I personally don't believe basic measures like turning off location services as suggested by the article will make a difference against a sophisticated adversary like a state actor. We know that modern phones are full of proprietary firmware with swiss cheese tier security which allow for 0 day remote code execution exploits [1]. The operating systems, although better, also have been targeted by RCE exploits [2].
Not to mention even turning a phone off does not guarantee it goes silent. Apple's Find My network works even for turned off devices. Now of course you can turn that feature off, but once the capability to track a turned off device is there, we have to assume that a nation state actor has exploits/backdoors that allow agencies to bypass basic software switches.
You have to assume everything you do on a mobile phone will end up in law enforcement/intelligence agency databases if you're put on a watch list.
>I personally don't believe basic measures like turning off location services as suggested by the article will make a difference against a sophisticated adversary like a state actor.
The majority of activists are not worth the effort or expense. And for the ones that are worth - those guides make no difference since they don't harden as much. If you want real security - then the least you must do is have two devices. One used for hotspot only.
Since the mid-2010s Apple has put every baseband / WiFi / Bluetooth radio either on USB or PCIe with an IOMMU that restricts access to only the pages required for networking and packet management.
I can't speak to when Android started doing this, but I know the common chipsets (Qualcomm, Exynos, Mediatek) also do this.
Not to mention even turning a phone off does not guarantee it goes silent. Apple's Find My network works even for turned off devices. Now of course you can turn that feature off, but once the capability to track a turned off device is there, we have to assume that a nation state actor has exploits/backdoors that allow agencies to bypass basic software switches.
You have to assume everything you do on a mobile phone will end up in law enforcement/intelligence agency databases if you're put on a watch list.
[1] https://googleprojectzero.blogspot.com/2023/03/multiple-inte...
[2] https://en.m.wikipedia.org/wiki/Pegasus_(spyware)