Any regular reader of ours will by now be familiar with Stingray devices – mobile fake cell phone towers that are deployed with increasing regularity (but an alarming lack of transparency) by US (and possibly other) police forces in order to spy on suspects’ texts, voice conversations, and internet data.
Although this is itself of dubious legally (judges are often deliberately misled during applications for court orders authorizing the use of Stingrays), the fact that smartphones owned by anyone within with a Stingray’s operational radius can lock onto the device (which they perceive as a regular cell-phone tower) means that large numbers of ordinary public, who under no suspicion for any crime whatsoever, get caught in the dragnet, and are subject blanket warrantless surveillance by the police (and given the sensitive personal nature of phone data, this should be considered a major invasion of privacy.)
Although there have been occasional judicial attempts to reign-in Stingray use, and the state of California is mulling legislation (CalECPA) that would place limits on their use, there seems little general will to curb the increasing deployment of Stingray devices and protect ordinary US citizens’ privacy rights.
It therefore falls upon individual citizens to protect their own privacy, and a new open source Android app called Android-IMSI-Catcher-Detector (AIMSICD), an implementation of SnoopSnitch (which is discussed at the Chaos Communications Congress in this video clip) does just that (AIMSICD is compatible with more phone models than SnoopSnitch, and has an improved user-interface).
Funky ‘at-a-glance’ icons let you know if your phone is subject to Stingray surveillance
I went for a short walk. Although my phone was pinged by local towers a few times, the app detected none of them as dangerous. As far as we know, Stingrays are not used in the UK (but it wouldn’t surprise us if they secretly were)
The app can also provide a ridiculous amount of information about both your phone and local cell phone tower details
The app is very much at the alpha stage of development, and so should not be relied upon (and with no nearby Stingrays, as far as we can tell, we cannot vouch for how well the app works). Also, to get the best out of it you will need to delve into the available Wiki, which is packed with useful information. It should be noted too that although AIMSICD is open source and thus available for independent auditing, no such auditing has been done, so its use is entirely at your own risk.
Nevertheless, we think it great that such software exists, and that developers are working on ways to help us take control of our technology, rather than being the victim of it. Governments have demonstrated time and again that we cannot rely on them to protect our privacy (quite the opposite in fact!), and we must therefore encrypt our data ourselves, and learn to use tools such as this to push back and achieve some measure of privacy in this digital surveillance world.
The Android IMSI-Catcher Detector website is here, the open source code is available on GitHub, and the Wikiis here. Although the .apk is available from various sources, installing through F-Droid will ensure automatic update notifications.