Exploit weaknesses in the way cellular networks are designed, to create fake base stations, to which your phone connects. According to the National CyberSecurity Centre, this could lead to “access to all call content and metadata for all users on that base station”.
Not easy to mitigate the risk.
Analytics: Bluetooth and Wi-Fi
Because of the way in which a phone with Wi-Fi enable talks to wireless access points, generally pretty easy to extract information from devices passing by. Cheap and easy to do, and result in small pieces of hardware which can be battery powered and kept in a pocket, picking up details of phones in the area.
You could either stop the phone from automatically connecting to any Wi-Fi access points (even those which you “trust”), or else switching off Wi-Fi. Not great if you are trying to user Personal Hotspot or some other Wi-Fi tethering feature, so perhaps best just to use a cable.
Even getting cellular information over Wi-Fi May be able to get information about your cellular subscription too: some Wi-Fi operators offer access to users of particular mobile networks, and use a protocol called EAP-SIM to authenticate the device.
Again, switching Wi-Fi off when you are not using should mitigate this, and probably prolong your device’s battery life too. https://www.theregister.co.uk/2016/11/03/wifi_imsi_catcher/
Might not be conductive to the “always connected” way of working, but you could consider keeping your phone switched off, and turning it on when you need it.
For the extra paranoid?
Don’t keep your phone switched on when in it — likely to drain the battery pretty quickly.