eSIMs offer practical advantages over traditional plastic SIM cards, letting you instantly activate or switch carriers digitally and store multiple carrier profiles at once. But as more users make the switch, a common concern for privacy-conscious users arises: Can an eSIM be tracked?
The short answer is yes, and this guide explains how eSIM tracking works and whether eSIMs are more vulnerable than physical SIMs. You’ll also find out who has the potential to access your information, and, most importantly, how you can regain total control of your data and digital privacy with a secure carrier like Cape.
How Does the eSIM Technology Work?
An eSIM, or embedded SIM, is a chip built into your phone, tablet, or smartwatch that helps it connect to a mobile network. Instead of a plastic SIM card you can insert and remove, an eSIM is software-based and stores your carrier profile on a secure eUICC chip within the device.
You activate it by scanning a QR code or using a carrier’s app, which downloads and installs the eSIM profile to the chip using over-the-air updates. This profile contains your subscriber information, including International Mobile Subscriber Identity (IMSI), Integrated Circuit Card Identifier (ICCID), and network credentials. Once installed, you can connect it to voice, text, and data services like a regular SIM.
Because the eSIM chip is digital and rewritable, it offers several advantages over physical SIMs:
- Ability to switch carriers or plans without swapping physical cards
- Stronger defenses against SIM cloning via encryption and secure provisioning, though advanced remote exploits remain possible
- Additional convenience for travelers (e.g., you can activate a local data plan before starting a trip)
Can an eSIM Be Tracked?
Yes. An eSIM can be tracked, just like a traditional SIM card. In fact, your choice of SIM type doesn’t affect tracking; that depends on other network and device identifiers, such as your International Mobile Equipment Identity (IMEI) number and your device’s GPS or Wi-Fi data.
When your phone connects to a carrier’s network, the network logs device activity for service delivery and regulatory purposes. Carriers, law enforcement, and third-party systems can use this information to identify your device and approximate its location based on cell tower connections or other standard identifiers. The same process applies regardless of SIM technology.
Therefore, the privacy risk isn't inherently higher or lower with an eSIM just because it’s software-based.
How Does Phone Tracking Work?
Phone tracking typically operates on two distinct levels, each one involving different technologies and revealing different data:
- Network-level tracking
- Device-level tracking
1. Network-Level Tracking
When your phone connects to a cellular network, it exchanges signals with nearby towers, sending basic information to carriers to maintain a connection. This data can include:
Information Shared | Explanation |
Approximate location | Carriers know which serving tower your phone is attached to, giving an approximate location of your device |
IMSI | A unique 15-digit number linked to your specific eSIM profile |
IMEI number | A 16-digit code unique to your device |
Carriers continuously update these records as your device moves between cells or maintains coverage. Because this exchange is part of how cellular networks function, you have limited control over it. You’re relying on the privacy and data retention policies of the provider that manages the eSIM profile and network you're connected to.
Some newer privacy-focused carriers are rethinking how these identifiers are handled at the network level. For example, Cape rotates your IMSI regularly, so your device no longer presents the same persistent identifier every time it connects, making it much harder to link your activity over time.
Cape also blocks suspicious or unauthorized signaling activity used in certain location tracking and interception attacks, such as SS7 attacks, by verifying that your device is connecting to a legitimate network.
2. Device-Level Tracking
Device-level tracking is enabled by the sensors, software, and app permissions on your phone itself, operating independently of your cellular connection. Device tracking provides far more precise and invasive parameters than network methods, and it can happen in multiple ways:
- GPS: It uses signals from satellites to calculate the precise location of your device, often within just a few meters.
- Wi-Fi and Bluetooth scanning: When GPS signals are weak or unavailable, your device scans for nearby networks and devices and matches identifiers like Wi-Fi BSSIDs and Bluetooth MAC addresses against public databases to pinpoint your location.
- App-based tracking: Apps with location permissions can continuously log your GPS coordinates. More importantly, they can pair this data, along with your personal information and usage history, with your device's advertising ID to build your digital user profile, which can then be sold to data brokers and advertisers.
- Browser and online activity: Websites, search engines, and social media platforms track your IP address and online behavior using cookies and digital fingerprinting.
Who Can Track Your Device With eSIM?
Any entity with access to your cellular signaling data or your device's digital activity can track you. Whether you use an eSIM or a physical SIM, your personal data and device usage insights are exposed to the following parties:
- Mobile carrier: Your mobile carrier has direct, real-time access to your network signaling data, approximate location, and all metadata (call and SMS logs, data usage, timestamps).
- Partner networks and roaming carriers: When you travel or roam outside your carrier's coverage, the local network you connect to gains the same access to your real-time signaling and location data.
- Government and law enforcement agencies: Through legal warrants or subpoenas, government agencies or police can request or directly access your carrier's network data logs.
- Advertisers and data aggregators: They can track your device's advertising ID, app usage, and online behavior to build detailed consumer profiles.
- Hackers and scammers: Malicious actors using IMSI catchers, malware, or other exploits can intercept cellular signals or compromise your device to track you.
While this list can seem broad, the extent to which these entities can access your data depends on how much data your carrier collects and how long it stores it.
Most legacy providers retain detailed metadata for extended periods and make it accessible across multiple systems and partners. In contrast, privacy-focused carriers like Cape limit how much data is collected and how long it’s retained. The result: far less data available to track, share, or subpoena.
Can You Still Be Tracked If You Turn Off Location Services on Your Phone?
Yes, your approximate location can still be determined even if you turn off your phone's location services. Turning off location prevents apps and services from using your GPS coordinates, but your device can still be tracked through:
- Cell tower triangulation
- Wi-Fi or Bluetooth signals
- IP address
- IMEI tracking
- Installed spyware
On the other hand, if you completely switch off your phone, it stops transmitting signals to cell towers or satellites, making it impossible to track using traditional methods.
However, some modern smartphones include built-in features that may still enable location detection even when turned off. For example, the latest iPhone models use Apple’s Find My network, in which the device enters a low-power mode after shutdown, emitting Bluetooth signals detectable by nearby Apple devices for relay to iCloud, and remains in this mode until the battery drains.
How To Protect Your Data and Identity From Being Tracked
Securing your privacy when using eSIM requires addressing both device-level safeguards and network-level data flows. We’ve outlined five practical steps that can cut down on unnecessary exposure and significantly reduce your digital footprint:
- Update your device settings
- Review app permissions regularly
- Use VPNs and secure browsing
- Delete location history from online accounts
- Choose a privacy-first eSIM provider
1. Update Your Device Settings
The first step is to minimize the data your phone broadcasts, which can be done in a few minutes by adjusting your phone’s built-in settings. Some key habits that apply to all devices include:
- Turn the GPS off when not in use
- Disable Wi-Fi and Bluetooth scanning when not needed
- Keep your device and apps updated for privacy patches
You can also disable or reset your advertising ID, which is a unique identifier your phone shares with apps to show targeted ads, to block cross-app profiling. Both iOS and Android let you manage your ad ID as follows:
- iOS: Go to Settings > Privacy & Security > Apple Advertising and turn off “Personalized Ads”
- Android: Go to Settings > Security & Privacy > Privacy Controls > Ads, and from there you can customize your ad preferences or delete your advertising ID.
You should also restrict background app activity to limit apps from constantly pinging networks and sharing data silently. Here are the steps to do that on your phone:
- iOS: Go to Settings > General > Background App Refresh and disable access for apps that don’t require background access.
- Android: Go to Settings > Apps > [App] > Mobile data usage > Background data and disable access for individual apps.
2. Review App Permissions Regularly
An app with permission to your location, microphone, or contacts can track you even when you're not actively using it. Many people grant these permissions when installing the apps, but don’t proactively revoke them, making regular manual audits essential.
To adjust app permissions on iOS:
- Go to Settings > Privacy & Security
- Pick a category such as Location Services, Camera, or Microphone. You'll see which apps currently have access to that feature
- Toggle permission to Never, Ask Next Time, or While Using the App, depending on how essential the access is
- In the Tracking section, you can also see which apps have requested permission to track you across apps and websites
While on Android, you can follow these steps:
- Open Settings > Security & Privacy > Privacy controls > Permission Manager to view app permissions by category
- Tap a permission type like Location, Camera, or Microphone to see which apps have access
- Choose whether to Allow only while in use, Ask every time, or Deny
3. Use a VPN To Stay Private Online
A VPN encrypts your internet traffic and routes it through a secure remote server, making it much harder for your ISP, Wi-Fi network operator, or anyone monitoring the network to track your browsing activity.
A VPN also masks your real IP address by replacing it with the VPN server’s IP, making it harder for websites and services you visit to infer your actual location or link your activity back to your device.
For best security, choose a reputable VPN provider with strong encryption, a strict no-logs policy, and wide platform support so the protection covers all apps and browsers on your device.
4. Delete Location History From Online Accounts
Both Google and Apple store a long-term record of your movement patterns, visited places, and routes taken. These logs often remain stored in cloud services and aren’t deleted when you turn off future tracking.
On Android devices, your location history is stored in Google Maps Timeline and Web & App Activity, if enabled. To delete this history:
- Open the Google Maps app
- Tap your profile icon > Your timeline
- Tap More (three dots) > Location & privacy settings
- Choose Delete all Timeline data or Delete a range and confirm
- You can also set Auto-delete settings for older data (e.g., 3, 18, or 36 months)
On iPhones, you can find and remove location logs tied to your Apple ID through these steps:
- Open Settings > Privacy & Security > Location Services
- Scroll down and tap System Services
- Tap Significant Locations
- Tap Clear History to remove all previously saved location entries across your signed-in devices
5. Choose a Privacy-First eSIM Provider
Most legacy telecom infrastructure and data practices aren’t designed with privacy in mind. Some eSIM providers collect your call logs, location metadata, and personal identifiers by default and store them in centralized, unencrypted databases, making them a prime target for hackers.
Many rely on third-party cloud platforms, foreign intermediaries, or resellers with minimal governance. These networks can expose users’ identities and movement patterns far beyond what’s necessary for basic service.
If you’re looking for an eSIM provider that minimizes data collection and retention, controls how network identifiers are handled, and avoids unnecessary exposure to third parties, Cape is the right choice.
Cape: The Carrier Built for Security and Privacy
Cape is a privacy-first mobile carrier designed to keep your communications safe from surveillance and misuse. Unlike traditional cell phone plan providers, our business model centers around providing you with premium and secure call, text, and data, rather than harvesting and selling your information.
Our service is built from the ground up with privacy and security at its core, offering unique features like:
Privacy & Security Feature | Description |
Cape doesn’t ask for your name, address, or Social Security number. We only collect the information necessary to provide service, and we retain that information for the minimum amount of time possible. | |
Traditional carriers rely on a fixed International Mobile Subscriber ID (IMSI) to connect your device to cellular networks. This is a vulnerability that lets carriers, advertisers, and bad actors identify and track your device. Cape lets subscribers automatically rotate their IMSI every 24 hours, making it infinitely more difficult to track you or your device. | |
Many services ask for your phone number, but sharing it exposes you to spam, scammers, data brokers, and a variety of other risks. VoIPs, on the other hand, don’t work with 2FA, cost extra, and aren’t encrypted. With Cape, you get two free additional SMS/MMS lines that are middle-to-end encrypted. | |
Most U.S. carriers store your call and text metadata for years, sometimes indefinitely. Cape is built to forget, so call data records (CDRs) are deleted after just 24 hours. | |
Cape nullifies the threat of SIM swapping by completely removing humans from the loop. During signup, you receive a 24-word phrase that generates a private key tied to your number. This effectively means that no one (but you) can move your number to a new carrier or device, not even Cape. | |
Legacy network protocols, like SS7, leave you vulnerable to hackers that can track your location, intercept your calls and texts, and steal sensitive information. Cape’s Network Lock relies on a proprietary signaling proxy to verify that your device’s physical location matches the network it’s trying to attach to. If we detect anything out of the ordinary, Cape automatically blocks the connection, nullifying the potential threat. | |
Traditional voicemail systems are outdated, unencrypted, and another security hole bad actors can exploit to gain access to your sensitive information. Cape encrypts all voicemails, ensuring only you can access them. | |
While roaming, your phone connects to local telecom providers to enable service. But, who knows who might be listening on the other end. Cape provides you with peace of mind by routing your traffic through our U.S.-based mobile core, ensuring your identity, data, and communications remain private and secure. |
Ditch Legacy Carriers: Get Cape Today
Cape is a “Heavy” Mobile Virtual Network Operator (MVNO), meaning we own our mobile core and provision our own SIMs. This gives us full control over how accounts are authenticated and what data is collected (and for how long), and is how we are able to provide privacy and security features no other carrier on the market can offer.
Get started with Cape today and enjoy the peace of mind, knowing you are fully protected against scammers, hackers, bad actors, and other mobile threats.
To help protect more than just your phone, we’ve partnered with Proton. As a new Cape subscriber, you can choose between Proton Unlimited and Proton VPN Plus for just $1 for six months.
