This is to thwart tracking cell phone even while no call is in progress.

It is all too easy to build modest hardware that listens on cell phone control frequencies and notes who is where. While such collected data would be sometimes useful it is also too easy to abuse. The protocol I suggest here requires trusting the logic of the cellular base stations (cell towers) and the central site of the cell operator which is responsible for delivering routing information to establish new calls.

The cellular operator must almost certainly be trusted.

On a pre-established schedule, perhaps every 5 minutes as chronicled by the cell base stations, a new salt would go into effect. The location signal transmitted by the cell phone would be the hash of the cell and a secret shared between the cell phone and the central operator site. The salt need not be secret; it limits the ability of external agencies to correlate ID signals over longer time spans.

This may be impossible if unsolicited calls are supported. The attacker would initiate calls and do traffic analysis on the backhaul. If calls to a phone require a pass code by the call originator, this works.