- Aug 17, 2017
Google has announced new cellular security features for its upcoming Android 14, expected later this month, that aim to protect business data and communications. Android 14 will allow consumers and enterprises to turn off support for 2G on their devices or a managed device fleet and disable support for null-cipher (unencrypted) cellular connectivity at the modem level. "Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises," reads Google's announcement "Android 14 introduces support for IT administrators to disable 2G support in their managed device fleet [and] also introduces a feature that disables support for null-ciphered cellular connectivity."
While all IP-based user traffic on Android is end-to-end encrypted, ensuring that any interceptions won't result in data breaches, Google warns that certain communication types, such as circuit-switched voice calls and SMS messages, can still be exposed on cellular networks. The exposed data is typically protected by the cellular link layer cipher, which the users have no control or visibility over, so its strength and reliability are doubtful. Moreover, recent reports have shown that null ciphers (no encryption) are not uncommon in commercial networks, exposing the mentioned data in cleartext and easily readable form to those who can intercept it.
To mitigate this risk, Android 14 introduces a feature that allows users to turn off support for null-cipher connections at the modem level for devices that adopt the latest radio hardware abstraction layer (HAL). Like in the 2G disabling feature, emergency calls can still downgrade to null-cipher connections to avoid jeopardizing users' safety.
Google has announced new cellular security features for its upcoming Android 14, expected later this month, that aim to protect business data and communications.