Why Android 15 is not what it seems.
Updated on October 17 with additional comments on the new security features that were absent from the Android 15 release of the Pixel 9, and the bug leading up to that release.
“Today, Android 15 begins rolling out to Pixel devices,” Google announced Tuesday, announcing updates including “security features that help protect your sensitive health, financial and personal information from theft and fraud.” Android’s new private space hides sensitive apps from view, while off-grid apps may be able to add satellite messages to their devices. There’s also new theft protection in this release, “using AI to keep your data safe. If your phone senses that someone has taken it and tries to run, cycle or drive away, your device will automatically lock.”
But one of Android 15’s most exciting new security features is MIA, a feature we expected to see, at least considering the new Pixel 9s was released long after Android 15’s new features were made public. “I don’t understand how they don’t support this feature,” one typical Redditor wrote. “They knew it was coming, you think [Pixel] 9 would at least support it.” But that is not the case. And it turns out the only reason we expected it to be released is due to a pesky beta update bug from Google.
We’re talking about Google’s unique new Mobile Network Security, announced at I/O and then teased on a settings page discovered in Android 15 betas made available for Pixels. “We’re adding new advanced mobile security in Android 15m,” Google explained at I/O, “to defend against exploits by criminals who use mobile site simulators to spy on users or send them SMS-based fraud messages.”
This includes two features: mobile cipher transparency and credential identification transparency. The first warns when a mobile network is unencrypted, leaving “voice and SMS traffic potentially exposed to radio interception and potentially visible to others” and helping protect against the new wave of SMS blaster attacks. The second warns if phone identifiers are interrogated by potentially fraudulent networks to track users, which Google says will “help put users such as journalists or dissidents at risk.”
Delivering this new security is complex. It requires upgraded modem technology that works with device firmware to allow the operating system to communicate with the network side of the modem, providing alerts that have not been widely available until now. Users with the correct settings can disable the 2G network connectivity, which solves the basic encryption issues, but the network polling and more advanced encryption safeguards are not yet available.
Google announced when announcing Mobile Network Security that “these features require OEM integration of devices and compatible hardware,” explaining that “we are working with the Android ecosystem to bring these features to users. We expect OEM adoption to progress in the coming years.” But then the settings page appeared in the Android 15 beta and it was assumed that the stable release would follow. It was clear that this was just a settings page, and not actual functionality. Therefore, the Pixel 9 was believed to be the first device to get out of trouble with this operation. But that is not the case. It seems confirmed that this was a bug in the beta update: a settings page popped up that should have been hidden. That said, it could just as easily have been a hardware integration that didn’t go according to schedule, causing the new feature to be dropped. Anyway, it’s not there.
As first reported by Android Authority“The new Android 15 mobile security features are missing from Pixel phones… We have confirmed that no current Pixel phones support the new Android 15 mobile security features.” This is a real shame, because it was a true Google innovation and one that took the lead over current iPhone capabilities. “Given that these features seemed available to Pixel users during the Android 15 beta, it seems reasonable to assume that Pixel phones will support them. That’s not actually the case, as it turns out, as the visibility of the ‘mobile network security’ settings page on Pixel phones was simply an oversight.”
Android Heads agrees, reporting that “the visibility of the ‘cellular network security’ settings page on Pixel phones was apparently just a bug from the start. Since even the just-released Pixel 9s don’t yet have the hardware to perform these features, the question arises as to why this was publicly announced as an Android 15 feature, prompting multiple media articles ahead of the Pixel’s launch 9. The current story suggests that Android 16 could arrive before the device’s hardware can run this Android 15 update – all a bit pointless.
“Given the update’s focus on security and privacy with private space, remote locking and theft detection,” Android Police has since noted that “we expected the previously leaked mobile security upgrades to make their way to the stable release, although that doesn’t appear to be the case… Unfortunately, despite being part of Android 15’s source code, these mobile security functions cannot be used. Their first appearance in the beta sparked speculation about support, especially in the then-unreleased Pixel 9 series, but that’s not the case.
What is unknown is whether the Pixel 9 hardware will support such integration with firmware updates or if the platform itself is not upgradeable, in which case users will have to buy new phones to receive the feature. Like a comment below Android Police article warns: “the optimist in me hopes that by ‘hardware support’ they really mean ‘driver support’. The pragmatist knows that this is probably not the case.”
Mobile Network Security at Google I/O
Likewise, I’ve confirmed that there’s no news yet on the timing for the potentially excellent Live Threat Detection, which will use AI to monitor app behavior on devices to flag risks as early as possible and give users an option to disable or remove those that might threaten their devices and data. Google has said this will happen later this year, with “the detection of suspicious behavior on devices in a privacy-preserving way through Private Compute Core, allowing us to protect users without collecting data.” This can’t happen soon enough, so watch this space.
This new mobile network defense will be especially useful for users concerned about the risk of tracking and interception. They defend against rogue networks that repeatedly ping their phones looking for identifying information, and against the risk that a phone could be sent from a genuine mobile network to a local, rogue base station with limited encryption (if any), leaving the phone open for attacks.
Such rogue networks use hardware to trick phones into thinking they are connecting to legitimate, public mobile base stations. They work locally by providing a strong signal to devices that search for nearby cell towers. As soon as the phone switches over, the rogue network receives its traffic. When that traffic is fully encrypted, it remains secure. But if the rogue network can lower the encryption threshold, that changes and the traffic is also open to interception.
If you can disable 2G networks on your phone, it will protect you from the most accessible versions of this threat. But Samsung notably doesn’t offer a universal 2G switch on all its devices. It has been criticized in the past for not enabling this kind of network-level security, so for Pixel users it seemed like a step up not only from iPhones, but from Samsung as well. also. Ironically, the modem on the Pixel 9 that needs to be updated to deliver this new functionality comes from Samsung, which has raised some questions online about whether this OEM supply chain caused the delay.
To be fair to Google, it hasn’t missed a release date, nor has it confirmed that mobile security would be available with the initial release of Android 15 or with Pixel 9s. It did add a caveat to the I/O announcement, saying that the new security “requires OEM integration of devices and compatible hardware… we are working with the Android ecosystem to bring these features to users. [and] I expect OEM acceptance to increase in the coming years.” But we thought that meant other Android OEMs, not Pixels. We don’t know if there is any work being done to update the current hardware. If Android Authority says: “Hopefully these new mobile security features will actually make their way to some Android devices in the near future.”
