Stingray snooping
A stingray (or IMSI-catcher) is a type of a surveillance device used primarily by law enforcement and intelligence agencies to intercept and track mobile phone activity. It mimics a legitimate cell phone tower, tricking nearby phones into connecting to it instead of a real tower.
In active mode, it forces phones within a certain radius to connect to it by broadcasting a stronger signal than legitimate towers, capturing data like IMSI numbers, location, call logs, text messages, and potentially injecting malware or intercepting communications. In passive mode, it analyzes signals transmitted between phones and real towers without direct interaction. It can disrupt normal phone service, including emergency calls and collect data from all devices in range, not just targeted ones.
Stingray surveillance has been employed by government agencies since at least 1995, and it is potentially used for monitoring protests or crowds, raising privacy concerns.
For more information, here is a Wikipedia article on the Stingray phone tracker.
Stingray and Android
Recent news about upcoming Android 16 security features that can help you detect stingray attacks has prompted me to explore existing software solutions. After all, if you have a list of 'usual' cell towers around your location, you can detect a new, possibly fake tower when it appears.
But first things first: it's worth mentioning that since Android 12, you should be able to disable 2G network connections, which are less secure and often used by stingray devices (however, new stingray devices target 4G/5G networks as well). Additionally, you should use VPNs and encrypted messaging apps (e.g., Signal) that can help secure data, although they won't prevent connection to a stingray.
Software solution
Back to how an app could detect a fake tower: it could maintain a database of known cell towers (cell IDs, MCC, MNC, LAC, signal strength, etc.) at a given location, collected over time using Android's TelephonyManager.getAllCellInfo(). There are also public databases, such as OpenCellID (Wikipedia, regarding contributing apps see my commend below) and CellMapper (app). A tower with a new or unrecognized cell ID/MCC/MNC combination not associated with known carriers in the area that wasn't previously recorded could be flagged as suspicious, especially if it has some of the following characteristics:
- abnormally high signal strength (e.g., -50 dBm vs. -80 dBm for others) or inconsistent signal patterns;
- protocol downgrade: stingrays often force devices to connect via less secure 2G protocols. If the app detects a sudden shift to 2G when 4G/5G was previously dominant, it’s a red flag;
- rapid appearance/disappearance (common with mobile stingrays);
- no neighbor consistency: legitimate towers often report neighboring towers in their signaling data. A fake tower may lack consistent neighbor data or report unusual neighbors.
Of course, legitimate towers can be added or removed by carriers (e.g., during network upgrades or temporary deployments), so a new tower isn't necessarily fake. Advanced stingrays can mimic legitimate towers closely, using valid MCC/MNC codes and spoofing known cell IDs. They may avoid 2G downgrades and operate on 4G/5G, blending in with real network behavior.
Also, Android's TelephonyManager provides limited information (e.g., cell ID, signal strength). It can't access low-level signaling data like encryption status or tower authentication. Since Android 10, privacy restrictions limit non-system apps' access to detailed cell data, making detection harder without root access.
Existing apps
Wired published an article in 2017 titled "Those Free Stingray-Detector Apps? Yeah, Spies Could Outsmart Them", which covers a study conducted by researchers from Oxford University and the Technical University of Berlin. Almost all covered detector apps (Cell Spy Catcher, AIMSICD, GSM Spy Finder and Darshak) are not maintained any more. I am not sure to what extent SnoopSnitch is maintained or whether its flaws have been addressed.
SnoopSnitch
An open-source app (GitHub link) developed by Security Research Labs (SRLabs) to detect IMSI-catchers by analyzing cell tower data and signaling behavior. It monitors for signs of fake towers, such as 2G downgrades, unencrypted connections, or silent SMS/calls (used by stingrays to ping devices). Logs tower data (cell ID, MCC, MNC, signal strength) and compares it against known patterns. Provides alerts for suspicious activity, like unexpected 2G connections or towers not matching known carrier databases. It also analyzes your phone's firmware for installed or missing Android security patches.
It requires a rooted device with a compatible Qualcomm chipset to access low-level radio data. Struggles with advanced StingRays (e.g., 4G-capable Hailstorm devices) that mimic legitimate towers closely. A 2017 study by Oxford and Berlin researchers found SnoopSnitch could be circumvented by StingRays using alternative downgrade methods or silent calls instead of SMS.
The app is available on Google Play (last updated 2023) and F-Droid (last updated 2022). There are no releases on GitHub, and the last commit was made in 2022. I was trying to access the project webpage and the list of supported devices, but the site was down at the time of writing.
AIMSICD (Android IMSI-Catcher Detector)
An open-source app (GitHub link) designed to detect IMSI-catchers by analyzing cell tower behavior and network anomalies. It detects suspicious activities like unusual tower IDs, lack of encryption, or unexpected network behavior (e.g., frequent tower switches). Maintains a local database of known towers for comparison, flagging new or unrecognized towers. Alerts users to potential Man-in-the-Middle (MITM) attacks by fake towers.
It requires root access for full functionality. It's effectiveness depends on a database of legitimate towers. It's not foolproof against advanced stingrays that spoof legitimate tower IDs or operate on 4G/5G.
Although the GitHub commits show activity, they consist solely of translations. The project has not been updated since 2017. Here is the project homepage, and here is their list of similar projects.
Darshak
Last commit about 10 years ago, here is the GitHub link. The app is not available on Google Play any more. Here is the presentation from app authors titled Darshak: How to Turn Your Phone into a Low-Cost IMSI Catcher Device.
Other (non-Android) solutions
Rayhunter
While not an Android app, the Electronic Frontier Foundation's (EFF) Rayhunter Rust tool (2025) uses an orbic mobile
hotspot to detect fake towers by analyzing 4G control traffic for
anomalies (e.g., suspicious IMSI requests or 2G downgrades). It's more
effective than apps but requires dedicated hardware and technical setup. Project webpage, GitHub repository, news article.
Crocodile Hunter
Another open-source tool (not maintained since December 2022) from EFF that uses software-defined radio to detect stingrays by analyzing tower behavior beyond what Android's API provides. Link to GitHub repository.
Notes
OpenCellID contributing apps
The Wikipedia article on OpenCellID hasn't been updated and mentioned contributing apps are no longer active. However, there is an app named Tower Collector (available on Google Play, F-Droid and GitHub), although I haven't tried it out yet.
Posts
