What is Reddit's opinion of Android IMSI-Catcher Detector?

From 3.5 billion Reddit comments

Because I did some pretty cursory research the last time these devices popped up on reddit, I just want to share this: https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/

Many people say that these apps are useless, so do with that as you will.

This article is about a project students from the University of Washington attempting to develop a method of reliably detecting these devices. https://techcrunch.com/2017/06/02/who-catches-the-imsi-catchers-researchers-demonstrate-stingray-detection-kit/

IMSI catchers work by only providing an unencrypted signal and jamming all legitimate signals. All mobile devices will still happily accept unencrypted connections without warning the user. Iirc there is a modified android version that does notify the users but it requires rooting the device. There are apps too but they are unreliable

There's an FOSS app on F-Droid designed to notify end users of an active Stingray monitor on their phone. Here's some more info about the app - AIMSICD.

The only catch is you have to give it superuser access, which I suppose isn't ideal.

> Om de er interessert i det, så tror jeg at de driter hardt i om det står i loven eller ikke.

Om loven tillater slikt er terskelen for å faktisk gjøre det mye lavere. De driter ikke om det er lov eller ikke. Det har betydning.

> Sen edit: Hvordan fant du ut at du fikk stille sms? Bare nysgjerrig.

Om man har en Android-telefon som man har åpnet bootloader på kan man på noen telefoner få tilgang til basebandet (radioen til telefonen som kommuniserer direkte med mobilnettet). Om man har tilgang til basebandet kan man finne ut hvilke signaler som mottas og sendes. Stille SMSer er et unikt type signal som vanligvis er skjult, men kan detekteres om man har tilgang til basebandet. Tipper /u/GraatendePave har brukt et verktøy som gjør akkurat dette. Jeg har sett andre som også har skrevet om at de har fått et varsel (via for eksempel verktøy som Android IMSI-catcher Detector) om at de har mottat en stille SMS.

Det er mer informasjon om stille SMS her: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/glossary-of-terms#silent-sms

>What's the app for? Android and iOS?

It's android, so it would run on the phone you use for your datalink. Here's a link iOS... Psh... get outa here.

>So I suppose just do your research before you get your battery lol.

Actually, someone's already done that for you:

Still, I'm pretty sure it has safety features already installed. I would only add the caveat that you should always use High Drain IMR batteries, and always go name brand. Anything that isn't toshiba, samsung, motorola, etc is just a chinese rewrap of the batteries these companies rejected.

You are very likely to run into areas with cell signals that are far stronger than what an ISMI catcher is generating. There are some attempts to do what you want, but it's difficult.

https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/

> I wonder if anyone would care yet maybe have a certificate on cell towers to authorize them as being accurate. Oh boy. So frustrating.

You mean like the AIMSICD project?

> A stingray is a device used by law enforcement that tricks your phone into thinking its talking to an actual cell tower. This is passed on to a real tower, so someone on the street would never notice an issue with their connection.

Disabling 2G fallback on your phone is one preventative measure you can use to prevent this, as is using a tool like AIMSICD, to detect when your phone requests switching to a 'tower' that is not identifying itself as being owned by the telcos your phone supports.

They also did this for many of the BLM protests, with low-flying helos that the crowds incorrectly misinterpreted as trying to disperse them with chopper blade winds, but was actually used to gather dense IMSI data from protester's mobile devices in the crowds of protesters, so they could track down who was there, who was transmitting data to whom, and who was connected to whom during and after the protests.

Also, if you don't already use a SIM card lock (pin) on your device, set that up immediately. Any attempt to clone and re-use your SIM elsewhere, would be delayed/prevented by using a pin code. 3 wrong attempts at the pin code, disables the SIM, and the telco can track where it was used and which towers were in range when it was disabled.

https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/

AIMSICD is an Android app to detect IMSI-Catchers. These devices are false mobile towers (base stations) acting between the target mobile phone(s) and the real towers of service providers. As such they are considered a Man-In-The-Middle (MITM) attack. This surveillance technology is also known as "StingRay", "Cellular Interception" and alike.

https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/

That's the alternative that I have used in the past. Just messing around with, and can't say for sure if it works at all. (it too doesn't require root)