Google has introduced a notable security enhancement in Android 14, granting IT administrators the capability to disable 2G cellular network support within their managed device fleet. This new feature addresses the vulnerabilities associated with 2G networks, which often lack robust encryption and mutual authentication, making them susceptible to various attacks.
By allowing administrators to turn off support for null-ciphered cellular connections at the model level, Google reinforces its commitment to the Android Security Model, prioritizing end-to-end encryption (E2EE) for all network traffic to ensure user safety and privacy.
2G networks have long been a target for exploitation due to their weak encryption, opening doors for over-the-air interception and traffic decryption attacks. Malicious actors can utilize rogue cellular base stations to intercept communication, distribute malware, and even launch denial-of-service and adversary-in-the-middle attacks, raising concerns about surveillance and cyber threats.
Amnesty International’s revelation of network injection attacks targeting a Moroccan journalist using a fake cell tower to deploy spyware further underscores these risks.
To mitigate such vulnerabilities, Google’s previous efforts in Android 12 included the option to disable 2G at the modem level. In Android 14, the company advances its security measures by introducing a new restriction that prevents devices from downgrading to 2G connectivity, bolstering protection against potential attacks.
Additionally, Google’s focus on end-to-end encryption extends to its Messages app, with the company enabling E2EE for RCS conversations by default. While Google strives to enhance user security, its attempts to influence Apple’s adoption of similar measures and its move towards interoperability with Message Layer Security (MLS) showcase its commitment to bolstering cybersecurity in the mobile realm.
