Adamya Sharma / Android Authority
long story short
- Android 15 will warn you when you connect to an unsecured network or try to log your device ID (such as when connecting to a “stingray” device).
- A stingray is a malicious electronic device that mimics a cellular network so it can trick your phone into connecting to that network.
- Stingrays collects your device’s unique identifier and attempts to intercept your text messages and phone calls.
When you use your smartphone to send text messages or make calls, you have to trust that your carrier isn’t snooping into your communications. But what if your phone is connected to a cellular network that doesn’t actually belong to your carrier, but to a malicious third party? This is what the Stingray device takes advantage of. Stingray mimics a cellular network so it can trick your mobile device into connecting to that network, allowing it to collect your device’s unique ID for tracking purposes or switch your device to an unsecured connection to intercept text messages and calls. . To protect users from such attacks, Google has added new security features in Android 15 that will warn you when a cellular network collects your device’s unique ID or uses an unsecured connection.
Like a real cell tower, Stingray collects your device’s International Mobile Subscriber Identity (IMSI) and International Mobile Station Equipment Identity (IMEI), two unique identifiers that identify your device’s SIM and the device itself, respectively. Using IMSI or IMEI, Stingray operators can identify and locate your specific device for analysis. They can also try to force your device to connect to it using an older or unencrypted protocol, allowing them to easily intercept your communications.
Stingrays are popular among law enforcement agencies because they can covertly collect data on criminal suspects, but they are also used by malicious state actors to spy on journalists. Additionally, they put personal privacy at risk because there are few protections against them. That’s why Google has been working on updating Android to prevent devices from sending text or voice data over old or unencrypted protocols.
For example, in Android 12, Google added support for disabling 2G connections at the modem level. Google followed up in Android 14 by adding support for disabling connections that use cellular null ciphers, a form of unencrypted communication. According to Google, using empty passwords on commercial cellular networks puts users at risk because they expose their voice and text traffic to “trivial wireless interception.” The company also said there are commercial stingrays that can trick devices into downgrading their connections to empty passwords, allowing their traffic to be intercepted.
Source: Cellular Radio “Null Ciphers” and Android, by Yomna Nasser
While Android 14 introduces the ability to disable support for cellular null ciphers at the modem level, the feature is not available on all devices as it requires support from the modem vendor. Additionally, users need to be aware of the existence of this feature, which is currently hidden under SIM settings on supported devices. To better protect users, Android 15 can proactively alert users when the network logs their device’s IMSI or IMEI and when the network attempts to change the encryption algorithm.
In the latest Android 15 Developer Preview 2 build, I discovered strings related to notifications that may appear when accessing device identifiers. This notification tells the user that the network “recorded your device’s unique identifier (IMSI)” X times within a specific time period.
code
<string name="scIdentifierDisclosureIssueSummary">"A network on the %4$s connection recorded your device's unique identifier (IMSI) %1$d times in the period between %2$tr and %3$tr."</string>
<string name="scIdentifierDisclosureIssueTitle">Device identifier accessed</string>Android 15 can only disclose your device’s unique identifier when it is accessed on a specific device. The device needs to have a modem that supports Android 15’s new Cellular Identifier Disclosure Transparency Hardware Abstraction Layer (HAL) API. These hardware APIs allow the modem to notify the operating system when the network requests the device’s IMEI or IMSI or when the network uses a new encryption algorithm for a voice, signaling, or data connection attempt. The operating system can then send the user the above notification, disclosing that the network has accessed their device’s unique ID or is trying to downgrade it to an unsecured connection.
Cellular transparency is currently disabled by default in Android 15, but the operating system may issue a notification asking users to check their Cellular Security settings.Clicking this button will take the user to a new page Settings > Security & Privacy > More Security & Privacy. This page will contain a switch to disable or enable security notifications that notify users that their device’s IMSI or IMEI has been accessed. The page may also contain a toggle switch for “Require encryption,” which will disable modem-level null-encrypted connections on supported devices.
code
<string name="scCellularNetworkSecuritySummary">Review settings</string>
<string name="scCellularNetworkSecurityTitle">Cellular network security</string>I’m not sure which devices will support this cellular transparency feature or when it will launch, but we could see it as early as Android 15 Beta 1.