2

There are some websites and apps promising (I have not tested their claims, just accidentially saw such a service on some website about phones and apps for them) to show phone location on a map given its IMEI.

How do such websites and apps work? Do their operators have access to some govt services, operators' services, or maybe data brokers' ones collecting telemetry from backdoored apps (often preinstalled, some of the websites mention the supported brands) with access to GNSS and IMEI (I guess, if one removes the backdoors, he kinda immune)? Or have they just rented access to aggregator services, which job is to resell under an unified API accesses to networks of RF-sniffing equipment set up by local entrepreneurs (so the tracking is limited to the areas covered by the entrepreneurs' networks) ?

KOLANICH
  • 892
  • 6
  • 14
  • 1
    Unless proven otherwise I'd assume they don't work... – vidarlo Nov 20 '21 at 21:20
  • I am not willing to test it on my phone, but here is one of them https://www.istaunch.com/imei-tracker/#IMEI_Tracker (it seems it doesn't require a payment). – KOLANICH Nov 20 '21 at 21:24
  • 1
    All mobile network providers are interconnected through a large backbone network running the SS7 protocol which was designed in the 1970 when security and privacy were no issue and the connected providers were all trustworthy. Nowadays you just need enough money to get access to this network and can do a lot in that network. Good mobile network providers have a tight firewall so not everybody can send any thing to your mobile. I assume those tracking systems make use of the SS7 network. – Robert Nov 20 '21 at 21:26
  • 1
    I believe the answer below by @polynomial is correct (+1). But, a service being able to track a phone on a Google map in real time *without* installing the service's app on the phone might not be all that farfetched. See https://security.stackexchange.com/questions/252566/feasability-of-deanonymizing-commercially-available-advertiser-data. – mti2935 Nov 20 '21 at 22:49

1 Answers1

3

The site you linked does not track your phone via its IMEI. If you read the instructions carefully, it has nothing to do with the IMEI.

The IMEI Tracker by [vendor] is an online tool that helps you to track lost/stolen Android or iPhone using IMEI number in real-time on Google Map.

Open the IMEI Tracker by [vendor] tool on your phone. Type 15 digits number in the given box and tap on the track button. Next, just select a live location option, and you get to see your phone’s location on Google Maps for free.

You install an app on your phone and set it to "live location mode". That app sends GPS coordinates to the vendor's server, and you can look up the current location by IMEI on the website. You're purposefully providing the vendor with your phone's location, rather than them somehow tracking it via the cellular network.

Precise location tracking as a cellular network feature is only implemented via Advanced Mobile Location (AML), a technology built into modern phones that is turned on when you make a call to an emergency services number. The phone uses GNSS (more commonly referred to as GPS) to find its position, and relays that information to the emergency services to aid with locating the caller. AML is mandatory for devices sold in most regions.

More general location tracking can be performed by the cellular network by looking at which tower your phone is currently registered with, but that only provides a rough area and it isn't always useful. While cellular location data has become a popular plot point in crime shows, leaving people with an expectation that it is an accurate way to say whether a person was in a particular area at a particular time, its reliability as a location indicator is fairly low in practice. Real-time cell tower registration data is not supposed to be accessible to anyone except the provider and network operators. In reality, access to that information has been known to be illicitly sold, but the practice is generally illegal.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • There is no link to an apk file within the page source code (I cannot exclude that the webapp would ask a user to download the app after he entered the IMEI and sent the form, but I haven't tested the webapp). I guess `on your phone` is just a misleading remark. Since 1. there is the text box is on the webpage, and 2. if the tool was an app for a phone, it would have accessed IMEI itself via API, not asked a user to type it, which is error-prone, so I think that under `IMEI Tracker by [vendor] tool` the webapp is meant. – KOLANICH Nov 21 '21 at 07:56
  • 1
    Ah, yes, I stand corrected on that front: it's not an app - you open the browser to the page and grant it location access. But still, they're not doing anything clever. – Polynomial Nov 21 '21 at 18:55