Android Ultra Secure Stealth Phones

There was no perfect stealth phone, until now. While the rest of the market is going one way, with text and voice encryption, we are going another way, to the core of the problems, by sticking to privacy and security based on eavesdropping detection, and fighting eavesdropping by using the very same network weaknesses that IMSI catchers and GSM interceptors use. XStealth Phones are in fact the only ones that can effectively defend against mobile eavesdropping using both defensive and offensive security methods.

Get the most out of your Ultra Secure Stealth Phone with our technical specifications:

XStealth Hardware Security

A tamper-proof platform and a kill switch to self-destruct.

XStealth Software Security

Unparalleled firmware security: secure by default


XStealth Lite Special Functions

XStealth special functions

  1. Calibrate

  2. IMEI Change

  3. Hunting Mode / Anti Interception Mode

  4. A5 Alert

  5. Location Tracking Alert

  6. Location Spoofing

  7. Channel Lock

  8. C2 Monitoring

  9. cryptoTRACER

  10. Sandbox

This version does not have the IMSI Change and Network Scan functions. There are only buttons that serve the explanation. It also does not have XCrypt MLSP®, our super secure SMS encryption.

  1. Calibrate

  2. IMEI Change

  3. IMSI Change

  4. Hunting Mode / Anti Interception Mode

  5. A5 Alert

  6. Location Tracking Alert

  7. Location Spoofing

  8. Channel Lock

  9. C2 Monitoring

  10. cryptoTRACER®

  11. Sandbox

  12. Network Scan

The special features are explained below. Understand everything XStealth Phones offers for your privacy: from defensive to offensive security.

Special Menu

To access the control panel, the user dials a secret code and is then prompted to the control panel. A second secret code is required to access the main Special Functions screen.


When you activate the phone for the first time, you should run the calibration function: The phone calibrates itself, tests the GSM network and stores data about the home network, which is part of the self-learning process. It is important that you use a new SIM card (whether you have a contract or a prepaid card) and that you are in a safe place (connected to a real GSM network).

IMEI Change

The user can control the way of IMEI change (after any event like phone call or SMS, on request of the network/IMSI catcher, etc.) and can also define his own IMEI and perform different protection scenarios this way. For more information, please refer to the user manual.

NOTE 1: This feature is not available for XStealth Lite.
NOTE 2: Changing the IMEI is legal as long as you do not do it with a stolen phone. For legal reasons, you can always restore the original IMEI with the press of a button. XCell Stealth Phones are used legally all over the world, including by law enforcement agencies.

IMSI Change

Once the function is activated, the phone will start SIM cloning and generate valid IMSIs that will be used for the next calls and messages. There are no other mobile phones that can perform an IMSI change. Please note that no internet connection, third-party servers or special SIMs are required. Also, there are no monthly fees or other commitments. Works with virtually any SIM card, but we recommend using MNO SIM cards.


The user can switch between Hunting mode (call/SMS interception detection) and Anti-Interception mode (no calls or messages can be sent or received while phone interception is active, regardless of whether GSM Interceptor or SS7 means are used).

A5 Alert

All mobile calls and messages are encrypted by default in virtually every mobile network. The GSM standard cipher algorithm is called A5. There are four variants of A5 in GSM, of which only the first three are widely used: A5/0, A5/1, A5/2, and A5/3. The latest eavesdropping technologies are capable of intercepting not only calls and messages, but also data (Internet usage).
A GSM interceptor or IMSI catcher forces mobile phones into A5/0 mode (no encryption), making it easy to intercept call data and convert it into audio. This situation is detected by the XStealth phone and the user is alerted in real time.
Once all enabled, the phone user will be alerted in real time when voice and data connections are intercepted.

Location Tracking Alert

Location tracking alert
Location tracking methods used by law enforcement are based on cellular networks, the target phone does not need to be connected to the internet. In most cases, the assistance of the network operator is required unless SS7 is used to track the location of the phone.

Once enabled, the phone will alert you when a location tracking ping is received.

Ki extraction alarm: Every time a GSM interceptor tries to obtain Ki (the encryption key stored on the SIM card) by sending so called "challenges" and waiting for the SIM card response with parts of the encryption key to calculate Ki later.

Real GSM Location Spoofing

Most so-called location spoofing apps are internet-based and actually only falsify GPS data. This creates a false sense of security, as the GSM location is revealed every time the target phone is connected to a mobile network.
GSM location data (Cell ID, Location Area Code, etc.) is commonly used by law enforcement agencies to determine the location of mobile phones. XStealth phones use a true GSM location spoofing feature.

The XStealth user can choose which cell tower the phone is connected to. In this way, any triangulation technique used to track location will produce false results, resulting in a false location. For ease of use, Optimal Location Spoofing should be enabled: The phone will always connect to the farthest cell tower, whether it is stationary or on the move.

Attention. The mobile data connection is also provided by the network operator (via mobile phone masts, which are easy to find by simple procedures), unless the phone is connected to the Internet via a mobile hotspot. As a result, a phone can be instantly tracked if it is not connected to the cellular network, but only to the Internet. XStealth phones are immune to this type of location tracking as long as the special features do not require an internet connection.

Channel Lock

The XStealth user can block the ARFCN (uplink and downlink - the radio channel pair over which the cell tower communicates with the mobile phone and vice versa) to block a forced handover (the mobile phone is forced to silently disconnect from the home network and connect to a fake cell tower impersonated by a GSM interceptor). The phone remains connected to the real cell tower, thus preventing it from "slipping" to a fake cell tower (IMSI catcher) that uses a different ARFCN to force a handover.

C2 Monitoring

The phone monitors the C2 parameter (cell selection criterion) used by IMSI catchers/GSM interceptors to force the connection to the mobile phone. It also looks for the identity of neighboring cell towers. When the phone is connected to a GSM interceptor, no cell towers are displayed as neighboring towers.



A feature that immediately checks for network switch-based eavesdropping, also known as SS7 eavesdropping.



We have created a separate, secure partition in which the IMEI engine, the IMSI engine and other security-related software components run smoothly and without the possibility of interference or tampering. The user can verify the integrity of the sandbox and its components at any time.

Network Scan

A live network monitoring tool that looks for IMSI catchers/GSM interceptors, SS7-based eavesdroppers and other network anomalies. A real-time eavesdropping detection feature is also available. No false alarms due to intelligent scan mode.

NOTE: This function is only available for XStealth.

Real Time Interception Detection

Users can check the security of their mobile stealth phone connection in real time. Detects call/SMS interception performed by any means: IMSI catcher/GSM interceptor or SS7 (also known as network switch based interception).

NOTE: This function is only available for XStealth.

LAC Change Detector


This is the proximity alert function. The phone detects abnormal LAC (Location Area Code) when idle, changes that are only made by IMSI Catchers / GSM Interceptors to force the connection.

Microphone Lock


The user can lock the microphone at any time to prevent remote activation and to listen to the surroundings.

Camera Lock

The user can lock the camera at any time to prevent remote activation for spy images/movies.

On Screen Functions


For ease of use, the main monitoring and alert functions are also displayed on the home screen. As the main home screen is anonymous and looks like any other smartphone, a simple swipe across the screen will display all monitoring functions on the screen.

GSM Encryption Checking


Each time the user makes a call, the phone checks the standard GSM network encryption (A5/1) and detects whether the call is intercepted from the air (by a GSM interceptor) or at the network exchange level (SS7) by pinging the network core. In case of an intercepted call, the phone displays a visual warning.

Call Interception Alert


XStealth displays a visual warning before making a phone call that is intercepted / unsafe. The same visual warning is displayed before answering the call if an incoming call is intercepted in any way.

Forensic Proof: USB Volatile Filters

All XStealth phones are supplied with paired wall chargers. When another external device is connected via USB cable (including external batteries, PCs and laptops, forensic tools, service boxes, etc.), the data connection is terminated and the self-destruct mechanism is triggered. The entire motherboard including the chipset is automatically destroyed.

NOTE: XStealth phones are shipped with the feature disabled. It will only be activated upon customer request and before shipment.

Self-nuke Security Mechanism

When the phone is connected to an external device, other than the supplied wall charger, the entire motherboard and chipset will automatically shut down.

NOTE: XStealth phones are shipped with the feature disabled. It will only be activated upon customer request and before shipment.

Government Grade SMS Encryption: XCrypt MLSPⓇ

Secure encrypted messages can only be exchanged between phones that have XCrypt installed. If a secure message is sent to a device that does not have XCrypt installed, no message will be received from a device without XCrypt.
Multi-Layer Security Protocol® - MLSP® it is a revolutionary end-to-end SMS encryption developed by XCell Technologies. XCrypt provides 100% secure SMS communication that not only uses strong military grade encryption, but also adds a new layer of security by exploiting the GSM network via MLSP® to ensure that there is no way to intercept text messages or metadata, even in encrypted mode. Taking advantage of the GSM network architecture and SMS transport protocol, XCrypt is able to send/receive encrypted and uninterceptable messages. This app uses a brand new patented technology to send/receive encrypted messages

NOTE: XCrypt is only available for XStealth and XStealth Pro.

FinSpy Annihilator

FinSpy is a field-proven remote monitoring solution that enables governments to address today's challenges in monitoring mobile and security targets who regularly change location, use encrypted and anonymous communication channels, and reside abroad. FinSpy provides access to information such as contacts, SMS/MMS messages, calendars, GPS location, images, files in memory and recordings of phone calls. All exfiltrated data is transmitted to the attacker via SMS messages or over the Internet. Personal data, including contacts, messages, audios, and videos, can be exfiltrated from most popular messengers.
FinSpy bypasses 40 regularly tested antivirus apps. Therefore, there is no point in installing an antivirus. XCell Technologies has opted for another effective solution to bypass the installation of malware and malicious software. There is a FinSpy detection algorithm installed deep in the XROM firmware that not only detects any intrusion attempt, but also blocks any code execution. Local HTTP ports used by FinSpy have been blocked: :8999 and :8899.


3G downgrade attack

A screen capture showing a real 3G downgrade attack. XStealth hunting mode was enabled (intercepting IMSI catchers).
What is a 3G downgrade attack?
Some GSM interceptors, unable to intercept 3G handsets directly, use high-power jammers that block 3G frequencies in the vicinity, forcing the target phone to perform what is called a "network downgrade" where it switches to 2G frequencies where it can be easily intercepted.
The phone switches to 2G mode without the user accepting or acknowledging it.
In addition, some modern GSM interceptors can display the 3G icon at the top of the phone's screen while the phone is actually connected to 2G. This avoids any suspicion of the phone user and at the same time suppresses any alerts that might be triggered by some installed apps that monitor the mobile connection type.
In this image: While the 3G network icon is shown at the top of the screen, Network Scan shows the 2G network and a downgrade attack attempt.
The screen capture is not digitally generated, nor is it a lab test. It only shows a real attack detected by an XStealth Phone.


C2 attack revealed by XStealth Phone

Optimally balanced device

There is always a delicate balance between special features and phone performance.
XStealth Lite and XStealth come as well-balanced hardware, firmware and default apps. XROM - our proprietary firmware - requires a lot of resources to function. Continuous network scanning is a background process that, along with baseband access, takes up about 75% of system resources, limiting the system's ability to adapt to newly installed apps that a user might want to install in addition to existing apps. For this reason, we have limited the number of installed apps based on user needs: up to 3 for XStealth Lite and up to 4, for XStealth.

When the ideal balance is disturbed, the user should expect noticeable execution latency (delayed device) and screen latency.
We recommend as few additional apps as possible.

Android devices are regular victims of unspeakable lag, although some may argue that it is most likely the user who is causing their device to lag. Arguments aside, why do Android devices stop being in top form after a certain amount of use? Simply because this is the way Android is built.


A list of the most common apps that should not be installed due to various security issues: Wickr Me, Wickr Pro, Wire, WhatsApp, Messenger, Snapchat, NordVPN.
Security patches cannot be applied to the above apps.

Please note:

Strictly according to user requirement, our programmers can install patched versions of Silent Phone, Telegram, Signal and WhatsApp, for free. All of these apps will work without any security issues. Unfortunately, the above apps require the latest software version to work, which means the patched version will need an upgrade at some point. Since both OTA and local app updates are blocked on XStealth Lite and XStealth due to high security risks, these apps will work fine until the associated servers prompt the user to update the app. For this reason, we do not recommend using these apps. Instead, XCrypt MLSP® is a smart alternative to all these apps: no OTA or local updates are needed as this app does not use external resources, servers and data connections.

XStealth Lite and XStealth are not consumer products as they are intended for maximum privacy and security, which cannot be achieved at the same time as maximum phone usability. Don't expect high-speed performance compared to the latest iPhone or Android phones. As these are security oriented products, we take into account that your personal security and privacy may reasonably affect the usability of the phone.

De-Googled XStealth Phone: Adverse side effects

There are more disadvantages than advantages

Once an Android phone is de-Googled, there are a few major drawbacks.
Any apps that have Play Store dependencies won't work at all or will work very slowly. Also, phone notifications are severely affected. The user has to type in the app, which makes the notifications useless. The phone needs a reboot from time to time as it becomes unbearably slow with apps like Telegram.

The main problem is the instability of the system, since Android was developed by Google: Removing some Google components (e.g. Play Store) can cause the phone to permanently fail, rendering it useless. Remember that phone, messaging, and contact apps (to name a few) are part of the Android Open Source Project (AOSP) and developed by Google. Thus, technically you are still using a Google product, but it doesn't come with the same baggage, but system instability.

Instead of removing Google components, we offer a better and safer alternative: We disable all Google apps that will not cause system instability. Your XStealth Phone will have no connection to the outside world from Google while maintaining system stability. This way there is no telemetry location tracking or even any kind of identification or device fingerprint that can be taken by Google, Apple, Facebook or others

IMPORTANT: Do not register and use a Google account on your XStealth Phone.

We are not responsible for any consequences that may later affect the phone if Google components are removed at the user's request.