Credit: The original article is published here.
- Android 16 will include alerts for fake cell towers and suspicious networks
- Update detects ‘stingray’ devices which pose as cell towers
- Feature likely to arrive with devices that launch on Android 16
Not every mobile network is what it seems. If your smartphone unwittingly connects to a fake cell tower, it could expose your private data to interception. Fortunately, Google is doing something about it: a new security feature in Android 16 is designed to detect suspicious connections and warn you if someone is trying to eavesdrop on your calls and texts.
Cell mast simulators, known as ‘stingray’ devices, create a phoney (pun intended) signal which can trick your mobile into revealing your location and communications. It’s a tricky tactic that’s previously been undetectable to smartphone users. Until now, users have had a very limited toolkit to protect themselves.
To tackle the risk of silent spying, Google has developed a warning system which detects these rogue networks and flags when a connection is not what it seems. Expected to arrive with new Android 16 devices, it’s a background feature with big implications for privacy.
No more phoney towers
Stingrays work by mimicking cell towers. When a smartphone connects to the fake network, its operator can track the device and harvest data, including unique identifiers such as the IMEI. It can also transfer the device to a less secure network in order to intercept calls and messages – all without any indication to the targeted user.
A kind of IMSI catcher, stingrays are known to be used by law enforcement agencies. While they’re sometimes justified in the name of national security, they also have the potential for misuse, particularly if they fall into the hands of nefarious actors.
Stingray devices generally use 2G to target smartphones. Even if you’re on 4G or 5G, most phones can fall back to 2G. This built-in vulnerability can be exploited by stingrays: by broadcasting a strong 2G signal, they can trick nearby devices into connecting. Because 2G networks lack modern encryption standards and don’t authenticate towers, your phone can’t verify if they’re real.
Right now, the best way to protect yourself against stingray attacks is to disable 2G network connectivity altogether.
The Android 16 update adds another layer of protection. According to developer notes on the Android Open Source Project, it introduces ‘network notification’ warnings. Compatible phones will be able to detect when a mobile network requests the device’s identifiers or tries to force it onto an unencrypted connection. Both of these events will be flagged to the end user.
The feature can be configured under ‘Mobile network security’ in the settings menu, alongside the option to enable 2G network protection. The problem is that no Android phones actually have the hardware required to unlock the feature – not even the best Pixel phones. That’s why the setting is currently hidden.
As a result, it’s likely that the first Android phones with the ability to detect fake cell towers will launch later this year. There’s a good chance it will debut on the Google Pixel 10, which might just make it the most secure smartphone ever.