Wednesday, December 18, 2024

Google’s Update Mistake—Bad News For Millions Of Pixel Owners

Must read

“Today, Android 15 starts rolling out to Pixel devices,” Google announced on Tuesday, heralding updates that “include security features that help keep your sensitive health, financial and personal information protected from theft and fraud.” But it could be that this first release is more notable for what’s missing than what’s included, made worse by a serious Google update mistake that will see millions of users missing out.

Thankfully, Google did include its excellent new theft protection in this release, “using AI to help keep your data safe—if your phone senses someone has snatched it and is trying to run, bike or drive away, it will automatically lock your device.” But there’s no news on any early deployments of its critical live threat detection. This uses AI to monitor app behaviors on-device to flag risks as early as possible. But that will certainly roll out extensively as Android 15’s many innovations are enabled.

ForbesSamsung Warns Millions Of Galaxy Users—Update Now To Stop New Attack Threat

What won’t come anytime soon, it seems, is the other lighthouse update—Google’s new Mobile Network Security, which the company had teased in Android 15 beta releases made available to Pixels—evidently by mistake. This is a real shame, as these cellular defense features have been touted for months now and users had fully expected to see them released with Android 15’s upgrade on the latest Pixels.

As reported by Android Authority, “Android 15’s new cellular security features are missing on Pixel phones… We’ve confirmed that no current Pixel phones support Android 15’s new cellular security features.” This is a real shame as it was a genuine innovation on Google’s part, and one where it took a lead over iPhone’s current capabilities. “Given that these features appeared available to Pixel users during the Android 15 beta, it would seem reasonable to assume that Pixel phones support them. That’s not actually the case, as it turns out, as the visibility of the ‘mobile network security’ settings page on Pixel phones was just a mistake.”

These new cellular network defense features will be especially useful to users concerned about the risk of tracking and interception. They defend against rogue networks repeatedly pinging their phones for identifiers, and against the risk that a phone can be knocked off a genuine cellular network onto a local, fraudulent base station running limited encryption (if any), leaving the phone open to attack.

Such rogue networks use hardware to trick phones into thinking it’s a legitimate, public cellular base station. They only work locally by presenting a strong signal to a device as it searches for cell towers nearby. Once the phone switches over, the rogue network receives its traffic. Where that traffic is fully encrypted, it remains secure. But if the rogue network can lower the encryption threshold, that changes.

Many Android devices allow users to disable 2G networks which goes a long way to securing against the most basic such attacks, albeit not the more sophisticated ones. And Samsung, notably, does not offer a universal 2G toggle across its devices—it has been criticized in the past for not enabling this kind of network level security, and so for Pixel users it not only seemed a step up on iPhones but on Samsungs as well.

ForbesMicrosoft Warns Millions Of Windows Users—Change Your Browser As New Attacks Underway

These new mobile network security features require tight integration between hardware modems and OS software, and while the beta release suggested this would be available at least on new Pixel 9 releases, that’s evidently not the case—at least not yet. When available, it will enable users to select alerts when a phone connects to an unencrypted network or when a network requests a device or SIM identity. It will also provide a setting to prevent any connections to unencrypted networks.

Google assured that such developments were in train across the Android ecosystem, announcing at its Google I/O event that this “requires device OEM integration and compatible hardware… we are working with the Android ecosystem to bring these features to users… we expect OEM adoption to progress over the next couple of years.” And so, as Android Authority says, “hopefully these new cellular security features will actually make their way to some Android devices in the near future.”

Latest article