Would they base it on exploits? Would they have to require manufacturers to add police APIs on the devices? Would a remotely activated camera / microphone / location get the active camera / microphone / location indicator?
55 minute edit: It seems like for simple stuff, like coarse location they can get it through the carrier; I assumed as much and it's relatively easy to get it done. For other stuff, rootkits and exploits are developed by some intelligence agencies which require manufacturing consent or physical interception. Then there's also groups that sell OS levels exploits such as the NSO group.
I'm guessing in the case of software exploits, the indicators would appear for camera / mic / gps. But maybe for hardware exploits they could bypass the circuitry? Seems like a lot of work for non-high-profile targets.
Later edit: Keyword "baseband" seems to be the most likely attack vector
[0] https://apnews.com/article/france-surveillance-digital-devic...
The baseband is an embedded computer inside the phone that controls the device’s sensors and radios. It runs off of its own OS and is separate from the consumer-facing OS. The phone’s OS then talks to this embedded system.
All phones do this, even the iPhone whose baseband OS was some variant of L4 Linux, IIRC.
Various Intelligence Community people and documents have made statements that they can remotely activate the baseband to interact with a target device.
Here's the DGSE (or not): https://www.google.com/maps/@48.8743323,2.4081584,16z/data=!...
In contrast, here's the US CIA: https://www.google.com/maps/@38.952807,-77.1456773,16z/data=...
Stumbled across that while traveling in Paris and thought "Who masks public satellite imagery in 2023?"
It's rootkits/RATs, just malware developed by intelligence services and/or some technical branches of police, although they sometime hire external contractors for this.
They use exploits or physical access.
AFAIK there is no manufacturer giving backdoors to the french government(but the US and China definitely have some, I wouldn't be surprised if the US shared some access for major cases)
Other capabilities require access to the device, either through an exploit or spyware.
OS level attacks seem more likely. The lazy option for a police agency would just be to purchase or develop a couple mobile browser exploits, and then serve warrants to French telcos requiring them to MitM targeted traffic. When the target tries to load something via http, redirect them to the exploit server, deliver the payload, and dump everything from their device and collect location, camera, and audio going forward.
Edit: Most people also seem to be overlooking the low-tech solution - get a warrant to break into the target's house or seize their phone during a "random" traffic stop, and use physical access to the device to do whatever.
https://en.wikipedia.org/wiki/SIM_Application_Toolkit
It's under the control of the mobile operator which knows the secrets keys to send commands to the phone OTA.
I was one of them and my phone (Android, Samsung, operator is Orange) suddenly was taken over. It started to root a sound I never heard (loudly), vibrate like crazy and the screen was locked to an emergency message that covered everything else. I had to click on the message to make it go.
This test shows that the administration already has some level of control, through the network provider's OS layer.
Only for high value targets of course, otherwise they'll just go with a simpler and cheaper route.
https://en.wikipedia.org/wiki/OMA_Device_Management
Send special SMS, which makes the phone contact download instructions on what to do from a given URL. All in the background.
Even Pinephone's modem has a few FOTA binaries that handle remote instructions from different operators. I guess the binaries of the OMA DM processing programs are provided by the mobile operators, or co-developed with the modem manufacturer. It can't turn on the camera or whatever, and is disabled by default, but that's just because the modem is not integrated into the main SoC.
https://www.extremetech.com/computing/170874-the-secret-seco...
https://www.androidauthority.com/smartphones-have-a-second-o...
events.ccc.de/congress/2011/Fahrplan/attachments/2022_11-ccc-qcombbdbg.pdf[PDF]
