The same thing could be acheived using a one-way hashed version of the mobile number, which removes the personal information and still allows the carrier to identify the handset customer.

There's no good reason to include the actual mobile number in the headers, internal or not.