Android 16 Will Tell You When Fake Cell Towers Try To Track Your Phone (androidauthority.com)
- Reference: 0178204970
- News link: https://tech.slashdot.org/story/25/06/27/1737221/android-16-will-tell-you-when-fake-cell-towers-try-to-track-your-phone
- Source link: https://www.androidauthority.com/android-16-mobile-network-security-3571497/
[1] https://www.androidauthority.com/android-16-mobile-network-security-3571497/
Sure it will. (Score:4, Funny)
Seems exactly what people running fake towers would want you to think.
Re: (Score:2)
These are not the towers you're looking for.
Well this won't go over well with governments (Score:3)
The police will probably have an apoplectic fit over this one. Kind of like how they hate it when security bugs are patched that ruin their spy software.
How are they supposed to spy on journalists if they can't spoof cell towers and hack phones?
Cat's already out of the bag (Score:2)
This is too little, too late.
It's already become common to set up cellular hotspots where even picocell sites can't reach. It's also become common to set up phone-over-carrier-wifi where phones will connect to an org's wifi network specifically set up through an org like Ameriband where calls and texts tunnel to the carrier, but data is offloaded to the host org's corporate internet connection and thus their policies. And DAS has been around for so long that I've seen systems lifecycle, and then the lifec
Not for everyone, but crucial for a few (Score:2)
It's easy to dismiss fake cell towers as tin-foil hat stuff — until you read the court filings. Stingrays (aka IMSI catchers) are real, widely used by law enforcement, and rarely disclosed to the public. They're not some hobbyist-grade hacker toy — they're high-end surveillance gear.
What Android 16 is doing isn't magic; it's giving users visibility into when their phone gets bumped onto a sketchy, unencrypted channel — something that has real privacy implications, especially for high-risk
Will cause confusion more than anything (Score:2)
What is a user supposed to do with this information? Femtocells are common in many public places that where large numbers of people gather such as stadiums and malls. I doubt Google can easily tell the difference between these and a device such as a Stingray. Then there are places like the airports in D.C. where there are far too many people playing "spy" and your cellphone is in a frantic spasm of "catch and release" as the operators of the various cell site simulators decide your phone is not the droid
Re: (Score:2)
> Femtocells are common in many public places that where large numbers of people gather such as stadiums and malls. I doubt Google can easily tell the difference between these and a device such as a Stingray.
Femtocells are typically provider locked and should not break encryption. The ones in stadiums and malls should look identical to the ones on towers.
Re: (Score:2)
The cell phone standards only mandate encryption between the user equipment (UE, e.g., the cell phone) and the LTE base station (eNodeB). Basic text messages are never encrypted as they are just extra bytes on a control packet. Any encryption on the network is generally hop-to-hop. There is no need to "break encryption" if you are a base station man-in-the-middle. The cell network's security focus is on making sure the correct providers get the correct cut of the cost of the connection.
Re: (Score:2)
I'm certainly no expert, but doesn't setting up a MitM require a downgrade to broken GSM ciphers to extract the device key?
Will Android 16 display a permanent red alert... (Score:2)
... reminding the user that the Android maker itself tracks your phone all the time? And that the cellular phone networks also track the phone all the time, and will sell your location data to whomever is willing to pay enough? And that the fines for doing so are much lower than the profits from selling that data?
Re: (Score:2)
(Should have added this link to my above post: [1]https://therecord.media/fcc-fi... [therecord.media] )
[1] https://therecord.media/fcc-fines-carriers-selling-customer-data
registered-only list. (Score:2)
Why don't telecons maintain a database of legitimate towers and send an updated list to one's phone every week or so? If you ride out of the area, a new list for the new area is downloaded just before you reach the boundary. (There might be special "starting" towers the world over in the local list.) The phone should only attempt communicating with towers in the database.
In emergencies such as 911 one could override that protection upon user confirmation.
Or do they spoof legitimate towers also? Seems they c
Re: (Score:2)
If they accidentally forget to put a tower in, they're gimping themselves -- not to mention some companies do cross-sharing agreements which would need to sync. Most people won't be affected by Stingray like devices or fake towers. I bet even after this, most people won't even notice a difference.
Re: (Score:2)
> If they accidentally forget to put a tower in, they're gimping themselves -- not to mention some companies do cross-sharing agreements which would need to sync.
All the more reason becoming a certified legitimate cell tower should be quite the documented process, along with sustaining a more centralized list of registered legitimate towers that include hefty fines for lack of accuracy.
> Most people won't be affected by Stingray like devices or fake towers. I bet even after this, most people won't even notice a difference.
Most people won't be falsely accused of a crime either. But when it does happen to someone, it's not exactly something you brush off and forget about in the manner you just described.
Re: (Score:2)
> If they accidentally forget to put a tower in, they're gimping themselves
Who is "they"? The vendor would set up phones initially and test them. If by chance the phone can't find ANY usable towers, the phone can prompt the user for the option of having their phone ignore the registry (along with a stern warning).
Not a show-stopper, just need a decent Plan B.
> not to mention some companies do cross-sharing agreements which would need to sync.
I don't see why that's a problem. Vendors can include all registered
Re: (Score:2)
> As many others have told you before, please get psychological help!
> On top of that, as usual, you have absolutely no idea what you are talking about from a technical standpoint. You are simply trolling America from Asia where you live again!
Please listen to yourself, those people were talking to you. Joe Biden is not in the room with you right now.
Re: (Score:1)
> The primary use of fake cell towers for tracking is police.
There is no law requiring you to carry your cell phone when leaving your residence. What now, police?
Ignore this troll (was Re:Because cops) (Score:2)
> The primary use of fake cell towers for tracking is police.
You’re leaning on half-truth as a rhetorical crowbar, and it’s a tired move. You're not here to unpack power or push for reform — you're here to poison the well. By flattening the issue into “cops bad, tech bad,” you strip away the nuance that actually matters: the lack of oversight, the secrecy, the legal gray zones that allow these tools to be used without accountability. You're not exposing injustice — you’re a grandstanding troll, not a dissenter. Just go away
So I believe everything I say (Score:1)
And to be fair yeah I am kind of just screaming into the void at this point. Trump winning the election means it's all basically over. Democracy has been fundamentally undermined and it's extremely unlikely that it will survive the next 4 years.
But don't mistake bitter rage for trolling. Trolling is when I am trying to derail the conversation. I'm not I'm just fucking angry at you morons for setting fire to America because you hate trans kids or a terrified you're going to have a few too many beers, dro
Re: (Score:2)
Phone-to-provider encryption seems like a better option. The only unencrypted information to start with would be your provider's ID, so your traffic is routed to their systems for decryption. Basically... my best current guess for greater security? Give up your mobile phone number, use data and a VOIP app. Then the cops will have to get a warrant (assuming your VOIP provider worries about that) not only to know the content of your conversation, but even to know who you called.
You're never going to be ab
Re: (Score:2)
> Why don't telecons maintain a database of legitimate towers and send an updated list to one's phone every week or so? If you ride out of the area, a new list for the new area is downloaded just before you reach the boundary. (There might be special "starting" towers the world over in the local list.) The phone should only attempt communicating with towers in the database.
It’s a reasonable idea on paper, but cellular networks weren’t built with centralized tower authentication in mind — especially not legacy protocols like 2G and 3G, which are still widely used as fallbacks. Tower IDs aren’t verified cryptographically, and there’s no authoritative global list to push to phones in real time. Tower infrastructure changes constantly due to roaming agreements, maintenance, emergencies, and temporary deployments. A weekly "known good" sync would be
Re: (Score:1)
> It's a reasonable idea on paper, but cellular networks weren't built with centralized tower authentication in mind -- especially not legacy protocols like 2G and 3G
Okay, but they should require it for new or overhauled towers to start heading in that direction. Maybe give the industry a window of 5 to 10 years to add it.
Re: (Score:2)
> Why don't telecons maintain a database of legitimate towers and send an updated list to one's phone every week or so?
That's how it used to work, although the update frequency was much less than 2 weeks. If you didn't update, you could even lose connectivity. And it was not transparent: you had to do something on your phone that disrupted usage, in order to download and install the tower update. They stopped doing all that, or made it totally transparent. It was probably too hard to keep their databases up to date.