Hello, everyone! Since Google does not seem to be interested in fixing the huge security hole of not showing a ciphering indicator on Android, it appears as if they get paid (or are forced to) not fix it. For all of you that are sick of getting spied on through IMSI-Catchers, Silent SMS and alike and want to do something about it, here's a great project you should check out: "The Android-IMSI-Catcher-Detector" (AIMSICD). It is an Android open-source based project to detect and (hopefully one day) avoid fake base stations (IMSI-Catchers) or other base-stations (mobile antennas) with poor/no encryption.<p>This project aims to warn users if the ciphering is turned off and also enables several other protection-mechanisms. Since it is under constant development, they are constantly searching for testers and security-enthusiastic developers with balls. Don't be shy, feel free to contribute, in any way you can on GitHub: <a href="https://github.com/SecUpwN/Android-IMSI-Catcher-Detector" rel="nofollow">https://github.com/SecUpwN/Android-IMSI-Catcher-Detector</a>
You probably shouldn't put the EFF, Guardian Project and Privacy International logos so prominently on your website if you are not affiliated with or supported by those projects.
This reminds me of the early days of GSM where Nokia phones showed a broken lock icon if the air interface between the mobile phone and the base station did not use encryption. At the time at least France had disabled the encryption and the indicator caused some interesting discussions.
Display which cipher is being used?<p>2G is insecure regardless of whether encryption has been turned off or not, it can be decrypted on the fly with very modest hardware so the indicator telling you what connection you have is as good as telling you whether it is "secure" or not.<p>> Detect hidden SMS<p>Not really feasible - there are tons of different types of "hidden" sms that are routinely used by the network but can be spoofed by a third party.<p>> Detect SIM card app installations through public APIs<p>This won't work unless it is rooted and this messages have to be signed from the network anyway.
It seems only 2G connection is crackable. Are we safe as long as the device is on 3G/4G network? We should just disable cellular radio when you see the device is on 2G suspiciously in the middle of city(around demonstrations, I suppose)