Android 16 Adds Stingray Defense to Block Fake Cell Towers
Android 16 brings new security functions to protect against “fake” mobile phone masts. The so-called “Stingray” defense warns users of unencrypted networks and identity queries, but also needs new hardware.
Better protection against digital spies
Android 16 introduces new security functions that are supposed to protect users from a particularly insidious surveillance method: the so-called “Stingray” devices. These imitate mobile phone masts and can make smartphones in the area to connect with them. As soon as the connection is established, the fake radio masts can compensate for sensitive information such as clear device detections and even determine the location of the user.
The technology was originally developed for law enforcement authorities and military purposes, but can also get into the hands of criminals. A particularly perfidious feature of these devices is their ability to get smartphones to switch to older and less secure communication protocols such as 2G, which means that unencrypted messages and calls can be intercepted. As Android Authority reports, Google has been working on solutions for several years to protect users from these hidden surveillance tools.
With Android 12, the company introduced the opportunity to deactivate 2G connections at the modem level. Android 14 followed with the support for blocking zero ciffren – fully unencrypted communication – and Android 15 added the opportunity to notify the operating system if a network requests the clear identifiers of a device.
New security settings in the Safety Center
With Android 16, Google is now introducing a dedicated setting page for “mobile network security”. This will be found in the Safety Center under “Settings> Security & Data Protection” and contains two main areas: Notifications enable the system to warn the user if the device is connected to an unencrypted network or if the network requests the clear identifiers of the phone. This option is deactivated by default.
The second area includes the network generation with a switch for deactivating 2G, which is also switched off by default – identical to the switch hidden in the SIM settings. It is important to know, however, that these new security functions have special hardware requirements. You need a modem that supports version 3.0 of Androids Iradio Hal (hardware abstraction layer). That is why even current pixel devices with Android 16 will not be able to use these functions.
New hardware generation
The complete implementation of these protective measures is expected to take place only with the next generation of Android devices. Experts assume that Pixel 10 could be one of the first devices to fully support this technology. Incidentally, the term “stingray” comes from the Harris Corporation device of the same name, which was known as one of the first commercially available IMSI-Catcher. IMSI stands for international mobile subscriber identity and is a clear identifier for every mobile radio participant.
These devices are also referred to as “Cell site simulators” or colloquially as “cell phone tower”. They use a weakness in the GSM and LTE protocols: Smartphones automatically combine with the strongest available signal without checking the transmitter’s authenticity. Mind you, legitimate mobile phone networks have to occasionally access the clear identifiers of a device, for example when the device connects with them after leaving the flight mode. The network notifications therefore do not automatically prove bad intentions.
