There’s much less to choose between Android and iPhones these days, but most users assume Google does more following than leading—well, not this time…
Google has just revealed Android 15 Beta 1, and one update stands out from a security and privacy perspective—especially because it’s something not even recent iPhones can match. There’s a hardware component here—so while we can expect this to come to Google’s Pixel, Samsung and other device owners will have to just wait and see.
As I previewed last month, Google is taking privacy to the next level with a defense against secretive cellular tracking and intercept technologies. This is delivered by way of an interface between the cellular radio modem and Android’s OS, which requires the phone’s OEM to include a compliant modem and the necessary OS interface.
This is a weak spot on smartphones. Once a cellular channel is opened, the device is programmed to use it openly. Devices connect to multiple towers and sample connection strength to optimize performance. Interception tricks a device into leaving its legitimate network and connecting to a local radio network that presents a strong, available signal. Traditionally, such platforms have relied on insecure 2G comms to which all devices would fail over as their conops. But that’s a relatively easy door to shut and for a savvy adversary to spot. Newer options maintain 4G.
Android’s new cellular defense comes in two parts—albeit with broadly the same goal. First is a user warning when a network repeatedly pings a device for its IMSI phone or IMEI SIM identifier. While this isn’t unusual occasionally, frequent pings might suggest an attempt to track the phone or to knock it over to a less secure network.
This is where the second part of this update kicks in—restricting cellular connections to encrypted only. Where cellular intercept platforms knock phones from public networks to high-powered but localized alternatives, the encryption is removed or materially reduced to enable potential interception of calls, data and texts.
Google has dabbled in such security features all the way back to Android 12, largely by preventing devices from failing over to low-level cellular comms with limited encryption, but these settings were not user-friendly and little understood. Google is now putting this type of defense front and center, and that’s the game-changer.
Apple provides 2G blocking on iPhones—which defends against legacy “Stingray” intercept devices, which knock phones down to a pretty much unencrypted 2G comms channel—but this is only done in its ultra-secure Lockdown Mode. EFF described this as “a huge step towards protecting iOS users from fake base station attacks, which have been used as a vector to install spyware such as Pegasus.”
Newer intercept platforms work on 4G and present a different level of challenge for counter-eavesdropping capabilities. 5G on the other hand offers much better device security; albeit with phones continually bouncing between 5G and LTE, knocking a phone down from a 5G connection is very doable and unlikely to raise user concerns.
Pixel users can look forward to seeing these features once Android 15 hits the streets. Ordinarily I’d expect Samsung to follow suit—but maybe not. EFF has criticized Samsung in the past, for “not taking any steps to include the 2G toggle from vanilla Android… failures to act [that] suggest Samsung considers its users’ security and privacy to be an afterthought. Those concerned with the security and privacy of their mobile devices should strongly consider using other hardware.”
More details will emerge as Android 15’s release gets closer—but Google’s security and privacy advances really do look like being one of its headline acts…
