The only way to secure a cell phone is to take its battery out. (Some of the new phones have batteries that cannot be removed.) Even without "Stingray" the phone itself is a potential snitch. When the battery goes back in, the location of the phone can be detected. All the data stored on it, and all the activities of the phone, are accessible to the carrier.
The carrier can update the software at any time. My AT&T Android automatically updated its software today. It did not ask permission. It just said, you cannot and will not do anything until this updating is finished.
The PTB could "ask" carriers to put spy software into a suspect's phone or into all phones. There are rumors of software that causes the phone to act as a bug, transmitting to the eavesdroppers everything the microphone picks up, even when the phone appears to be turned off.
"Fully half the quotations found on the internet are either mis-attributed, or outright fabrications." - Abraham Lincoln