There’s a lot less to choose between Android and iPhone than used to be the case. And while Google seems to do more following than leading, a surprise new update just revealed for Android has beaten Apple at its own game...
Android just dialed security up to 11
Updated 3/31; originally published 3/29.
Android and iPhone are coming ever closer together, and in recent weeks we have seen previews of iPhone features that Google is lifting for Android, including encrypted WhatsApp calls in phone dialer lists and satellite SOS messaging.
But we have also seen Apple move iPhone in Android’s direction, especially with the unexpected news that iPhone may use Gemini and Baidu generative AI instead of Apple’s own for the heralded chatbot functionality expected with iOS 18.
But nothing has prepared us for what Google also just revealed in its latest Android 15 developer release. In a surprise move that’s more iPhone than iPhone, it looks like Android may be taking privacy to the next level, with new devices able to hide their locations even from their networks.
Even more markedly, Google has also previewed a feature to protect devices from IMSI grabbers and intercept platforms. These are the technologies used by law enforcement and sometimes criminals to capture phone IDs and trick those phones into connecting to a copycat network, allowing calls and messages to be intercepted.
Android has played in this space before—but not like this. As far back as Android 12 and more notably in Android 14, devices were able to cut off low-level cellular capabilities that would drop a phone from encrypted to insecure comms. This makes it much harder to run an intercept, but the features have been buried and hard to find. What we’re about to see is this level of privacy hit the mainstream.
The catch is that both these updates require a new interface between the radio modem and the phone’s OS, because the IMSI grab and intercept are on the radio side not the OS side. Modems will need to be able to run the software interface, which means new modems. You’ll probably need to upgrade your hardware not just update to Android 15. It’s likely Google phones will get this first, but others will follow.
Mishaal Rahman discovered the update, explaining that grabbers and intercepts “are popular among law enforcement because they allow for the covert collection of data from criminal suspects, but they have also been used by malicious state actors to spy on journalists… they put individual privacy at risk because there are few safeguards against them. That’s why Google has been working on updating Android to prevent devices from sending text or voice data over older or unencrypted protocols.”
A device with a modem that supports the new technology layer will present a user warning when a device ID is captured by a network or connected to an insecure network without the expected level of encryption. This means a potential intercept, where the device is knocked off its usual carrier onto a high-powered and less secure local radio network mimicking the cellular carrier. All traffic is then routed through the fake network and either captured as its backhauled to the real network or cut off.
The network location information is different. Most location data we discuss when it comes to phones is device-centric. Your phone uses GPS and other technologies to locate itself. That can be shared with apps or friends, and we have seen multiple privacy updates to restrict apps accessing this capability, especially in secret.
The phone network can also ping your device and request its precise location, and it’s this feature that can be cut off unless there’s an emergency, for example you’re making a 911 call or sending an emergency text message.
As Rahman explains, while Android has already followed iPhone in providing more rigorous restrictions on app access to location data, “the OS can do little to prevent your carrier (cellular network) from getting your location. In Android 15, though, the OS might get a way to prevent your location data from being sent to your carrier.”
This won’t stop carriers using old school cell tower triangulation. Any phone connecting to as network can be located, as it pings multiple towers simultaneously and the location of those towers and strength of those connections enables a broad location to be derived. This isn’t pinpoint in the way we’re used to with GPS, but it does allow phones (and their users) to be placed in certain locations at certain times.
This is exciting stuff for Android users. We are now venturing into a new level of privacy and location masking, with some of the continued device vulnerabilities on the radio side being addressed. And while this will be welcomed by privacy advocates, you can bet that law enforcement agencies will be looking at what this means and how such defenses can be worked around as necessary. I would expect the emergency override may be triggered by law enforcement under certain circumstances.
Over to the modem OEMs now to see how quickly this technology makes its way into the radios, so the new Android software can step up its interface and controls.
Apple provides much wider location controls on iPhone than Android, including network search and enhanced emergency call information. But it has not yet raised the profile of those restrictions as we are seeing Android do here. I would expect a more detailed comparison between the two to come out, with the detail behind what a radio network can and cannot do on an iPhone and how the OS and modem interface.
And that’s what most interesting here—Google taking a lead in messaging and user transparency on the privacy front, ground that has always been Apple’s in the past.
As ever with this level of phone security and privacy, it’s good to have even if it won’t be a game-changer for the vast majority of users. But for journalists, politicians, celebrities, dissidents and protesters, this is a major advance in the improvement of personal privacy and data security and is as welcome as it is surprising.
3/31 update: Unsurprisingly, the news that Android 15 is bringing these new privacy advances has sparked interesting online debate. “It's great that Google is taking the hardware/software security link more seriously,” one Reddit user posted. “This still does not stop SIM swappers or anyone else from directly targeting you. It just moved the bar for dragnet radio surveillance much higher. Which is always good.”
The question on iOS comparisons has also come up. We know that iOS 17 introduced the same type of 2G blocking that Android launched as a more basic precursor to these new technologies. But only in Lockdown Mode. EFF welcomed this as “a huge step towards protecting iOS users from fake base station attacks, which have been used as a vector to install spyware such as Pegasus.” But, as the name implies, Lockdown Mode is for specialist users at higher risk, and is not for everyone.
Apple says itself that “Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats. Most people will never be targeted by attacks of this nature. When Lockdown Mode is enabled, your device won’t function like it usually would. To reduce the attack surface that could potentially be exploited by highly targeted mercenary spyware, certain apps, websites and features will be strictly limited for security, and some experiences may not be available at all.”
That’s the real news here—Google making this level of security more mainstream, offering warnings when a device detects unusual network activity.
So-called Stingray devices rely on knocking phones down to 2G with its inferior security, but that’s not enough anymore. Android’s original defenses and the iOS 17 defense protect users against this legacy technique, but newer devices—Hailstorm for example—can operate on 4G networks in a way that wasn’t possible before.
5G offers enhanced security in the way IMSI data is handled and transmitted, and so if you are in an area with good 5G connectivity then you are better protected. Albeit that won’t stop a strong local radio trying to knock you down to 4G. And it won’t protect you in areas without 4G or when your 5G connection is just LTE+.
While praising Android’s early efforts and Apple’s Lockdown Mode, EFF was very critical of Samsung. “So far Samsung has not taken any steps to include the 2G toggle from vanilla Android, nor has it indicated that it plans to any time soon. Hardware vendors often heavily modify Android before distributing it on their phones, so even though the setting is available in the Android Open Source Project, Samsung has so far chosen not to make it available on their phones... These failures to act suggest that Samsung considers its users’ security and privacy to be an afterthought. Those concerned with the security and privacy of their mobile devices should strongly consider using other hardware.”
As such and given the need for modem and OS to work together, it will be interesting to see if Samsung gets onboard with these Android 15 changes quickly, unlike what has happened before.
Techniques are not made public for obvious reasons, but looking at rogue network activity and warning users when something is detected is important. It’s a major advance on just disabling 2G. When a phone is attacked, there’s a process at play. And detecting elements of that unusual activity is the best defense. Clearly, a sensitive user seeing such a warning will immediately shut down the phone.
As for the network location detection, a good debate has ensued as to the accuracy of cell tower triangulation. “As long as you're connecting to their towers they know an approximate location. Regardless of device settings,” said one Reddit user. “Having worked in a department that provided cellular location info to authorities, I believe it can be narrowed down to roughly 15-25 meters,” posted another.
The rule here is very simple—it depends where you are. In a busy city location with lots of cell towers all around you, location accuracy is pretty good. But head out into a rural setting, with fewer towers and further distances between them, and it will vary wildly. Something to bear in mind...
