Google is highlighting the “first-of-its-kind” cellular connectivity security features in the upcoming Android 14 release. The Android Security Model assumes that all networks are hostile in order to protect users from network packet injection, tampering, and eavesdropping on user traffic.

One of the features introduced in Android 12 was the “Allow 2G” toggle, initially available on Pixel devices. This toggle allows users to disable 2G connectivity at the modem level. Now, all Android devices that conform to Radio HAL 1.6+ support this feature. This is important because even though most major carriers in the United States have shut down their 2G networks, existing mobile devices still have support for 2G. This means that devices will automatically connect to a 2G network when available, regardless of whether local operators have discontinued their 2G infrastructure. Android 14 now allows admins of Android Enterprise-managed devices to restrict a device’s ability to downgrade to 2G connectivity, offering protection against 2G traffic interception and Person-in-the-Middle attacks.

Another security enhancement in Android 14 is the ability to disable support for null-ciphered connections at the modem level. This feature is available for devices with the latest radio HAL and is expected to be widely adopted by Android OEMs in the coming years. While all IP-based user traffic is already protected and encrypted by the Android platform, cellular networks expose circuit-switched voice and SMS traffic, which are protected only by the cellular link layer cipher. This means that the network controls whether the traffic is encrypted, leaving no visibility for the user. The use of null ciphers in commercial networks can put voice and SMS traffic, including One-Time Passwords/2FA, at risk of interception. Android 14’s new setting helps mitigate this risk by disabling support for null ciphers.

Overall, these new cellular connectivity security features in Android 14 aim to provide better protection for user traffic and prevent potential risks associated with 2G connectivity and null ciphers.