Android 16 can warn you that you might be connected to a fake cell tower

There are many simple things you can do to keep your private information safe, like using strong passwords, scrutinizing app permissions, and only installing apps from trusted sources. However, some attacks are much harder to protect yourself against, as they’re so sophisticated and stealthy that they can happen without you ever noticing. One such attack tricks your phone into connecting to a fake, insecure mobile network, which is difficult for the average person to detect. Fortunately, the new Android 16 update has a feature that might be able to warn you when someone is using this tactic to snoop on you.

This type of attack uses a device called a “stingray.” An attacker sets up this device near a target they want to surveil, and it mimics a legitimate cell tower. The stingray tricks nearby mobile devices into connecting to it, allowing the attacker to collect unique identifiers (like the IMEI) and even force them onto an older, more insecure communication protocol. These identifiers allow attackers to target specific devices for analysis, while switching protocols can let them intercept unencrypted text messages and phone calls.

These “stingray” devices are notoriously used by law enforcement agencies, but their technology can also be acquired by malicious actors. While some argue they are a necessary tool for surveilling criminals, their potential for abuse is significant, as they can be used to covertly collect data on ordinary people. Because of this, Google has been working on ways to warn Android users or prevent them from sending communications over insecure cellular networks.

With the release of Android 12, for example, Google added support for disabling 2G connectivity at the modem level. In Android 14, the company followed up by supporting the disabling of connections that use null ciphers — a form of unencrypted communication. More recently, Android 15 added support for notifying the OS when the network requests a device’s unique identifiers or tries to force a new ciphering algorithm. These features directly counter the tactics used by commercial “stingrays,” which trick devices into downgrading to 2G or using null ciphers to make their traffic easier to intercept. Blocking these connections and notifying the user about these requests helps protect them from surveillance.

Unfortunately, only one of these three features is widely available: the ability to disable 2G connectivity. The problem is that implementing these protections requires corresponding changes to a phone’s modem driver. The feature that notifies the OS about identifier requests, for example, requires a modem that supports version 3.0 of Android’s IRadio hardware abstraction layer (HAL). This dependency is why these security features are missing on current Pixel phones and other devices, and it’s also likely why Google delayed launching the dedicated “mobile network security” settings page it planned for Android 15.

Since upcoming devices launching with Android 16 will support version 3.0 of Android’s IRadio HAL, Google is reintroducing the “mobile network security” settings page in the Safety Center (Settings > Security & privacy). This page contains two subsections:

• Notifications
  • This subsection contains a “Network notifications” toggle. When enabled, it allows the system to warn you if your device connects to an unencrypted network or when the network requests your phone’s unique identifiers. This toggle is disabled by default in Android 16.
• Network generation
  • This subsection features a “2G network protection” toggle that enables or disables the device’s 2G connectivity. This is the same toggle found in the main SIM settings menu, and it is also disabled by default in Android 16.

The “Mobile network security” page will only appear on devices that support both the “2G network protection” toggle and the “network notifications” feature. This is why it doesn’t appear on any current Pixel devices running Android 16, as they lack the necessary modem support for the network notifications feature.

When the “Network notifications” feature is enabled, Android will post a message in the notification panel and the Safety Center whenever your device switches from an encrypted to an unencrypted network, or vice versa. It will also post an alert in both places when the network accesses your phone’s unique identifiers, detailing the time and number of times they were requested.

It’s worth noting that legitimate cellular networks do need to access your device’s unique identifiers from time to time, such as when your device reconnects to them after exiting airplane mode, so the network notifications do not prove malintent. Android has no way of actually knowing whether a cell tower is real or not, so it’s simply providing notice to the user and letting them decide whether they should take action.

Now that Google has relaunched this security page in Android 16, it won’t be long before we start seeing it on devices. However, due to the Google Requirements Freeze (GRF) program — a policy that allows OEMs to lock in hardware-related requirements for devices at launch — it’s unlikely that any current devices will be updated to support the notifications feature. We will most likely have to wait for upcoming devices that launch with Android 16, such as the Pixel 10 series, to see this protection fully implemented.

This article was updated at 6:04 PM ET to clarify that Android’s “network notifications” don’t serve as true indicators that the device is actually connected to a fake cell tower, but rather as warnings to the user that this could be happening.