>Why would they be burning anything? They find you with the exploit and then use parallel construction to make arrests.

Same reason they don't burn 0days on low level drug dealers. The risk isn't that they have to reveal in court that they used some backdoor, it's that indiscriminate use of a backdoor eventually leads to it being discovered by security researchers.

>The location toggle does nothing to prevent your carrier (and by extension your government) from determining location from cell towers. If you trust there is no remote exploit, the minimum would at least include turning off cellular signals.

I specifically mentioned airplane mode in my previous post.

But those comments weren't just about location - everyone knows that triangulation based on cell towers is a viable option as long as you're connected to some. But they also claimed that airplane mode, which is supposed to disable most communications modules in your phone, including the cellular modem, would be ineffective at doing that. To me that seems to reach into "the US government can remotely turn your phone on" and similar kind of theories.

As for burning - if they really possessed these extra special exploits that allowed monitoring of even supposedly disconnected or disabled devices, each instance of its use would expose them to a slim, but nonzero chance of that exploit being discovered, especially if it required communicating with that phone directly. In this situation it would be wise to limit the use of this to actually important targets, to avoid revealing their advantage by using these unconventional methods (as opposed to normal cellular, wifi or GPS-based tracking) on random protestors.