Cellular phones have become a ubiquitous means of communications with over 5 billion users worldwide in 2010, of which 80% are GSM subscribers. Due to their use of the wireless medium and their mobile nature, those phones listen to broadcast communications that could reveal their physical location to a passive adversary. In this paper, we investigate techniques to test if a user is present within a small area, or absent from a large area by simply listening on the broadcast GSM channels. With a combination of readily available hardware and open source software, we demonstrate practical location test attacks that include circumventing the temporary identifier designed to
protect the identity of the end user. Finally we propose solutions that would improve the location privacy of users with low system impact.