. Shortly saying, the more consolidated a democracy is, the easier is for law enforcement to get access to encryption servers, based on a simple warrant. All that because consolidated democracy countries know what we call the rule of law. Since encryption apps are not developed out of this planet and all encryption servers reside in some county, Govt and related institutions have a simple tool called judge warrant which will instantly "open" any "encrypted" server used for so called "secure" communication. Yes, its a matter of time. But in the end they will get a plain text or plain voice copy. Not to mention that NSA and other similar actors have tools and solutions that effectively circumvent any encryption apps, used nowadays to find out in real time what they are looking for.

Using voice call encryption might make you look suspicious and attract unwanted attention on you, exactly from the ones you are trying to hide from. Its like a ringing bell attached on your tail. Have a wild guess on what they will do in case the you use an encrypted cell phone. For sure they will use some other ways to get the info they need. They will not wait to find some security flaws in your crypto app, they will not attempt even deciphering. They will simply bug your home, office and vehicle, will spy on your computer, will intercept your mail and will use covert human intelligence sources (HUMINT) and whatever it takes to obtain relevant information about you and your activities. They can easily bypass the communication protection provided by the encrypted phones by simply collecting relevant information from other sources. Simple as that. Yes, its not on real time. But can be very close to that.

If you are targeted by an intelligence agency, encrypting your mobile communications does not mean that you are 100% protected against eavesdropping. Think about that: will they drop you just because you use encrypted communication? No, for sure.. Being a challenge for them, will find another ways to get the information they need. Sure, for a short period of time your secrets will remain... secret. But any decent agency will find at any time security breaches, gathering info they need about you, by any means.
Actually by encrypting your phone conversations, you are telling them that you have something important to hide and you invite agencies to use other ways to gather intelligence.

When using encryption over standard mobile network voice channels (not via data connection) like that encryption devices attached to your cell phone, that encrypted call is not so... encrypted as you think. Yes, will defend against call interception performed by spyware apps installed on your phone, because phone microphone is not used during encrypted call sessions. But even if you use such a device, the GSM operator or the entity that operates a GSM interceptor can find out pretty much information such as:

• both phone numbers involved in conversation
• conversation length, time stamped
• your (phone) location at the moment of call
• your geo-location at every moment, by some simple and effective triangulation techniques, based on your phone IMEI that cannot be hided by any encryption app. Once you power up your crypto phone, IMEI and IMSI (if there is inserted a SIM card) will be sent out to network, for connection. No need to make any call or send any SMS. This is the way that all cell phones work, including your crypto phone.​

• Modern GSM interceptors can selectively and temporarily block any cell phone within its range based on IMEI and/or IMSI values, making that particular crypto phone unavailable for use, for as long as they want. This happen when a crypto phone uses data connection in order to make encrypted calls.
• It is well known that cell voice encryption need high speed internet connection. Many modern GSM interceptors can downgrade your crypto phone connection from 3G/4G to 2G, by simply jamming 3G/4G uplink frequencies, which is a standard procedure. By doing that, crypto phones that use data connections will fail and become useless.

Not even notorious encrypted cell phones are immune to this attack. Few years ago, an average Joe posted on YouTube a short movie demonstrating how a well known app used for enterprise encrypted communications - GoldLock - can be defeated by a cheap commercial grade spy app called FlexiSpy. Because he had the phone in his hands with GoldLock already installed on, he installed also FlexySpy on the same cell phone. He started an encrypted phone call with another GoldLock phone. Entire conversation was recorded by FlexySpy in clear, just because FlexiSpy collect audio straight from the microphone, way before GoldLock proceed to voice encryption. Then, when conversation finished, was automatically sent by FlexiSpy via WIFI or data connection on a server where could be listened from user personal account. Simple, efficient and embarrassing for a top notch encryption application. You can do whenever you want the same test.
By some reasons, the video was removed from YouTube so we cannot post a link. Also since then, no more free trial apps are available from GoldLock, avoiding other similar situations. However, that does not make GoldLock less effective for private users, being by far one of the most secure communication application.
And yes, the same can happen with your "secure" cell phone.

This is why voice call encryption is a short time solution for secure communications. In fact, being predictable is one of the worst choice on intelligence battlefield. And using a crypto phone means that you are more than predictable.
When using any voice encryption solution (software or hardware), you will never know when actually your cell phone is intercepted, and by consequence you will never know when you are in real danger. Instead of crypto phones blind protection, it is better to know when someone attempt to tap your calls and when they are trying to locate you. Then you can act advisedly, taking the right decisions and even influencing them by different deception techniques. Here comes XCell Stealth Phones, which brings you the best of both worlds: interception detection and interception blocking. Detecting interception in real time and on the right time is really something else than using blind encryption, an advantage that is used by professionals against... professionals.

Based strictly on customer request and if we are sure that customer fully understand all security risks he take, a voice encryption app can be installed on XStealth Lite and XStealth.

source

Surprisingly for most people, the phone number (called MSISDN in terms of mobile networks) is not stored on SIM card, which contain only SIM ID, called IMSI (International Mobile Subscriber Identity). By consequence, there is nothing that can be changed locally in a secure way, on SIM level. This is why XCell Stealth Phones can change/manipulate IMSI and cannot directly change phone number.

Hiding Caller ID is something else than changing phone number and depends on your cell phone and mobile network settings. The result is just a Unknown call received by the call recipient. Read more here.

At first sight, voice changing might look easy to be implemented on a cell phone, but real time voice changing needs powerful chip sets that usually mobile phones does not have. This is why all voice changing services or applications are using external servers or external devices attached to a cell phone. Hence, no real security for phone user.

A voice changer is not really necessary when it comes to phone monitoring done by law enforcement agencies: they will know exactly your identity, location, calls and messages path, the voice content of your calls and text content of your messages, etc. A voice changer will give you a false sense of security, unless you intend to use it for a prank. Also, in the past 3 years interception systems that use voice recognition feature for automatic target detection and call recording is not used as primary filtering tool, due to the fact that sample voice (needed for voice recognition) sounds different from phone to phone, due to different hardware capabilities. Hence, false positives emerging with an unwanted high rate. Read more here.

Before everything, let’s face it: who do you really fear?
There are not so many hackers around that can actually track your cell phone, because of few simple reasons: expensive hardware needed, lack of knowledge regarding GSM stack and SS7 protocol effective exploits, not to mention that hackers have no interests on you, average Joe. Excepting your worried parents and jealous girlfriend, no one wants to know your (cell phone) geo-location. Tracking a cell phone is not a simple “push button” situation when is done by a hacker. That involve deep and extensive knowledge, pretty expensive hardware, time and not least, an considerable interest on you, average Joe. Which obviously is not the case unless you are just another skilled hacker or a high profile person.
The situation became serious when you did something bad or even illegal. Then, you became a target for law enforcement and/or intelligence agencies. And there is no way to hide your (cell phone) location. They have not only the legal ability to track down your cell phone at any time, but have also technological and human resources to do that, not to mention training and expertise.
In case you think that your own cell phone is secure, its time for 2 simple tests.

TEST No. 1: NETWORK TESTING BY EMERGENCY CALL.

Read more here.