Yes, there's a lot of BS about what the letter agencies can do with electronic devices. I read some recently in a Guardian article, which ironically was trying to explain why old fashioned "wire taps" were no longer used. I have seen people claim phone can be tracked even without battery, that's impossible. I have worked on mobile phone software, so I know how it works.
People talk of "GPS tracking", but the GPS signal is receive only. It requires normal radio comms to transmit location (3G, wifi etc).
Normally, when a phone is "off", the radio is shutdown completely, but the CPU is in a low power standby.
The way the exploit works is malware that presents a "fake" off state, so the users thinks it is off (dark screen etc), but actually the CPU is still running in normal mode, and the phone can transmit/receive. When in the fake off state, the phone obviously uses a lot more power, which can be a giveaway.
Installing the malware requires getting the user to download something, but this can be achieved by setting up a compromised cell tower, and pushing a "software update" required message to the phone. Clearly, there is a lot of work involved, but there is nothing impossible. The "fake off" hack is apparently also used on Samsung smart tvs.
Never underestimate old fashioned hacks as well, just send the victim a free USB stick disguised as a promotion gimmick and wait for them to plug it in...