I'm not sure if it is exactly GPS at work.

There are cellular sites (or relay stations) at various spatial points by which a particular cellular number can be located citing "At the vicinity of ___ street, ___ city" and this works when the cellular phone owner authorizes such a query by another within the same cell service provider. I think it is the relative distance of the cellphone from a given number of cell sites/stations that enables the immediate location identification.

If the other cell user can query another (of course, subject to prior authorization), then the service provider itself can track a particular cell unit at will.

BTW, this reminds me of the hacker tracking done in the US sometime in 1988-1990 where the hacker has been using a cellphone to link to the Internet. The hacker was located and subsequently nabbed at the precise location of the cellphone but I would presume that the system then was still analog since the article said something about azimuth which is all about RDF application.

Backdoor would be possible given the presence of cellphone virus particularly for those using multimedia messaging service capable units (e.g., Nokia 6600) and the proliferation of Bluetooth users. One nasty virus reported by the media is CommWarrior that drains the account by sending MMS to those listed in the directory.

Of course, if one is interested only in a particular cellphone, it would oblige a hacker/tracker to take the virus into a higher stage, right?