[sliken]

Very early android (I bought 2 G1's the first day they were available) there weren't many apps. One popular app would show you where you were, where the tower you were connected to was, a bunch of related metadata, and a link to the FCC database for the tower. Not sure if that data is still available though.

Seaglass seems like basically the same thing, but they track the metadata across carriers, cities, and of course over time. That way they can track changes in the tower, unusual towers, or unusual signal strengths.

[Zenst]

For non-rooted devices, http://wilysis.com/networkcellinfo do some nice apps that show the current cell tower location and can log that with a map. Whilst it won't flag up a fake tower, they will stick out.

There are also apps that alert you to fake cell towers, but they depend upon knowing what the legit ones are so the ones I have played with require you to log the local towers you use as a white list. Otherwise how do you or the app know the difference between a fake and a real tower.

But the aspect that cell towers do not have trusted certificates or any form of proving they are from X,Y or Z carrier is a bit of a problem.

One solution is to use VOIP instead of cellulare voice comm's and a VPN. That way the ability of a fake tower will be reduced in what it can glean from you.

[patcheudor]

We had a program manager on our team who used this app. She didn't understand that it flags repeaters and boosters which we have in our building and made the claim that we were running an illegal OpenLTE network as part of our security research. It was an uncomfortable situation to say the least. Ultimately I don't think these tools are very useful to end users and am encouraged by the SeaGlass project because they are collecting lots of data and correlating it with professionals analyzing the data.

[Zenst]

Oh heard of worse examples of tech in the wrong hands. Friend worked in infosec for an online casino. Got called in late sunday evening with boss shocked that port 25 was open on the firewall (he'd just played with a chintzy port scanner app). Friend explained how email works, next day he was terminated with no recourse. Management with a little knowledge is dangerous.

[gruez]

>One solution is to use VOIP instead of cellulare voice comm's and a VPN. That way the ability of a fake tower will be reduced in what it can glean from you.

That helps with the eavesdropping problem, but doesnt help with the imsi catching part.

[tombrossman]

I think the app you refer to is 'Antennas', and I ran it on my G1 also. It worked as advertised in North America and I used it for a while in Europe, and it worked there as well. Obviously not part of the FCC database, so there must have been more than one in use. Sadly it's no longer maintained.

https://play.google.com/store/apps/details?id=com.technolatr...