Android 16 Unleashes Stingray Protection: New Security Features Combat Network Impersonation

Owners of Android smartphones will soon benefit from enhanced protection against one of the most insidious yet dangerous threats in mobile communication — network impersonation. With the introduction of Android 16, Google is implementing a dedicated section within the security settings to help detect interception attempts involving so-called “Stingray” devices.

This surveillance technique, long familiar to law enforcement and intelligence agencies, is increasingly slipping beyond the bounds of lawful use. A Stingray functions as a portable transmitter masquerading as a legitimate cellular tower, coercing nearby phones into connecting to it rather than to the authentic infrastructure of a mobile operator. Once ensnared, a smartphone may begin transmitting unique identifiers such as its IMEI and may be forced onto outdated, vulnerable communication protocols like 2G — thereby making the interception of calls, messages, and identifiers markedly easier.

Although historically associated with government entities, Stingray-like technologies are now within reach of cybercriminals. Studies have shown that mobile surveillance via counterfeit base stations has long ceased to be the sole domain of state agencies.

Initial defenses were introduced in Android 12, where users could disable 2G network support directly at the modem level. Android 14 added the ability to block connections using so-called null ciphers — essentially unencrypted communications. With Android 15, Google expanded these protections further: the system began alerting users if a network attempted to collect unique device identifiers or force insecure encryption algorithms. These countermeasures directly address the tactics employed by Stingray devices, which often rely on degrading a connection to a weaker protocol.

However, the full efficacy of these measures depends on compatible hardware. Specifically, the ability to detect requests for unique identifiers requires a modem that supports Android’s IRadio HAL version 3.0. At present, most modern handsets — including the latest Pixel devices — do not meet this requirement, rendering some protective features inoperative.

This will change with Android 16. New smartphones shipping with native IRadio HAL 3.0 support will feature an enhanced “Mobile Network Security” section (Settings > Security & Privacy).

This section comprises two pivotal elements:

• Network Alerts: When enabled, the system notifies users upon connection to an unsecure network or when a network requests unique device identifiers. This feature is disabled by default.
• 2G Network Protection: A toggle that allows users to enable or disable support for 2G networks. This corresponds to an existing SIM card setting and is likewise turned off by default.

It is important to note that the “Mobile Network Security” section will only appear on devices that support both 2G deactivation and network alert features. As a result, even users running Android 16 on current Pixel models will not see this section unless the hardware supports both functions.

If network alerts are activated, the system will inform users through the notification shade and Security Center of the following events:

• A switch from encrypted to unencrypted networks;
• A return to a secure connection;
• Attempts by a network to access the device’s unique identifiers, including a timestamp and count of such requests.

Now that Google has formally unveiled this feature in Android 16, anticipation turns to the arrival of the first compatible smartphones. Devices such as the upcoming Pixel 10 lineup are expected to be among the first to offer this support. Prospective buyers would do well to consider these technical details when selecting their next device.