Many years ago browsers started alerting users to HTTP (vs HTTPS) connections and HTTPS sites using invalid or untrusted certificates.
How is it possible that in 2026 we're not notified by default when we connect to a cell tower with no certificate so our communications is being broadcast into the air completely unencrypted?
You're asking why a government, that is already known for massive surveillance, wants devices that nearly 100% of the population owns to be completely unencrypted?
should'nt you always assume your communications are being broadcast into the air unencrypted unless you're connected with ssl/tls? even if encrypted to the tower the carrier can still intercept all your stuff.
> the attacker can harvest device information and force your phone onto an older, unencrypted protocol.
This is why you should always toggle the setting that disables 2g/3g fallback.
With 4G, for example, your device will refuse to connect fully unless the network can pass the cryptographic challenge that proves it shares the key material included in your SIM card (I know, I know, symmetric keys are not ideal). The best an attacker can hope to do in 4G+ is harvest your subscriber ID (IMSI) or deny you service while you are in range.
Is something similar available in iOS? Apple's full control over the hardware and software should make it easier than in the Android ecosystem.
> software can only do so much. For these security features to work, your phone's modem has to be able to communicate with the Android OS in a very specific way
> Because of this hardware requirement, the full suite of these network security tools is currently exclusive to the Pixel 10 series
Many years ago browsers started alerting users to HTTP (vs HTTPS) connections and HTTPS sites using invalid or untrusted certificates.
How is it possible that in 2026 we're not notified by default when we connect to a cell tower with no certificate so our communications is being broadcast into the air completely unencrypted?
You're asking why a government, that is already known for massive surveillance, wants devices that nearly 100% of the population owns to be completely unencrypted?
should'nt you always assume your communications are being broadcast into the air unencrypted unless you're connected with ssl/tls? even if encrypted to the tower the carrier can still intercept all your stuff.
The moment this is rolled out is the moment government will start figuring out how to insert itself into the chain of trust so it will not matter.
Why bother locking the door if it can be kicked down? /s
The harder and obvious it is, the better.
> the attacker can harvest device information and force your phone onto an older, unencrypted protocol.
This is why you should always toggle the setting that disables 2g/3g fallback.
With 4G, for example, your device will refuse to connect fully unless the network can pass the cryptographic challenge that proves it shares the key material included in your SIM card (I know, I know, symmetric keys are not ideal). The best an attacker can hope to do in 4G+ is harvest your subscriber ID (IMSI) or deny you service while you are in range.
As far as I've been able to determine, the main feature this article speaks to is not even on the Pixel 9 - it is only a feature on the Pixel 10.
Great! Then you can report them to the police.. oh.
Thing is, what're you gonna do about it when you see it?
Edit: whatever the answer is, it needs to work when this pops up frequently, because it will.
Know that you're compromised. Don't say or do anything incriminating. If possible, leave.
Interesting question for sure. Given the implied budgets for domestic surveillance, are there any metropolitan areas which do not have fake towers?
Is something similar available in iOS? Apple's full control over the hardware and software should make it easier than in the Android ecosystem.
> software can only do so much. For these security features to work, your phone's modem has to be able to communicate with the Android OS in a very specific way
> Because of this hardware requirement, the full suite of these network security tools is currently exclusive to the Pixel 10 series
iOS allows disabling 2G connections, but only in lock-down mode.
This would be an amazing feature.
Isn't it the case that disabling 2G on its own is enough to block these issues?
Like the notifications are nice, but they're not a Allow / Deny popup. When you get the popup your data could've been intercepted.
I set up a rayhunter, not so worried about myself, but more an early warning if something was to change in the area
Reference in case anyone's interested: https://github.com/EFForg/rayhunter