Why are XCell Stealth Phones so special?

There are no other

The XCell Stealth Phones are based on the idea of eavesdropping security rather than encryption. This is because XCell Stealth Phones target professionals, from government to intelligence agencies, who need to know exactly when and for how long their phones are being monitored. This way, every XCell Stealth Phone user is always one step ahead of their enemies. So from simple deception or manipulation techniques to complex counterintelligence measures, anything is possible.

The way our stealth phones block eavesdropping is not mainstream and is not based (only) on encryption, but on sophisticated firmware and special apps that took us almost 20 years to achieve the current level of security.

Of course, in addition to eavesdropping detection, XCell Stealth Phones can also block eavesdropping and spoof location by bypassing GSM triangulation techniques. All of these features should be used with caution: You don't want your enemies to find other ways to get relevant information from you other than your cell phone, in case they realize that wiretapping the phone doesn't provide the information they're looking for. Remember that it is not only your cell phone that is a source of sensitive information: the same information can also come from other sources (HUMINT - intelligence gathered through interpersonal contacts, as opposed to the more technical intelligence disciplines such as Signals Intelligence - SIGINT), such as from your social relationships, friends, relatives, colleagues, employees, etc., or through the use of other methods and techniques such as hidden bugs, surveillance cameras, etc. It is only a matter of time before you are affected by such attempts when you are targeted by professionals.

Why did we develop XCell Stealth Phones?

We believe that personal information should be your information and not shared with others!  

We believe that a truly "secure mobile phone" must be threat-aware.

Any tool that gives people access to tons of personal data will be abused. And this is happening right now by those you wouldn't expect: abusive state actors.

Our right to privacy protects us so that we are not persecuted for our beliefs, lifestyle or sexual orientation. But our privacy is being attacked without us realizing it.

Their private conversations are not so private. In fact, the government has tapped into the servers of top technology companies. Some government agencies have been given carte blanche to the metadata of millions of phone calls. Someone, somewhere could potentially hear or read your conversations.

In the U.S., it's even worse: police can obtain phone records without a warrant, thanks to a 1979 Supreme Court case, Smith v. Marylandwhich held that the Fourth Amendment's protection against unreasonable search and seizure does not apply to a list of phone numbers.

Wiretapping your phone conversations without a warrant is illegal if you are a U.S. citizen. But the police don't need a warrant - requiring proof of "probable cause" that a crime has been committed - to monitor the numbers for incoming and outgoing calls in real time, as well as the duration of the calls. Instead, they can get a court to sign off on a warrant that only requires that the data they're looking for is "relevant to an ongoing criminal investigation" - . a lower standard of proof. The government can also obtain historical phone records with an administrative subpoena that does not require a judge's approval.

Many wireless carriers provide phone location to authorities and may charge a fee for doing so. Cell towers track, Where your phone is at any given timeas do the GPS capabilities of some smartphones. In response to a question from Senator Edward J. Markey, a Massachusetts Democrat, Sprint reportedthat it had shared location data with US law enforcement 67,000 times in 2012. AT&T reported, saying it received 77,800 requests for location data in 2012. (AT&T also said it charges $100 to start tracking a phone and $25 per day for continued tracking.) Other providers, including. T-Mobile, U.S. Cellular and Verizon, did not provide information on the number of requests for location data they received or the number of instances in which they provided it.

Intelligence agencies, for example, have long exploited a loophole to conduct warrantless searches of Americans' data collected under Section 702. The NSA conducts over 30,000 of these "backdoor" searches annually, and while the FBI refuses to report their numbers, we know they routinely conduct these searches when they are investigating a crime, assessing whether to open an investigation, or even just hunting for information on foreign affairs.

In June 2013, U.S. whistleblower Edward Snowden revealed that U.S. and U.K. security services routinely collect, process, and store vast amounts of global digital communications, including email messages, posts and private messages on social networks, Internet histories, and phone calls.

The UK government has not publicly acknowledged the existence of these mass spying programs - it has "neither confirmed nor denied" the existence of Tempora, the mass surveillance system allegedly run by Government Communications Headquarters (GCHQ).

Mass surveillance on such an industrial scale is illegal and undermines our right to privacy and free speech.

Governments, private individuals, greedy hackers, and organizations have all the tools and technology necessary to intercept voice and data traffic. If you are concerned about your personal or business secrets, or the health and safety of you and your loved ones, it is imperative that you take the necessary steps to protect your sensitive communications.

Even in democratic countries, government agencies disregard the rule of law when it comes to cell phone tapping.

Government security agencies like the NSA have access to your devices through built-in backdoors or through the use of specialized devices like IMSI catchers, GSM interceptors, and SS7 means. This means that these security agencies can listen to your phone calls, read your messages, take pictures of you, stream videos of you, read your emails, steal your files... whenever they want.

We are now witnessing warrantless spying ordered by state actors. The law on government wiretapping of citizens is well established and crystal clear. A 2002 presidential order allowing the National Security Agency to warrantlessly monitor the international (and sometimes domestic) phone calls and email messages of hundreds or thousands of citizens and lawful residents in the United States. The program ultimately included some purely internal controls - but no requirement that warrants be obtained from the Foreign Intelligence Surveillance Court, as required by the 4th Amendment to the Constitution and foreign intelligence surveillance laws. In other words, no independent review or judicial oversight.

This kind of surveillance is illegal.

Government eavesdropping on citizens is an extremely serious matter. The ability to invade private space is a tremendous force with which an individual can be monitored, embarrassed, controlled, shamed, or ruined. Because it is so invasive, the technology of wiretapping has been subject to carefully crafted and legal controls almost since its invention. Ignoring those controls and wiretapping without a court order is a crime that carries significant jail time. But all of this is ignored and warrantless government wiretapping of citizens has become a daily routine.

The government's reliance on the assistance of telecommunications companies to "track and analyze large volumes of communications" is much larger than we know, a whole new surveillance paradigm. This "comprehensive" surveillance is an illegal invasion of people's privacy on a scale never before seen.

Telecommunications companies gave the NSA direct access to communications streams over their networks. In other words, the NSA appears to have direct access to a large volume of people's communications - not only with the consent but also with the cooperation of the companies handling those communications.

The CIA is largely prohibited from gathering information inside the United States or about U.S. citizens. But a 1980s presidential order provides for discrete exceptions governed by procedures approved by the CIA director and the attorney general.


NSA spy agency triples collection of U.S. phone records: official report. WASHINGTON (Reuters) - The U.S. National Security Agency collected 534 million records of Americans' phone calls and text messages last year, more than triple from 2016, a 2020 report by the U.S. intelligence agency said.


For more than two decades, the Justice Department and Drug Enforcement Administration have collected logs of virtually all phone calls from the U.S. to as many as 116 drug trafficking-connected countries, according to current and former officials involved in the operation.


Snowden documents show that the NSA tracks cellphone locations worldwide. The National Security Agency collects location data from around the world by accessing the cables that connect cellular networks around the world and serve both U.S. and foreign cell phones.


Instead of blind encryption, field workers need to know exactly when and for how long their phone calls and messages are being tapped. A crypto phone will never alert the user of interception attempts. That's where XCelll Stealth Phones come in, offering state-of-the-art detection technology.

However, the XCell Stealth Phones are not only aimed at professionals, but are also easy to use for ordinary citizens. No special GSM knowledge is required to use our stealth phones properly.

Our technology


Beginning with government projects in 1998, we worked with niche eavesdropping systems to develop countermeasures - special phones that can detect eavesdropping. Then in 2007, XCell Stealth Phones became a standalone branch, keeping up with the latest wiretapping technologies and providing secure mobile phones for government, military and law enforcement agencies. Since 2013, some XCell Stealth Phones have been available for public use.

The detection algorithms and software solutions were developed from the ground up by the same programmers and telco engineers who developed the interception systems that are the main source of our Stealth Phones. Year after year we have added new special features and detection solutions that make our products unique.

Besides hardware modifications we made to connect the software to the baseband of the mobile phone, special features like self-nuke motherboard and anti-forensics require some parts to be added in addition to the existing hardware.

XCell Stealth Phones run on a highly modified, secure firmware by default: no antivirus apps are needed, as no apps or executables can be installed, not even by the phone user himself. No remote exploits can be executed against XCell Stealth Phones.

What makes the difference?

Check below some specifics that make it different from other so-called "safe phones".


Special functions

  • Real-time call monitoring detection

  • Real-time SMS eavesdropping detection

  • Ping detection for real-time location tracking

  • Abnormal LUR and RAND / SRES sessions in real time

  • Real-time SS7 eavesdropping detection

  • Real-time SS7 location tracking detection

  • Dynamic IMEI (IMEI can be changed manually or automatically)

  • IMEI cloning (ability to impersonate another mobile phone, regardless of type or brand name)

  • Dynamic IMSI (like using a new SIM card for each new call)

  • Select and block ARFCN / EARFCN (Pair Comm Channels) over which the phone communicates with the cell tower.

  • True GSM location spoofing (while the phone is actively connected to the GSM network and not WiFI!). Bypassing GSM triangulation performed by modern GSM interceptors. Effective against SS7 location tracking

Learn more about: Special Functions

IMSI-Change: Unique function

There are no other mobile phones with an IMSI changing function. Even so-called anonymous SIM cards that pretend to allow the user to change IMSI are actually multi-IMSI SIM cards (Traveler SIM card) with up to 4 different IMSIs that remain unchanged and are assigned by the operator running the network.

More about IMSI Change here.
*Only XCell top versions have this special feature.


No internet connection required

Unlike other "secure mobile phones", XCell Stealth phones do not require an Internet connection to function properly. All special functions are performed locally and independently from the outside world. Once you leave your phone by connecting to the internet, there is no privacy. Period. Not even secure browsers and VPNs can provide 100% privacy and security for one simple reason: You never know who's really behind it.


No third-party servers

Unlike other "secure mobile phones", no third-party servers are involved to protect your privacy. Your data stays with you.

A server is actually another computer. You will never know who is actually behind that server, and you can't even do a simple background check. All we know from our customers is that most of the above servers are run by intelligence agencies with a single purpose: to find out confidential information that their servers are sharing. Sure, everything is encrypted. And sure, no one is going to find out your secrets except them. This is not an assumption, this is information we have from our main customers. This is also why our best selling product uses no data connection or internet at all.


No data plan or contract

Unlike other "secure mobile phones", the use of special functions does not require a data tariff, contract or data SIM card.


No monthly fees

Unlike other "safe phones", there are no monthly or annual fees. All special features are designed to work for free, no strings attached. Just a one-time payment when you buy the product. No fees also means maximum privacy and security.


Does not rely on encryption alone

Unlike other "secure phones", XCell Stealth Phones are not based (only) on encryption. The way our Stealth Phones block eavesdropping is not mainstream and is not based on encryption, but on very sophisticated firmware and special apps that took us almost 20 years to achieve the actual level of security.

Compared to crypto phones that only use encryption to maintain the feeling of security, the concept of XCell Stealth Phones is based on eavesdropping rather than encryption. Only as a last resort, some of our devices use encryption and develop a whole new type of encrypted messages: XCrypt MLSPⓇ.

We also manufacture high power jammers for law enforcement purposes. Guess what: Law enforcement agencies use this technology when a target phone is using "secure" (encrypted) calls and messages. Simply put, the product blocks any data connection on selected cell phones. This way, the "encrypted" phone user must use their phone as a normal cell phone, make unencrypted calls, and send unencrypted text messages. Therefore, monitoring mobile phones is a breeze.

Some of them will disclose the so-called "source code" for inspection. But there is a simple question: how can you be sure that the phone you buy has the same "clean" software installed? There are no tools, no methods to test this unless you are a cryptanalyst and know what you are doing. You just have to trust them.

Crypto phones are mainly used by ordinary people (mainly civilians) who need some protection against intrusion attempts by hackers and professionals. But let's face it, how many real GSM hackers are there in the world? Only a few. And they certainly aren't interested in eavesdropping on phone calls en masse. And yes, the standard network protection (standard A5/1 encryption algorithm) is just enough when it comes to the above mentioned people.

And again, let's face it, who do we really fear? No doubt it's law enforcement, who certainly have the technical skills and highly trained personnel to intercept your phone calls.

Encryption is only a solution for a short time. Then it can become dangerous even for professionals, as it attracts the unwanted attention of law enforcement.

Since our products are aimed at professionals ranging from intelligence agencies and embassies to law enforcement and various government agencies (and we are actually inspired by their requirements), we have a different approach, since our main users are primarily interested in knowing if, when and for how long their phones are being tapped. Therefore, XCell devices use active measures for the best possible protection and only resort to passive protection in certain cases (decided by the user).

Our approach when it comes to privacy and mobile security is significantly different: instead of blind encryption, we provide the user with the unique ability to detect the tapping and how long it is active. We strongly believe that knowing when and for how long your phone is being tapped is a huge advantage over encryption solutions, as you and only you have control over the information extracted by tapping your phone conversations (through tampering or deception).

In today's market, there are a variety of devices that allow you to encrypt your conversations. Although using encryption to protect your privacy is a wise decision, this method also has its drawbacks:

A. You never know if the encryption you are using is actually trustworthy, and there is no reliable way to verify it. Most developers of encryption applications do not make the source code public. There may be backdoors (and most of the time there are) that are used by law enforcement agencies.

Sneaking a backdoor into a cryptosystem doesn't even require the active cooperation of the device manufacturer. It only takes one bribed programmer to compromise an entire product.

Some crypto device manufacturers have a track record of covert cooperation with intelligence agencies and interested private individuals. Some of them do not even use publicly vetted and standardized crypto algorithms (such as Diffie-Hellman, SHA256, AES, and Twofish), but use "proprietary" encryption methods that are not available for public evaluation. Several "proprietary" crypto algorithms that have not been publicly verified have proven easy to crack in the past, such as the COMP128 algorithm used for authentication in many GSM networks, so the "proprietary crypto" approach must be considered very risky.

B. Using such devices can make you look suspicious and attract unwanted attention. A crypto phone is a ringing bell that attracts unwanted attention from the very people you want to avoid.

C. If you are targeted by an intelligence agency, encrypting your calls and messages does not mean you are 100% protected from interception. Think about it: Will they drop you just because you use encrypted communications? No, they certainly won't. Since it's a challenge for them, they'll find other ways to get the information they need. Sure, for a little while, your secrets will... will remain secret. But any decent government agency will always find security loopholes to get the information they need about you by any means necessary.

By encrypting your phone calls, you are telling them that you have something important to hide, and you are forcing the authorities to use other ways to gather information.

D. An encrypted call is not as... encrypted as you think. Even if you use a crypto phone, the GSM operator or entity running a GSM interceptor can find out quite a bit of information, such as:

  • The number you dial and the number that calls you. So they can find out the location of the caller and even their true identity. It's just a matter of time. You can (and will) tap his cell phone to find out who it is and what your relationship is with him.

  • The length of the conversation, with time stamp.

  • Your location at the time of the call.

  • Their geolocation at every single moment, through some simple and effective triangulation techniques.


Other proven crypto phone vulnerabilities:


  • Some GSM eavesdroppers can perform a DoS attack on your crypto phone, making the phone unusable for any length of time. This happens when the crypto phone uses a GPRS/data connection to transmit encrypted voice.

  • Many modern GSM interceptors can downgrade your crypto phone connection from 3G to 2G by simply jamming the 3G uplink frequencies, which is a standard practice. This causes many crypto phones that use data connections to fail and become unusable.

  • With the help of the network operator, the IMEI of the phone can be locked in the network.

  • A GSM interceptor can perform a DoS attack on a BTS by continuously sending RACH bursts to all phones in the given area. This affects all mobile phones, including crypto phones from a given area.

So, even if you use a crypto phone, your phone number and the identity of the person you are talking to on the phone, your exact locations, communication patterns, etc. are not protected at all. They won't know what you're talking about, but they will know when, for how long, where, and with whom. Sure, the phone call itself usually can't be decrypted in a reasonable amount of time. But the above information can (and will) be used to find out your secrets in the end.


For this reason, crypto phones can only be used as secure communication devices for a short time. In fact, being predictable is one of the worst choices on the battlefield of intelligence. And using a crypto phone means you are more than predictable.


XCell products do not compete with any crypto phones as we have a slightly different approach and vision regarding mobile security.

Do not assume that your secrets will be hunted all the time by different instances. This will not be the case. Find out exactly when you are a target and for how long. Be smart and use XCell Stealth Phones to your advantage: if you know if/when someone is listening to your phone conversations, you can let them know what you want them to know about you. Smarter than scrambling your calls in most cases. Only with XCell Stealth Phones you are in control of your mobile communications and know about any wiretapping attempts.

Now we are sure that you understand the great advantages of using an XCell device compared to crypto phones: You will always be one step ahead of your enemies and make the right decisions at the right time. The phone will alert you to real threats in real time, giving you the ability to exploit this advantage at will. This kind of advantage cannot be achieved by using a crypto phone, and that is the reason why many professionals use XCell devices on a daily basis. In fact, the entire project was inspired and vetted by security and intelligence professionals who are also our main customers.


No special SIM required

Unlike other "secure phones", no special SIM card is required to perform the special functions. Any normal SIM card is compatible with XCell Stealth Phones.

Please note that with the exception of XCell Basic v3 3G (both Regular and Advanced versions), XStealth Lite and XStealth (which are all 3G compatible), all other XCell Stealth Phones require a 2G SIM card and a 2G cellular network. Please check with your GSM provider for 2G coverage in your area.

A special note for MVNO Sim cards: We do not recommend the use of a MVNOSIM, but a SIM issued by a MNO-company. Here is why:

An MNO SIM is issued by a mobile network operator such as T-Mobile, Vodafone, Orange, etc. An MVNO SIM is issued by a Mobile Virtual Network Operator such as Lebara or Lyca Mobile.

MVNOs (Mobile Virtual Network Operators) are service providers that do not own the GSM (mobile communications) network infrastructure over which they offer services to their customers.

An MVNO company enters into a commercial contract with a mobile network operator (MNO) to obtain bulk access to network services at wholesale prices and then sets retail prices independently. Each MVNO does not have its own radio network, which leads to network connectivity problems, especially during peak hours and when the network is congested. Because of this, advanced features (special functions) that require very specific phones (like XCell) may not work properly or at all.

Prioritisation is another thing: prioritisation means that an MNO operator identifies which phones using the network are doing so through an MVNO, and gives priority to their direct customers. There can only be so many phones connected to a cell tower at any one time, and they keep switching on and off to make sure everyone gets their turn. We've all probably been in a place where a lot of people were using their phones and the service got really slow - that's because the lines to get your turn were long and you noticed the wait.

When extreme situations occur (network congestion), MVNO customers may experience even slower service as direct customers are given priority. For example, you can see prioritization in action in shopping malls during national celebrations, music and sporting events, and so on. There are a lot of people crammed into a four-block area, and everyone is on their phones. People who pay an MVNO directly for service have very poor service. People who use an MVNO have virtually no service.

Local congestion on the local cell tower, potentially triggering localized bandwidth management policies - the result is clearly a very poor experience for MVNO members in the area. This also affects the specific capabilities and features of the phone.

The special functions of XCell Basic v3, XStealth Lite and XStealth are not affected by MVNO SIM cards.

A list of European MNO companies, here.

A list of the thirty largest terrestrial mobile network operators in the world, here.

Anonymous SIM card?

There are no anonymous SIM cards, only scams going on. Learn more on our blog.

Last but not least, test your crypto phone, now!


Test No. 1: Network test via emergency call

Are you using a crypto phone? Then you can test it right now. You don't need any special knowledge, software or expensive hardware.

Just remove the SIM card (if you have one) and call any local emergency number (e.g. 112 or 991) or, if you have a modern mobile phone, just press the emergency button. It works, doesn't it? Are you surprised? You should also think about the security of your phone. This is what crypto phone manufacturers and retailers are hiding from you.

Here's why:

As soon as you switch on your "secure" mobile phone, the phone's radio modem is active. There is no other way. An active radio modem means that your phone can "see" the surrounding cell towers to possibly make emergency calls. It also means that all surrounding cell towers (up to 6, from all carriers!) can "see" your "safe" phone to make emergency calls. The cell tower that handles your emergency call and that your "safe" phone connects to is the closest one. This is how your emergency call is handled: Your "secure" cell phone sends a registration request to the network, providing its IMEI and (if inserted) SIM-IMSI. There is no other way to make a phone call, even without a SIM. You can make emergency calls without a network signal. If your phone loses signal from your provider's network, it automatically connects to the strongest network it can find to enable emergency calls.

From this point on, your "secure" mobile phone becomes easy prey: phone IMEI and SIM-IMSI (if a SIM card is inserted) are stored at the network level and are available not only to the network operator but also to law enforcement agencies. In addition to your phone's identification data (IMEI and IMSI), your phone's geo-location is also disclosed and made available to the aforementioned agencies.

Please note: No call to a local emergency number is required for IMEI/IMSI acquisition. As soon as you switch on your mobile phone, the radio modem sends requests to the nearest cell tower. As a result, your phone's IMEI is revealed and stored on the network's HLR/VLR servers, where it is available for location tracking or call interception.

According to this, the sky is the limit: Abusive government agencies (and sometimes skilled hackers) can invade your "secure" cell phone and install a wide range of spyware that bypasses all known antivirus programs. This is how FinSpy (a government-grade spy tool) gets installed on your "secure" cell phone. Please note that none of this is required to make an emergency call, just turning on your phone is enough.

Sure, you can put your "safe" cell phone in flight mode, which turns off the phone's wireless modem. But this will also turn off WIFI and data connections, making your "safe" cell phone worthless.

Are XCell Stealth Phones immune to remote spyware installation?

Yes. We have removed or quarantined the SIM toolkit vulnerability (depending on the phone model) while blocking app installation directly at the firmware level.

Learn more

Test No. 2: Install software

Whether you like it or not, it's time to find out if your secure phone is vulnerable to government spying programs. It doesn't matter if you've turned your regular cell phone into a "secure" phone by installing various "secure" apps like Silent Circle, Signal, or Telegram, or if you've bought a ready-made "secure" phone from a well-known web store. From the perspective of such spyware, (almost) all phones are the same.

You don't need an antivirus program to check your phone's security vulnerabilities. You don't need a purpose-built app to reveal your phone's security vulnerabilities. You also don't need a deep understanding of GSM stack, mobile phones, cryptanalysis and programming. All you need is to have your phone in your hands. So let's get started.

Try to install any compatible app on your "safe" phone. Whether it's from Google Play, App Store or on your SD card or in the phone memory. It doesn't matter. All that matters is just the result of the installation: if you were able to install a compatible app on your "secure" phone, it means that your phone failed this simple security test. That's all you need to know. And remember, your "secure" phone is good for nothing. Not to mention, your privacy is just a false sense and not a real situation. Here's why:

Government-grade spyware can be installed remotely on virtually any mobile phone (Android, iPhone, BlackBerry, Windows Mobile, Symbian, etc.). And it's usually installed remotely because there aren't that many field agents who can trick you into picking up your phone unless you're a high-value target. This can be done remotely with your "secure" phone in your own pocket. And no, they don't need any interaction from the phone user to complete the spyware installation. If they need to, they trick you, just like the Italian government and private companies did with the help of the Italian network operators when they installed Exodus on people's phones: they pretended that the user had to install an app that would fix the phone's network connection, which was actually spyware installed by the network operator itself. All this after the same accomplice, the network operator, refused to allow the phone to connect to the network, just to make sure that the phone's user would happily install the "solution" they had smuggled in. More on Exodus, here.

If you can install any app you want on your "secure" phone, then abusive state actors can do the same thing remotely, whenever they need to, without your help or knowledge, and without your consent. Which is deeply illegal without a warrant, but that's just a small thing these days, unfortunately.

Here's the worst part: not only governments, but also a few skilled hackers can remotely install a spy app on your phone. This can be done by injecting code into an existing app on your phone, which is then pushed as a legitimate app update. Just one example, here:


Not even notoriously encrypted phones are immune to this attack. A few years ago, an average Joe posted a short movie on YouTube demonstrating how a well-known app used for encrypted corporate communications - GoldLock - could be defeated by a cheap commercial spy app called FlexiSpy. Since he had the phone in his hands that already had GoldLock installed, he also installed FlexySpy on the same phone. He started an encrypted phone conversation with another GoldLock phone. The entire conversation was recorded by FlexySpy in plain text, as FlexiSpy grabs audio directly from the microphone even before GoldLock goes to voice encryption. Then, when the conversation was finished, it was automatically sent by FlexiSpy over WIFI or data connection to a server where it could be listened to by the user's personal account. Simple, efficient, and embarrassing for a top-notch encryption app. You can run the same test at any time.

For some reason, the video was removed from YouTube, so we can't post a link. Also, no free trial apps from GoldLock have been available since then to avoid other similar situations.

And yes, the same thing can happen to your "safe" cell phone.


A special note for feature phones (also known as dumb phones), which we use as hardware for making a wide range of stealth phones: No sophisticated spyware application can be remotely installed on them due to the lack of an operating system. In fact, there is no spyware for dumb phones these days for one simple reason: almost no one uses them, a situation that doesn't fit with mass surveillance. To draw a parallel: It's like trying to install Windows on a calculator. However, a normal feature phone can be remotely monitored via a SIM toolkit attack or via SS7 eavesdropping systems like SkyLock and ULIN, which doesn't require an app to be remotely installed on the phone.


Now you know it's time to make serious changes to your approach to "secure" mobile phones.


Are XCell Stealth Phones immune to spyware remote installation?

No doubt about it: yes. We have removed or quarantined (depending on the phone model) the vulnerability in SIM Toolkit using SIM Toolkit Inhibitor, while blocking the entire app installation directly at the firmware level.


For more information on government-grade spyware, see here.

100% Legal

There are no legal restrictions on the use of the phone within the EU or anywhere in the world. Since the user can restore the original IMEI at any time, there are no legal problems. That is the reason why we give the user the possibility to restore the original IMEI.

Changing the IMEI permanently (without the possibility to restore the original IMEI) on a stolen mobile phone is something else from a legal point of view, which is considered illegal in some countries (which also apply an IMEI ban on stolen mobile phones), but this is not the case. You take no legal risk when you use one of our stealth phones. Buy with confidence.

More unique properties

No need for 2 XCell Stealth Phones

No two Stealth Phones are required to make secure voice calls and send secure messages. In addition, XCell Stealth Phones can send and receive secure calls and messages to or from any normal mobile phone due to continuous network scanning.

If you want to send and receive military encrypted messages, then you need to use at least 2 XCell devices. The good news is that our programmers can install up to 4 apps for you on XStealth Lite and XStealt (Android Ultra Secure Stealth phones) that allow the user to exchange encrypted messages and make secure calls to any other Android device.

Immune to SIM Toolkit Attacks

XCell Stealth Phones are immune to. SIM Toolkit Attacks, which are used by both hackers and law enforcement to execute commands on the target phone via the SIM card. SIM management filters have been added to prevent SIM toolkit attacks.

Immune to FinSpy

XCell Stealth Phones are immune to FinSpy, one of the most effective government spyware used today. More Here.

Immune to Exodus

XCell Stealth Phones are immune to the government spy software Exodus, a product of eSurv. More here.

Immune to Pegasus

XCell Stealth Phones are not affected by Pegasus, a government spyware developed by Israel-based NSO Group. More here.

Immune to viruses

XCell Stealth phones are secure by default. Firmware files that manage and enable software installation are permanently removed. No antivirus is required as no apps or executables can be installed even by the phone user. No remote exploits can be executed directly or indirectly for XCell Stealth Phones via the SIM Toolkit.

responds to ULIN

The ULIN interception system is one of the latest interception solutions based on old SS7 vulnerabilities. XCell Stealth Phones detects and prevents such interception. More here.

reacts to Hydra

Hydra is another SS7 interception and monitoring solution developed by HSS Development. As with any SS7 threat, XCell Stealth Phones trigger alerts for call interception, SMS interception, and location tracking. More here.

responds to SkyLock

SkyLock, Verint's first SS7 surveillance and tracking system, has been sold in more than 130 countries. XCell Stealth phones have been extensively tested on SkyLock and have a 100% success rate. More here.

Human errors are not allowed

At the user's request, we remove the phone's camera, GPS module (if any), internet connection via WIFI and data connection, and even the phone's microphone if necessary. In this way, no human error can compromise the security of the phone and the privacy of the user.


Effective tamper protection mechanisms are installed at both software and hardware levels. Hardware tamper resistance is resistance to tampering (intentional malfunction or sabotage) by normal users of a product, package, or system, or by other users with physical access to it. Using software tamper-resistance techniques, a firmware can check itself and verify whether the code has been changed. We refer to these techniques as self-checking, where the binary code of the protected software is literally read using special functions called checkers.

Tamper proof battery

A cell phone battery contains up to 4 microcells. When intelligence agencies intercept the package containing your new phone, they replace one of the microcells with a tracking device powered directly by the remaining microcells before delivery. In addition, the phone user always charges the battery before it is discharged, keeping the tracking device alive.

We use single cell batteries that do not allow microcell replacement.

Forensically bulletproof

The latest XCell Stealth phones use anti-forensic filters at both the software and hardware levels. No system files may be read, copied or modified in any way. Firmware cloning is not possible via service boxes. Volatile USB filters are installed that trigger a self-nuclear mechanism whenever the phone is connected to any external device other than the paired charger. No powerbanks are allowed and it will not charge from a PC / laptop. If you would like us to allow charging from other devices, please contact us before shipping.

Self-nuclear mechanism

Once the phone is connected to any external device other than its own paired charger, a self-nuke mechanism is triggered which destroys the entire motherboard and all confidential data stored on your phone. Only a motherboard replacement will solve the problem.

Please note that the memory card is not affected by the self-nuke defense mechanism. All stored data can be read at any time. For this reason, we do not recommend using a memory card.

Coupled charger

All XCell Stealth phones come with a paired charger. Using another charger, power bank or connecting to an external device will trigger a self-nuclear mechanism. No chance to recover the phone.

No OTA updates

Most "secure" phones and apps these days request a software update from time to time, which is essentially not a bad thing. The main problem is that fake software updates can be performed by skilled hackers or abusive law enforcement, tricking the phone user and installing spyware without user confirmation or consent. This is because a malicious app or code execution can easily be masked as a software update and easily installed remotely on the phone. This is how law enforcement agencies gain access to phone data remotely. This is an example: https://www.youtube.com/watch?v=h98KtUgUOsg

With XCell Stealth Phones, the phone user has 100% control over their own phone. No OTA (over the air) updates are allowed through security filters. Even we as the manufacturer of XCell Stealth Phones cannot push firmware updates, as the phones are not connected to any servers at all for maximum security. This was (and still is!) a special requirement coming from our main customers.

For Android Ultra Secure Stealth Phones, we've even blocked updates for apps that are installed on the phone at the request of the buyer.

And another thing: the way cell phones (whether smart phones or feature phones) are tapped hasn't changed in decades: The same old technologies are used

- IMSI Catcher/GSM Interceptors and SS7 Lawful Interception. Both methods use the same cellular network vulnerabilities and specifications, whether 2G, 3G, or 4G. There is no upgrade to the interception technique when it comes to calls and messages. This is exactly what XCell Stealth Phones detect and block.

Sure, significant advances have been made in VPN and IM interception, all based on data extraction. Here comes our new flagship products - XStealth and XStealth Lite - capable of blocking such interception attempts.

Free test tool

No "secure" phone or crypto phone provides its users with a testing tool to test its security. This way, no phone user can actually test their own "secure" phone because trust is the main thing instead of testing.

Since we don't allow our users to trust only what we say and sell, we provide a free testing tool called XPing Tool that is compatible with XStealth Lite and XStealth and is available right after purchase.

Secure shipping

We use tamper evident seals when we send our products to buyers, both on the phone box and on the shipping box. In this way, we avoid the interception of packages that usually occurs when shipping to countries with non-democratic regimes.

In addition, our backbone shipping system is based on international carriers who act as the man in the middle between our company and our customers for maximum security and privacy.

Want to know more?

All Stealth Phone special features explained for beginners and average users.