There is a lot of misinformation around about tracking mobile phones, what is possible and what is practical. I wrote this post in answer to a number of questions and discussions on the Bristol LUG mailing list, and I think it could do with a wider audience.
Lets look firstly at locating a 2G mobile that is not in a call. In this case the network will know that last area code (LAC) for the mobile, when the mobile moves out of that LAC, then it performs a location update to update the information in the VLR as to which LAC it is now in.
A location update can also be triggered by the network, network sends a page to the control channel of all the sites in the LAC, and it can also be triggered by the mobile on a number of parameters.
The location of the mobile is measured in the phone in relation to the cell tower, all 2G phones need to measure their distance from the serving site in order to ensure that when they transmit in their allocated slot the propagation delay to the site is taken account. Phones can also measure their distance from several sites to then triangulate their position more accurately. This is an optional feature and requires the installation of a location server in the network to make it work. Not aware of any UK networks who have installed this service.
When a connection is established, be it call, text or data, the creation of a Call Detail Record (CDR) is started, this will contain the cell ID of the serving site for the call initiation, and this record is then “cut” completed by some subsequent events such as ending the call, or some handover events etc. So the location of the cell that the call started in is recorded and can be examined.
The phone itself and hence software on the phone will always be able to see the list of neighboring cells and their signal strength, and if in a call the measured distance to the serving cell from the delay measurement. So Google maps is able to say where you are to the accuracy of the serving cell and distance.
When calls are made to emergency services in the UK the location is reported to the accuracy of a list of regions, these approximately relate to groups of LAC areas. Certainly not more accurately than that.
When a interception warrant is made on a subscriber the network monitoring tools can be used to monitor events relating to the phone, so any location update messages received would include the cell id even though this is not recorded in the VLR, just the LAC. and silent ping messages can be sent to the phone to get it to send a location update at any time.