There’s much less to choose between Android and iPhones these days, but most users assume Google does more following than leading—well, not this time…

Updated 04/15; originally published 04/12.

Google has just revealed Android 15 Beta 1, and one update stands out from a security and privacy perspective—especially because it’s something not even recent iPhones can match. There’s a hardware component here—so while we can expect this to come to Google’s Pixel, Samsung and other device owners will have to just wait and see.

As I previewed last month, Google is taking privacy to the next level with a defense against secretive cellular tracking and intercept technologies. This is delivered by way of an interface between the cellular radio modem and Android’s OS, which requires the phone’s OEM to include a compliant modem and the necessary OS interface.

This is a weak spot on smartphones. Once a cellular channel is opened, the device is programmed to use it openly. Devices connect to multiple towers and sample connection strength to optimize performance. Interception tricks a device into leaving its legitimate network and connecting to a local radio network that presents a strong, available signal. Traditionally, such platforms have relied on insecure 2G comms to which all devices would fail over as their conops. But that’s a relatively easy door to shut and for a savvy adversary to spot. Newer options maintain 4G.

Android’s new cellular defense comes in two parts—albeit with broadly the same goal. First is a user warning when a network repeatedly pings a device for its IMSI phone or IMEI SIM identifier. While this isn’t unusual occasionally, frequent pings might suggest an attempt to track the phone or to knock it over to a less secure network.

This is where the second part of this update kicks in—restricting cellular connections to encrypted only. Where cellular intercept platforms knock phones from public networks to high-powered but localized alternatives, the encryption is removed or materially reduced to enable potential interception of calls, data and texts.

Google has dabbled in such security features all the way back to Android 12, largely by preventing devices from failing over to low-level cellular comms with limited encryption, but these settings were not user-friendly and little understood. Google is now putting this type of defense front and center, and that’s the game-changer.

Apple provides 2G blocking on iPhones—which defends against legacy “Stingray” intercept devices, which knock phones down to a pretty much unencrypted 2G comms channel—but this is only done in its ultra-secure Lockdown Mode. EFF described this as “a huge step towards protecting iOS users from fake base station attacks, which have been used as a vector to install spyware such as Pegasus.”

Newer intercept platforms work on 4G and present a different level of challenge for counter-eavesdropping capabilities. 5G on the other hand offers much better device security; albeit with phones continually bouncing between 5G and LTE, knocking a phone down from a 5G connection is very doable and unlikely to raise user concerns.

Pixel users can look forward to seeing these features once Android 15 hits the streets. Ordinarily I’d expect Samsung to follow suit—but maybe not. EFF has criticized Samsung in the past, for “not taking any steps to include the 2G toggle from vanilla Android… failures to act [that] suggest Samsung considers its users’ security and privacy to be an afterthought. Those concerned with the security and privacy of their mobile devices should strongly consider using other hardware.”

More details will emerge as Android 15’s release gets closer—but Google’s security and privacy advances really do look like being one of its headline acts…

04/15 update: Google’s defense against cellular tracking isn’t the only update which has just been previewed ahead of release, and which seems much more akin to something Apple would add to iPhone than anything Android would get first.

Perhaps the most iPhone-like new feature is Google’s location sharing hub. Again this was spotted by AssembleDebug and reported by PiunikaWeb. ”The new page,” it says, “enabled manually through an activity inside Google Play Service, suggests that users will soon be able to view and manage all their active location shares in Google services from a single, dedicated page within the Settings menu.”

Location sharing and the privacy implications when apps secretly ping user locations for no good reason has been one of the main data backlashes in recent years. During covid and various mass protests at about the same time, we saw the potential secret trove of sensitive data being shed by millions of apps in every city around the world. That has been locked down now—to an extent—with a focus on app permissions and near real-time updates on apps collecting GPS data.

The new hub goes further, “appearing to consolidate all of a user’s active location shares into one place, regardless of which Google app initiated the share. This would allow users to easily see who they’re sharing their location with, how long the share has been active for, and presumably, provide a way to quickly revoke those shares.”

The other notable security update impacts Wi-Fi and a user warning when connecting to networks with older, weaker WEP security. Mishaal Rahman reported on Telegram that, “Android 15 Beta 1 adds a new ‘allow WEP networks’ toggle under Settings… ‘WEP is an older security protocol that’s less secure’, the setting warns.”

As Phone Arena explains, “by default, Android 15 Beta 1 blocks connections to WEP networks. The new ‘Allow WEP networks’ toggle provides an override, but it includes a clear warning, stating ‘WEP is an older security protocol that’s less secure.’ This change helps users make informed decisions about Wi-Fi connections.”

This takes iPhone’s “Weak Security” Wi-Fi warning a step further, albeit that was introduced way back with iOS 14. It’s exactly the right move for Google to make, though, just as is encrypting web traffic or messages by default.

All told, Android is catching up…

Share.
Exit mobile version