Sunday, November 17, 2024

Google’s Update Mistake Confirmed As Millions Of Pixel Owners Install Android 15

Must read

Updated on October 17 with additional responses to the new security features absent in the Pixel 9’s Android 15 release, and the mistake in the run-up to that release.

“Today, Android 15 starts rolling out to Pixel devices,” Google announced on Tuesday, heralding updates including “security features that help keep your sensitive health, financial and personal information protected from theft and fraud.” Android’s new private space hides sensitive apps from sight, while those off-grid may be able to add satellite messaging to their devices. There is also new theft protection in this release, “using AI to help keep your data safe—if your phone senses someone has snatched it and is trying to run, bike or drive away, it will automatically lock your device.”

But one of Android 15’s most exciting new security features is MIA—one we expected to see, at the very least given that the new Pixel 9s was released long after Android 15’s new features were made public. “I don’t know how they don’t support this feature,” posted one typical Redditor. “They knew it was coming you think the [Pixel] 9 would support it at least.” But it doesn’t. And it turns out the only reason we expected it to have been released is down to an awkward beta update mistake by Google.

ForbesSamsung Warns Millions Of Galaxy Users—Update Now To Stop New Attack Threat

We’re talking Google’s unique new Mobile Network Security, announced at I/O and then teased in a settings page discovered in Android 15 beta releases made available to Pixels. “We’re adding new advanced cellular protections in Android 15m” Google explained at I/O, “to defend against abuse by criminals using cell site simulators to snoop on users or send them SMS-based fraud messages.”

This includes two features—Cellular Cipher Transparency and Identifier Disclosure Transparency. The first warns when a cellular network is unencrypted, “potentially exposing voice and SMS traffic to radio interception, and potentially visible to others” and helping to protect against the new surge in SMS blaster attacks. The second warns if phone identifiers are being polled by potentially fraudulent networks to tracking users, which Google says will “help at risk-users like journalists or dissidents.”

Delivering this new security is complex. It requires upgraded modem technology working in tandem with device firmware to enable the OS to interact with the network facing side of the modem, delivering types of warnings that have not been generally available until now. Users with the right settings can disable 2G network connectivity, which resolves basic encryption issues, but the network polling and more advanced encryption safeguards are not yet available.

Google disclosed when it announced Mobile Network Security that “these features require device OEM integration and compatible hardware” explain that “we are working with the Android ecosystem to bring these features to users. We expect OEM adoption to progress over the next couple of years.” But then the settings page turned up in the Android 15 beta and it was assumed the stable release would follow. Obviously this was just a settings page, not the actual functionality, which is why the Pixel 9 was assumed to be the first device out the traps with this working. But it isn’t. It seems confirmed that this was a mistake in the beta update—a settings page exposed that should have remained hidden. That said, it could just as easily have been hardware integration that did not complete to schedule, leading to the new feature being dropped. Either way, it’s not there.

As first reported by Android Authority, “Android 15’s new cellular security features are missing on Pixel phones… We’ve confirmed that no current Pixel phones support Android 15’s new cellular security features.” This is a real shame as it was a genuine Google innovation, and one that took a lead over current iPhone capabilities. “Given that these features appeared available to Pixel users during the Android 15 beta, it would seem reasonable to assume that Pixel phones support them. That’s not actually the case, as it turns out, as the visibility of the ‘mobile network security’ settings page on Pixel phones was just a mistake.”

Android Headlines agrees, reporting that “apparently, the visibility of the ‘cellular network security’ settings page on Pixel phones was just an error from the beginning. With even just released Pixel 9s not having the hardware to run this features as yet, it begs the question as to why it was publicly announced as an Android 15 feature, prompting multiple media write-ups ahead of the Pixel 9 launch. The current narrative suggests Android 16 could turn up before device hardware capable of running this Android 15 update—all a bit pointless.

“Considering the update’s focus on security and privacy with Private Space, Remote Lock, and Theft Detection,” Android Police has since commented, “we’d have expected the previously leaked cellular security upgrades to make their way to the stable release, though that doesn’t appear to be the case… Unfortunately, despite being a part of Android 15’s source code, these cellular security features are unavailable to use. Their initial appearance in beta did stir speculation about support, especially in the then unreleased Pixel 9 series, though that isn’t the case.”

What is unknown is whether Pixel 9 hardware supports such integration with firmware updates or the platform itself cannot be upgraded, in which case users will need to buy new phones in order to receive the feature. As one comment under Android Police’s article warns, “the optimist in me hopes that by ‘hardware support’ they really mean ‘driver support’. The pragmatist knows that’s likely not the case.”

Similarly, I have confirmed there’s no news yet on the timing for the potentially excellent Live Threat Detection, which will use AI to monitor app behaviors on-device to flag risks as early as possible and provide users an option to disable or delete apps that may threaten their devices and data. Google has said this is coming later this year, with “the detection of suspicious behavior done on device in a privacy preserving way through Private Compute Core, which allows us to protect users without collecting data.” This can’t come soon enough—so watch this space.

This new cellular network defense will be especially useful to users concerned about the risk of tracking and interception. They defend against rogue networks repeatedly pinging their phones for identifiers, and against the risk that a phone can be knocked off a genuine cellular network onto a local, fraudulent base station running limited encryption (if any), leaving the phone open to attack.

Such rogue networks use hardware to trick phones into thinking they are connecting to legitimate, public cellular base stations. They work locally by presenting a strong signal to devices searching for cell towers nearby. Once the phone switches over, the rogue network receives its traffic. Where that traffic is fully encrypted, it remains secure. But if the rogue network can lower the encryption threshold, that changes and traffic is also open to interception.

ForbesMicrosoft Update Deadline—New Windows Security Nightmare Is Slowly Coming True

If your phone allows to you disable 2G networks, this protects you from the most widely accessible versions of this threat. But Samsung, notably, does not offer a universal 2G toggle across its devices—it has been criticized in the past for not enabling this kind of network level security, and so for Pixel users it not only seemed a step up on iPhones but on Samsungs as well. Ironically, the modem on the Pixel 9 that needs to be updated to deliver this new functionality comes from Samsung, which has raised some online questions as to whether this OEM supply chain has caused the delay.

To be fair to Google, it hasn’t missed a release date nor did it confirm that cellular security would be available with Android 15’s first release or with Pixel 9s. It did caveat its I/O announcement by saying the new security “requires device OEM integration and compatible hardware… we are working with the Android ecosystem to bring these features to users [and] expect OEM adoption to progress over the next couple of years.” But we took that to mean other Android OEMs, not Pixels. We don’t know if there’s work underway to update current hardware. As Android Authority says, “hopefully these new cellular security features will actually make their way to some Android devices in the near future.”

Latest article