Google has recently shed light on a native Android setting, available since Android 12, that allows users to disable 2G connections and rely solely on newer, more secure network standards. According to the tech giant, this feature is a crucial step in combating fraud through phishing attacks by preventing devices from communicating with simulated mobile network stations that send fake messages.
In an article published on Google’s security blog, Nataliya Stanetsky and Roger Piqueras Jover from the Android security and privacy team explained the rationale behind this security measure. They highlighted Fake Base Stations (FBS) or Stingrays, which create parallel mobile networks to intercept device connections.
Malicious actors exploit these fake networks to send fraudulent text messages by creating a false network near the target device. This strategy often relies on older, less secure protocols like 2G, which lack modern security methods like mutual authentication.
The SMS Blaster Method
Google explains that the “SMS Blaster” method works as follows:
- Attackers expose a fake 4G and 5G signal nearby.
- This forces victims’ devices to downgrade their connection.
- A 2G network is then activated to attract these devices.
- Attackers exploit the lack of mutual authentication in 2G to force decrypted connections.
- This allows a complete Person in the Middle (PitM) position to inject SMS payloads.
“Injecting messages with an SMS Blaster completely bypasses the carrier’s network and its anti-fraud and anti-spam filters, ensuring that all messages reach the victim,” the Google security team warns.
Android’s Security Measures
Disabling 2G
Google emphasizes that since Android 12 (released in 2021), users have had access to native tools to turn off compatibility with 2G technology completely. While this option is already present in Pixel phones, it hasn’t yet been implemented across all manufacturers’ models.
Additional Security Features
Android incorporates several other mechanisms to protect mobile devices against phishing and other scams.
- Disabling Null Ciphers: Introduced in Android 14, this feature prevents connections to fake base stations
- Phishing and Spam Detection: Tools to identify and address phishing attacks and spam sent via text messages.
- Google Play Protect: Solutions to reinforce protection when browsing the internet.
The article highlights mutual authentication as a critical security feature in modern network protocols. This method ensures the sender and recipient verify each other’s identities when communicating in digital environments. In mobile telephony, this confirmation occurs between the device and the carrier’s tower, significantly enhancing security.
How to Disable 2G on Android
Disabling 2G on Android can help improve security, as 2G networks are less secure than newer technologies. Here’s how you can disable 2G on an Android device:
Via Network Settings
- Go to the Settings app on your Android device.
- Tap on Network & Internet.
- Tap on Mobile network.
- Tap on Advanced to expand additional settings.
- Look for an option that says “Preferred network type” or “Network mode”.
- Choose a network mode that does not include 2G. Depending on your device and carrier, you might see options like:
- 3G/4G/5G
- LTE/WCDMA/GSM (Auto)
- WCDMA/LTE (Auto)
- Select an option that excludes 2G (GSM).
