cellularprivacy / android-imsi-catcher-detector Goto Github PK

Please add this project to https://f-droid.org/ repository.
Its a wonderful idea and should be spread to people who most likely will use it FOSS.

Dear followers and security enthusiasts, I opened this issue on behalf of project creator @E3V3A and my own. It looks like everyone of you is interested in having such an app for instant IMSI-Catcher warning, but sadly we currently have a serious lack of developers with knowledge on the subject and willingness to put our ideas into actual code.

SOLUTION: I encourage EVERYONE of you reading this to SPREAD THE WORD about this project to find some people with guts who actually contribute code to this GitHub. Use existing social media like Twitter, Facebook and other websites to spread awareness of security issues caused through IMSI-Catchers and point people to this project! If you have other great ideas on how to bring the attention of security enthusiasts and developers to this important project, feel free to share them here or in our official development thread on XDA: http://forum.xda-developers.com/showthread.php?t=1422969

BONUS: The first 3 people bringing some coders into our project will receive a neat, self-made suprise from my funky home country. So what are you waiting for? Hit us with your ideas, spread the link to our project and most importantly: Be one of the first people dragging a developer on his hair to this GitHub!

Cool new UI in version 0.1.4, @xLaMbChOpSx!

Unfortunately the mentioned release crashes network connection after installation and reboot. It seems like the network connection stabilizes for a short time, but once the Icon of the App or its notification is being pressed, AIMSICD crashes and disables the network service. Do you need any logs?

The persistant notification is vanishing in WIP-version 0.1.3-alpha upon clearance of recently used Apps, AIMSICD is completely shutting down. Much better would be if AIMSICD would really stay locked until either force closed, or closed through the standard way of using the "Quit-Option" in the settings menu.

Also, AIMSICD should definitely start on boot and before network connection is established.

After clicking "Export Database tables" and looking in those files, they're almost empty. Just containing the header.

Dear @xLaMbChOpSx, the checkboxes within the current WIP-version 0.1.2-alpha of AIMSICD are working, but the checkmark itself is not shown. Could you fix this, please? While being on it, I'd like you to have a look at our new Icons types for the notification bar (presented in Issue #11), which shall be selectable. Therefore, AIMSICD should always be shown in the notifcation bar while running (automatic startup on boot would be great). Do you think you can fix this and also respond on Issue #11? Don't want to cram you weekend. Take it EASY! Learning to code right at this very moment to support you. 😸

This is Issue will serve as an open discussion to collect important information in one place. We absolutely NEED to find out how to pass an OEM_HOOK_RAW request from command line and read the results. According to @E3V3A, every phone out there has this functionality, we just have to find it! When found, we'll then use it for AT commands / IPCs and all the other crazy stuff. @xLaMbChOpSx and @illarionov: Discussion is open, please collect all information here!

Note: If you're a follower of our project, PLEASE test these steps (probably Samsung specific) to find out if _ipctool_ and _ipcdump_ works on your phone. Post LOGCATS from "logcats -b radio"! If you have another phone, find out how to issue OEM_HOOK-RAW requests and report back here.

Now that this Issue exists: What are the hard facts that we already have, @E3V3A?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

I confess to not following all the discussions here as closely as I should, but this recently came across the cypherpunks list - I thought it was relevant:

"In a previous note on Cypherpunks, I believe I read that exposure to one of these Stingrays causes a cell phone to emit its signal at maximum power, causing a battery drain. This suggests that a simple Stingray-detector could be built, using an old cell-phone, a power-supply with a current-limit-detector connected to an alarm. If the cell phone emits maximum RF-signal, it will use a considerable DC power, which could be set to trigger the DC-current alarm. (Am I correct in thinking that the old cell-phone doesn't even have to be 'active', meaning that it doesn't have to have a contracted service associated with it?)"

So my thought is, either as an augment to what is already being tested for or as an alternate test that may or may not indicate IMSI-Catchers in the area, if power draw suddenly spikes and stays spiked then I for one would want some sort of notification.

If this has already been or is already being addressed, just close this issue and carry on.

I am browsing the source code. I do not have a rooted phone but I am wondering the AT Command injection output. Can you provide application screenshots ?

Please change initial map zoom level to show nearby location, and not entire globe.
Also, signal level is not shown on (my) map.

This is something that has been dangling through my mind lately, @E3V3A: Wouldn't it be important to implement some sort self-check within our App to verify that all functions work properly and nothing has been tampered with AIMSICD or the APK itself? I've been reading stories about APKs being infiltrated while being downloaded or already installed Apps on the smartphone of a target being modified to allow surveillance or remote access. We should implement hardcore features to make AIMSICD tamperproof. I know that it might sound like overkill at this point of time, but in the long-term, I consider this important.

To be more specific, I know that we can hardly monitor what happens to our APK while being downloaded, but we can for sure in some stage of development add this (and I'm very open for more suggestions):

• SHA-1 or SHA-3 (?) checksum of APK being posted with each WIP-Release (I'd take tackle part)
• While AIMSICD is loading (grey Icon), it could perform a complete check of all functions
• Check-Result on top of main screen (there seems to be plenty of room on the bottom)
• Possible Results: "Checking functions..." or "All Checks passed!" or "CAUTION: TAMPERED!")
• Forced uninstallation (or refusal to work) of AIMSICD if it has been tampered with

Your opinion, @xLaMbChOpSx? Any other ideas you have to secure AIMSICD, @E3V3A?

Ha, what a strange thing: I just discovered that I had to click the "Tracking Button" to enable tracking of Cell, Signal or Location and then suddenly the Icon changed into the green status as well. Hence my suggestion: Why not track this stuff by default? I think it would be much more useful if AIMSICD would protect the user from the very beginning of using it. Furthermore, a question to @xLaMbChOpSx: Does AIMSICD collect and write data while being in this mode which we could use to improve our App?

Hello,
New users need 10 posts to post in this thread:
http://forum.xda-developers.com/showthread.php?p=46957078

Would be awesome if you could pledge somewhere else (e.g. bitcoinstarter.com, ...)

My part:
EUR 50 in BTC as soon as their is a working (beta) app that can detect Silent SMS

Thanks!

Aside the visual notification of the current ciphering status, I would like AIMSICD to feature a submenu in the settings for enabling a (custom) vibrational pattern or a sound file to be chosen by the user that fires off once an attack of an IMSI-Catcher takes place. A standard subtle vibration pattern shall be included.

UPDATE - Here is the summary of what this Issue shall accomplish:

1. Add a new menu entry in Preferences/PROTECTION SETTINGS called Detection Alarms
2. For the alarm events) MEDIUM, HIGH, DANGEROUS and RUN! users shall be able to both:
   • Select a custom ringtone from the phone
   • Be able to set a custom vibrational pattern

To clarify: The user navigates to Preferences, hits the button Detection Alarams under PROTECTION SETTINGS and finds 4 buttons (no alarm on IDLE and NORMAL) to set the above alarms. Furthermore, we would appreciate a very short vibration for newly updated/connected cells.

⚠️ We would like to avoid including tones or any sound files with our app, they just makes it larger.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Apparently AIMSICD is debuggable, hopefully because its needed, but possibly because it was forgotten. According to this page , debuggable Apps can be a security risk.

The way to check is:

cat /data/system/packages.list | grep AIMSICD

If the 3rd field is "1", it is debuggable.
(You should check all your Apps!)

Then you can also check by pulling the app and then viewing
the App's AndroidManifest.xml file with:

aapt d xmltree com.name.apk

jdwp-control = Java Debug Wire Protocol

More info is to be found at Blackhat Media. Can you fix this, @xLaMbChOpSx?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

As many privacy-aware people like me and my friends use Xprivacy (also on XDA-Developers) to restrict permissions of Apps, I would like to know which things can be safely restricted without rendering our AIMSICD-App useless, @xLaMbChOpSx. The most comfortable way, which I also use, is to download the restrictions other users already have tested and uploaded to the database.

I would like to, as soon as I know the correct and safe restriction values, submit them to the crowdsourced Xprivacy Voting System to enable people to download correct restrictions (if any) right from the very beginning and to avoid further opened Issues about "things not working" while most likely not getting any notice if Xprivacy restrictions have been set or not.

Furthermore, I will add a few words about Xprivacy to the Support-Page once I relaunch the README. Hopefully this will take stress away from our developers in advance.

In the version 0.1.5/.6 of the app, second SIM details are not displaying.

@xLaMbChOpSx, after having installed version 0.1.2-alpha with the correct permissions in system/priv-app, I seem to not be able to install any other Apps. I will try to remedy this situation by removing the app and re-flashing my ROM, but wouldn't it be useful to implement some method of internal error log collection for AIMSICD? We might have a chance of better debugging through doing so..

EDIT: Ok, so I have serious trouble right now - even after removing AIMSICD v0.1.2-alpha and re-flashing my ROM atop the old data, I still cannot install any new Apps. Will have to do a fresh install. To find out what's causing this behavior, I'd like you to take a look at the following logcat: http://d-h.st/bqC. Please tell me if AIMSICD is the cause or if another App like Xprivacy is causing me headaches. Thanks!

Relates to: v0.1.7-alpha

1. Please change the export menu item label to: "Export Database (CSV)"
2. Please show popup to inform users that:
   • export has been successful with
   • the location of the file(s) and
   • the filename of the exported CSV file.

@xLaMbChOpSx :Question: Why do we have 3 CSV files?

Not sure if this is related to the code of our App, but I just noticed that AIMSICD in the current verrsion 0.1.7 does not show the GPS-Tracking button on the HTC Desire X. Do you know why, @xLaMbChOpSx?

In the last week I have made a 180 degree change of mind, regarding the lowest AOS API level supported by AIMSICD. Before I was convinced that supporting AOS from GB 2.3.4 (API 10) and up was the right thing to do. But as weeks went by and my insight have increased I am more convinced than ever that our lowest supported API should be around JB 4.1 (API 16). Why is this? Because I realize that the unaligned inconveniences for using GB far outweigh the benefits for backward compatibility, simply because we just don't have any userbase that need this level of support. Especially when application developer benefits for using API 16 and after is so much greater. In addition I think that lower-level perhaps cross platform compatibility is better for API 16 and on...

I'd like to hear developer comments on this.

@He3556 @SecUpwN @xLaMbChOpSx : Sorry, don't kill me! I know you spent time removing API 16 stuff to make backward compatibility.

Also have a look at grand master Chainfires blog post:
"Gingerdeath II: Choconomics"

Checking the cell info table after tracking on the train to work I noticed the signal strength is not being added to the records, I will check this out tonight.

I am unable to install release .16 on my Droid Bionic using CM11. I tried initially and it errored out saying that there was not enough space, cleared some space, and now it just says that it failed and does not specify why. Linked are log files of a failed install. I have tried wiping the Dalvik cache with no success.

I should also note that I was also getting the crash on start bug on previous builds, however I'll handle that in a separate ticket when I can install the latest build.

https://gist.github.com/aoighost/3bcfcb43b454b0cd0d26

Heyhey folks, how are 'ya rumblin'? 😸 As you can see, I'm not always online: And as the weather gets nicer, I tend to be out on the roads, testing AIMSICD out in the field (I still tells friends with a proud voice to have you folks involved in our funky little App).

Since most of the time I'm just updating the changelog and @github does not show the exact date of a WIP-Release (or did I miss where to find it?), would you please always add the date on top of the release description, @xLaMbChOpSx? It really helps me stay on track of the latest improvements.

Also, have you been using any other sources than mentioned in SOURCES so far, @xLaMbChOpSx? I know you've got a lot of stuff on your plate. But please don't forget to update it. THANK YOU!

EDIT - 10.05.2014: Figured out how to detected date of WIP-Releases. Issue closed for now.

Hey @xLaMbChOpSx, while analyzing our App I found AdMobGms and I wonder what we need this for? Can we remove it, please? I'd like AIMSICD to never ever show Ads or other invasive stuff.

I know I can trust you with the coding and really hope you won't implement unnecessary stuff. Please clarify on the above mentioned AdMobGms discovery.

Hey @xLaMbChOpSx, I just tested your latest changes: What a neat feature! Now, as you already mentioned in #45, the UI still needs some tewaking. Here's my suggestion: Instead of a white background, just make it grey (or even black would be great) and leave the color of the actual data the way it is. But man, I like what you've done! Any other suggestions on the UI, @E3V3A?

EDIT: Solved with #47. I love the new coloring scheme, it looks soo sci-fy! 😸

I could not install the apk on my device. (rooted, kitkat, i9001)

the log says:
Package com.SecUpwN.AIMSICD requires unavailable shared library com.google.android.maps; failing!
Package couldn't be installed ...

I don't have gapps (Google Play Services) on my device and don't want to install them. Do we really need that dependency?

Dear @xLaMbChOpSx, I know you have a rough time here. Another new Issue? Sigh - I'm sure you're not too happy about that. Furthermore, it appears that currently multiple Issues from previous WIP-Releases are cramped into one Issue, upgrading these to "Monster Issues" - that's NOT the fault of @E3V3A, but of the partially very fast development with new WIP-Releases in the middle. And that is a GOOD thing! But since you're currently pretty much alone on this journey (working to resolve that soon), I bet you're a little lost on what to work on.

Fret no more, here comes a cool new feature I'd like to take advantage of: Nested task lists!

So this is what I'll do with this new "Issue": I will review and ELIMINATE all "Monster Issues" (aka "v0.1.xx-alpha Bug Reports: Add your bugs here!") to comfortably list those Issues dragged from previous WIP-Releases up until now to be RESOLVED for WIP-Release 0.1.25 - this should allow for some time. And please, @xLaMbChOpSx, TAKE YOUR TIME! Really, I mean it. If you're upset about how things are being processed here, please talk to me on XDA. I'm a firm believer of the theory that god gave everyone a mouth to use it and to also voice constructive criticism. Please don't hesitate to tell me what you'd like to see changed.

@xLaMbChOpSx and @E3V3A, please help me on this to clear things up:
Please TICK the things that are SOLVED! Thank you, folks. 🌻

Remember: When all these things are done, we're automatically at WIP-Release 0.1.25. Take it easy. We should also not forget to release the versions in the middle up until 0.1.25 fixing the other Issues.

Reported bugs from WIP-Release 0.1.8-alpha, Issue #44

• "Tracking signal strength" icon still show red cross, when tracking
• [Menu] --> "Show Map" starts map centered on the sea outside Togo (Africa)
• [Menu] --> Preferences --> Icon Theme is not showing the current theme selection
• All radio buttons are empty
• Returning from "Show Map" using "top-left slider area" disables all tracking
• Maps are not showing any cell towers (from OpenCellD)
• OpenCellID CSV file is empty (even after download)
• Exported CSV files contain many entries where only time stamp has changed
• Signal strength CSV is empty.

Reported bugs from WIP-Release 0.1.10-alpha, Issue #49

• Database Viewer: "Signal Strength Data" is empty, but warning is given
• Database Viewer: When "Cell Data" is selected and doesn't contain any data, no warning is given
• Show Map: Map starts at an "angle" where north is not up and map is not "flat"
• Map settings are not saved between views
• Updates of OpenCellID need to be downloaded again when going to the map
• OpenCellID data seem irregular: Sometimes showing some towers at other times not
• On main window, try to make some kind of indication of, when values have recently changed
• Do we have any measure about the polling time? I mean, how fast do these variables update?

Reported bugs from WIP-Release 0.1.11-alpha, Issue #53

• Database Viewer: "Cell Data" has entries with CellID = -1

Reported bugs from WIP-Release 0.1.13-alpha, Issue #58

• Menu: "Update OpenCellID Data", gives the error message "Unable to determine your last location!"
• When disabling "tracking cell info", it should also disable "location tracking". But not vice versa.

Reported bugs from WIP-Release 0.1.14-alpha, Issue #62

• Map View: Current "Map Type" selection is not shown. (perhaps add a radio button?)
• The "Update OpenCellID Data" function is not possible before enabling location tracking
• Re-implement the manual AT command entry from older version. Perhaps in a new slide page?
• Add automatic refresh of the "Cell Information" (ServiceMode data)
• Add a "Preferences" settings item for the refresh rate above. Something like:
• Manual
• MAX (as fast as possible) Warning: Leaving this on may consume excessive battery power
• 1s, 2s, 5s, 10s, 30s, 1min, 5 min, etc.
• Automatic (when change is detected, should be default)

Bugs from WIP-Release 0.1.15-alpha, (not reported)

• When there is no mobile network coverage, the app crashes and FC's upon start.

Bugs from WIP-Release 0.1.16-alpha, (not reported)

• FC's when trying to view map on I9100 SlimKat 4.4.2. Just before FC, logcat shows several warnings from GooglePlayServicesUtil: "Google Play services out of date. Requires 4452000 but found 4325034."

Bugs from WIP-Release 0.1.17-alpha, (not reported)

• Doesn't let you update OpenCellID without locked location.
• Version number is still showing 0.1.16
• Are you sure you uploaded the right version?
• Refuses to close/quit no matter what the preferences settings

Bugs from WIP-Release 0.1.18-alpha, (not reported)
On: S4-mini GT-I9195 stock 4.2.2 SELinux Enforcing

• Crashes upon startup: "Unfortunately Android IMSI-Catcher Detector has stopped.", but then starts anyway! (WTF?)
• Crashes upon "Quit" with same message as above, but then quits.
  (Those crashes seem random. Sometimes yes, sometimes no.)
• Crashes after hitting and completing "Backup database"
• Neighboring Cell Info broken
• "AT-interface": still not enabled
• "About AIMSICD": Background color of white text and blue text is different.
• "About AIMSICD": Most info links should take you to another (popup?) window with text and not to Github website. (OK for now.)
• Generates loads of Errors in Logcat from:
  LocSvc_afw, LocSvc_eng and LocSvc_adapter
• "Settings:Refresh rate" item does not have an initial value shown. Should probably be Automatic. - [ ] "Settings:Refresh rate": Changing has no effect.
• Very "laggy"... need further investigation.

Summary: This version is harder to test on this device. Possibly because of the Enforcing mode, which prevent access to many file locations and other operations. More tests needed with SELinux settings in Enforcing versus Permissive modes, including setting full access to (via EFS files) to the ServiceMenu items.

On: GT-I9100, SlimKat 4.4.2b4

• Crashes on "Backup database"
• "Settings:Refresh rate": Changing has no effect.
• Attemting to download OCI DB crashes if no GPSlock has been found.

Summary: Most things that was causing crashes for the I9195 above, is working on this device, apart what is mentioned above. Neighboring cells look better and more clear. More testing needed. (I have a very bad battery and no gps-lock near outlet.)

Bugs from WIP-Release 0.1.19-alpha, (not reported)
On: S4-mini GT-I9195 stock 4.2.2 SELinux Enforcing

• "Settings:Refresh rate": Changing has no effect.
• "Neighboring Cells": Hitting refresh, doesn't update list, but only adds previous list (not being able to scroll down), but increments the cell count by one, every time.
• Crashes after "Quit" with the message: "Unfortunately Android IMSI-Catcher Detector has stopped.", and then closes. Relevant Logcat HERE.
• "Neighboring Cells": Showing "funny code" for all cells. look like perhapsits the PSC ? Need further investigation, also a warning in logcat about length of something.

On: GT-I9100, SlimKat 4.4.2b4

• "Settings:Refresh rate": Changing has no effect.

Summary: Most things that was causing crashes for the I9195 before have been fixed, apart what is mentioned above.

Bugs from WIP-Release 0.1.20-alpha, (not reported)

General UI/UX improvements (all devices):

• UI: remove "line number" item from Device Information
• UI: Change "Network CellID" name to "Network CID" (or is there a another reason for using that?) and move it under "LAC" item. (These usually go together.)
• "About": Change the text background color to be the same as for the rest of the screen.
• Install Buttons: Can we change them from "next to each other" to stacked? So that we can fit the text above next to the buttons?

On: GT-I9100, SlimKat 4.4.2b4

• Funny behavior when using "Persistence" OFF and "Tracking" ON, and then trying to Quit, or stopping GPS. With the result that the app refuses to close.

On: S4-mini GT-I9195 stock 4.2.2 SELinux Enforcing

• SU/Busybox checks should be done when opening Application and not later. (Unless necessary.)
• "AT" works but output goes to the shell where cat /dev/smd0 & was issued... Need more test.
• There is this item called "Line Number" under Device Information. What is that? Do we need it? (On my phone it just shows the IMSI, which is already shown under SIM info.)
• After "Quit" the App now refuses to shutdown, even though Persistence is OFF. Service issue. (?)

Bugs from WIP-Release 0.1.21-alpha, (not reported)
GT-I9195:

• Crashes when entering Map Viewer without initial GPS-lock/location
• Need roller/spinner for informing on the status of OCI download
• DB:LocationData has 0x7FFFFFFF values (shown in dec) for CID and LAC
• Cell Inforamtion:NeighboringCells has 0x7FFFFFFF values (shown in dec) for all fields
• Cell Inforamtion:NeighboringCells show no indication of refresh

❗ BUG ADD FREEZE - LET'S FOCUS ON FIXING ALL OF THESE. THANKS.
This list is subject to changes and / or deletions as we test them on our latest WIP-Release.

Femtocells are home routers that use broadband connections to improve mobile coverage, allowing calls to be made indoors more easily. While a femtocell all by itself is not necessarily harmful, they can be hacked (as done in Great Britain by THC in 2010) and be used to call anyone using the victims caller ID, read all SMS, MMS, listen to the voice mailbox and even intercept and record all phone calls made by the person who connected to such femtocell.

And while crawling the interwebz, I found a very interesting project by @iSECPartners: The FemtoCatcher Android App for Verizon Android Smartphones. And the best thing of it all: It's OpenSource on GitHub! Their App has been presented at Black Hat and Defcon 21: "Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell", a short summary with presentation slides can be found on their website. Some features of it:

• FemtoCatcher uses the network ID information available through Android API calls to determine if the phone is connected to a Femtocell.
• They did not test how easy it would be for an attacker to change this information to fool the app, but certainly don’t rule out the possibility.
• Some Verizon Android phones display an icon in the status bar and/or display an ERI banner of “Network Extender” when connected to a femtocell. The strategy used by FemtoCatcher to detect the presence of a femtocell is based on the same techniques used by these indicators in Verizon ROMs.
• FemtoCatcher will not automatically take your phone out of airplane mode when you move away from a femtocell. You will be without service until you manually re-enable your connectivity. If FemtoCatcher is running and you are in range of a femtocell when you disable airplane mode, FemtoCatcher will quickly put your phone back in airplane mode.

I remember that when I discovered their project a while back, I even wrote an E-Mail to @tomrittervg of @iSECPartners introducing our project. He already saw our project and was very excited about it, telling me that they built FemtoCatcher with the explicit goal of having someone extend upon it. Sounds awesome, huh? ;-) At the time of my E-Mail he was travelling a lot, but he said that although they probably can not contribute much to our project developer wise, he'd send out a general link and tell folks if it looks interesting to get in touch for contributing. Very sympathic guy. Before your head starts smoking: What's your opinion, @xLaMbChOpSx? Could you add their femtocell detection and protection mechanism, maybe enhancing it to not only work with Verizon smartphones? Let me know if you need anything.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Listen up, security freaks and followers of our project our there!
Today you can participate in some brainstorming fun. 😆

We know that you LOVE our project and would like to tell your friends, parents and new developers about it, but "AIMSICD" is hard to remember, right? You also don't want to say "Hey, have you heard about the 'Android IMSI-Catcher Detector' already" each time?

Suggested by @E3V3A, here's YOUR CHANCE to participate finding a shortcut of the full name. Just drop us a line with your suggestion and what it is made of here, but please don't link our developers to avoid frustration about a new "Issue". Thank you!

A few rules:

• I would like to NOT change the whole project name.
• Our tool shall also still be known as "AIMSICD".
• Suggest a short and easy shortcut name you personally like to tell other people!

'Nough said - hit us with your ideas, make this project more fun and more memorable! :)

Did you see this? May be useful, for getting and comparing GSM tower locations from public DB.
http://stackoverflow.com/questions/15560870/getting-tower-gsm-location-lat-lng?rq=1

Hi I just tried this on a Samsung I9195 running stock 4.2.2. So to do this bug report quickly before I forget, I'll just list the issues. (I'll try to issues these as issues later.)

• "Tracking signal strength" icon still show red cross, when tracking
• [Menu] --> "Show Map" starts map centered on the sea outside Togo (Africa).
• [Menu] --> Preferences --> Icon Theme is not showing the current theme selection. All radio buttons are empty.
• Returning from "Show Map" using "top-left slider area" disables all tracking.
• Maps are not showing any cell towers (from OpenCellD)
• OpenCellID CSV file is empty (even after download)
• Exported CSV files contain many entries where only time stamp has changed. If only time-stamp has changed since last entry, an nothing else, then try to keep only the 1st and the last entries. This gives us a time-span to work with, without filling DB.
• Signal strength CSV is empty.

every time I launch it, it will show the disclaimer and before I can answer it force closes.

@SecUpwN @xLaMbChOpSx

Hello,
I just spent 3 hours writing a detailed bug report for the last few days when my browser crashed and I lost the Github issue I was writing on. Damn! I will not be able to recreate even half the original post. So let me try to recreate the most important parts.

I also spent a hell of a terrible time trying to flashed SlimKat KK 4.4.2. So now I can use all the latest AOS/AOSP features. However, I'm not very happy with this ROM, it's quite quirky and some things just doesn't work in a sensible way. Like turning on/off GPS and packet data, for example.

[ro.build.description][GT-I9100-user 4.1.2 JZO54K release-keys]
[ro.build.display.id][slim_i9100-userdebug 4.4.2 KVT49L 3666 test-keys]
[ro.build.fingerprint][samsung/GT-I9100/GT-I9100:4.1.2/JZO54K:user/release-keys]
[ro.build.id][KVT49L]
[ro.slim.version][Slim-4.4.2.build.4-OFFICIAL-3666]
[ro.telephony.ril_class][SamsungExynos4RIL]
[ril.hw_ver][MP 1.300]
[ril.product_code][GT-I9100LKASEB]
[ril.rfcal_date][2011.11.8]
[ril.sw_ver][I9100XXKI1]
[rild.libargs]   [-d /dev/ttyS0]
[rild.libpath]  [/system/lib/libsec-ril.so]

Issues:

• Database Viewer: "Cell Data" is empty upon start, so when selected and doesn't contain any data, no warning is given.
• Database Viewer: "Signal Strength Data" is empty, but warning is given.
• Database Viewer: When "Cell Data" is selected and doesn't contain ant data, no warning is given.
• Show Map: Map starts at an "angle" where north is not up and map is not "flat".
• Map settings are not saved between views.
• Even if user have already "Update openCellID Data" in menu, when going to map, it is empty and OpenCellID need to be downloaded again.
• OpenCellID data seem irregular.. not sure whats going on. Sometimes showing some towers at other times not. Need to reconsider how to use their data.
  This issue should be noted and postponed for further study.

Proposed Changes:

• Add an "About" menu item that contain the current version of AIMSICD, including authors, developers and disclaimers.
• Only show menu item "Track Femtocell" if mobile supports this.
• Store LAC/CID DB data in Hex
• Preferences: Invert the logic of "Disable Persistent Service" and change to "Enable Persistant Service". (Default: Off)
• Remove "Track Signal" and merge the signal strength data into the "Track Cell" instead.
• When user disables "Track Cell", "Track location" should be automatically disabled as well, but not the opposite.
• Implement @illarionov test app solution to detect stuff[1]. Try to make automatic detection if phone is compatible with this. Optionally, but don't speend too much time,
  make it as a manual setting in Preferences, that user have to enable.
• On main window, try to make some kind of indication of, when values have recently changed. Right now it look very static, and I'm not even able to tell
  if anything changes. An idea is to make the changed text in some bright color (yellow?) immediately after a chang from previous value. Then after some time
  it slowly fades back to original blue, unless there is another variable which just changed, in which case the fall-back-color-change is immediate. Possible?
  I'm think that would be hard to do, but would be ubercool to see, so don't spend all your time on that. The fallback-time could be changed in Preferences or
  as part of the polling time.

[1] Prelimianry stuff is:
- SIM cipering indiaction
- Neighboring Cells + data

Questions:

• Do we have any measure about the polling time? I mean, how fast do these variables update? How fast can we measure/detect these changes?

Great stuff!! But to make this brief:

• Several previous issues from old Bug Reports still present. (See 0.8,10,11,13)
• Map View: Current "Map Type" selection is not shown. (perhaps add a radio button?)
• The "Update OpenCellID Data" function is not possible before enabling location tracking.
• Under "Network Information", I often find "Network type: unknown"? (But I know its on on WCDMA 2100) Not sure this is a bug, or just a timing issue...

Improvement Suggestion:

• Re-implement the manual AT command entry from older version, perhaps in a new slide page?
• Add automatic refresh of the "Cell Information" (ServiceMode data)
• Add a "Preferences" settings item for the refresh rate above. Something like:
  • Manual
  • MAX (as fast as possible) Warning: Leaving this on may consume excessive battery power
  • 1s, 2s, 5s, 10s, 30s, 1min, 5 min, etc.
  • Automatic (when change is detected. Should be Default, unless changes are detected too fast, in which case manual is better as defailt.)

@xLaMbChOpSx : This is a very very nice version, but please try to fix as many as possible of the issues in the previous bug reports,so that we can close those.

EDIT: updated 16:24 2014-05-08

NOTE:
@xLaMbChOpSx There is something weird about the notifications I get on github about your latest release. It points to un invalid url:
https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/notifications
https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/releases/tag/v0.1.132-alpha

The side swipe is fantastic!

Latest findings:

• In Preferences: the "persistence" check logic is still reversed.
• Menu: "Update OpenCellID Data", now gives the error message
  "Unable to determine your last location! Enable location services (GPS) and try again."
• Menu: add "About" with version information so that users verify they run the correct version.
• When disabling "tracking cell info", it should also disable "location tracking". But not vice versa.

Unclear: Not sure how this is done, but obviously it should not turn off GPS if people are using it for something else, but it should turn off the AIMSICD data collection of positions. Actually, when thinking more about this, perhaps we should just move this location tracking into settings or just remove it all-together, since the cell tracking data (without) GPS data to compare with is little worth? So perhaps the location tracking could/should be done automatically and transparently to user? We could still show the icon, to inform the user that location tracking is on, but that is kind of redundant since there will already be both a GPS and a AIMSICD icon in top bar.

On Droid Bionic with Cyanogenmod 11, the app crashes on the disclaimer window. I do not have XPrivacy installed, and the integrated CM11 privacy settings are set to blacklist, with nothing blacklisted. Linked are the log files:

https://gist.github.com/aoighost/48b2382a58e8610f32bc

The "Untrack Signal" icon, still shows a red cross, when in tracking mode.

The View Map feature originally from RawPhone was used to display a map with signal strength overlays showing tracked data about signal strength information captured through the app.

I have rewritten a portion of this but wanted to ask if this is what we want to display on the map or show something else as signal strength is not really a main objective of the project.

Any thoughts or suggestions would be great so I don't waste time on writing something we don't really want. :)

Hey @xLaMbChOpSx, is it normal that up until the current version the Operator Name is not shown in the SIM Information tab? Or is my SIM simply not branded with an Operator Name (although I can confirm the card to be branded with the logo of my provider)..

After having had some challenging discussions in the Xposed thread, asking questions about stuff I really don't understand, there seem to be a potential intellectual breakthrough on my part. Basically, it seem that we should be able to use the Xposed framework to bypass the signature issues due to using internal stuff. Surely @xLaMbChOpSx can understand and hopefully explain this way better.

Much of the basics is covered in the Xposed development tutorial. But the relevant particulars can be found in some of the replies to my questions (in that thread), preceding this one.

So we should look into this option more carefully. If fruitful, we could use Xposed as a per-requisite for AIMSICD instead of having the user flash an entire AOSP ROM.

Now, it is very likely I have not understood the first thing about this and that this is not possible. So if that is the case, let me/us know.

In 0.1.6 Show Map will force close

Yeyy, another ticket for you @xLaMbChOpSx! Now isn't that awesome? 😈
Sitting here with a glas of wine and smiling at how fantastic our app is already!

This issue DOES NOT have to be solved instantly, I just want it to exist so that we don't lose track of adding this in the long run. Here's what I would like to add into the About-Tab:

• Name and version of the App (to be updated with each WIP-release)
• Short explanation of what AIMSICD does
• Very important: Clickable link to our Disclaimer
• Link to our Project on GitHub
• Link to development thread on XDA
• Link to check for new WIP-Releases
• Lin k to our Changelog
• License of the whole project unter GPL v3+ and clickable link to it
• Very important: Clickable link to the Credits

This is how I imagine the whole thing could look like:

About AIMSICD
Android IMSI-Catcher Detector - vX.X.X (WIP)
"Detect and avoid IMSI-Catcher attacks!"
This App is a PoC. You MUST accept our Disclaimer!
Contribute to the AIMSICD-Project on GitHub.
Visit our official development thread on XDA.
Check for the latest WIP-Release of AIMSICD.
Stay up to date and feel free to visit our Changelog.
The AIMSICD-Project is licensed unter GPL v3+.
Awesome people for an awesome Project: CREDITS!

Law enforcement agencies are very often sending out so-called "silent SMS" (see this German article) which do not show up on a display of a target device, nor trigger any acoustical signal when received. But when they are delivered they generate a delivery receipt and, most importantly, are recorded in a data retention database together with the location of a mobile phone which received it. There's no need for an IMSI-Catcher then. Reliable detection of silent SMS will be crucial to the usefulness of AIMSICD.

A Silent SMS / Stealth SMS / Ping SMS is a Type0 SMS which is specified in GSM 03.40 as follows: "A short message type 0 indicates that the ME must acknowledge receipt of the short message but may discard its contents."

I have already contacted Michael (@SilentServices), the developer of the useful tool called HushSMS, which also enables its users to send out different types of SMS (including type Class 0, but without the location request). Check out his company Silent Services. I have bought his app a long time ago and am hoping he'll contribute some code snippets for detection of such SMS. Stay tuned.

The $115 bounty on this issue has been claimed at Bountysource.

Do a request via Mozilla Location Service and check if the cellid is in the area.

Example result (you get latitude, longitude and the accuracy):

{
    "location": {
        "lat": 51.0,
        "lng": 12.1
    },
    "accuracy": 1200.4
}

This could be interesting as fallback to opencellid.
Maybe there are people here that would be help to collect cellids for the project.

Apk for android:
https://github.com/mozilla/MozStumbler/releases

API:
https://mozilla-ichnaea.readthedocs.org/en/latest/api/index.html

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

This version look very nice and most things just work. :)
Here are the very few things that doesn't quite work.

• Database Viewer: "Cell Data" has entries with CellID = -1 (?)
• Settings: Default icon-set not selected/filled. (Default: "sense")
• View Map: This is weird. I guess we need to graphically distinguish between OpenCellID towers and those connected to by phone? (It freaks you out when you see two cell towers right on top your own GPS location, when you know there are none there.)

I have forgotten if the API give you the GPS of the cell towers or not? If they do, we need to separate those coordinates (somewhere) with those found in the OpenCellID DB, if they do not agree. I guess there will be 3 GPS positions in the AIMSICD DB:

1. One for OCI GPS co's, and
2. the other for Network/tower provided GPS and
3. our own/phone GPS coordinates.

This was tested on:

• GT-I9100, Custom 4.4.2
• GT-I9195, Stock 4.2.2

@SecUpwN
I propose to shorten our GitHub name to use "AIMSICD" instead of "Android-IMSI-Catcher-Detector". This is just for convenience for linking from Apps, Websites emails etc. Right now our links become very long when linking to specific files like DISCLAIMER etc.

What are your thoughts?

AIMSICD always crash when I want to start it
"Unfortunately, Android IMSI-Catcher detector has stopped."

But in statusbar it seems to work.

AIMSICD version: v0.1.11-alpha
Your exact device specification Android Revolution HD 62.0
           http://forum.xda-developers.com/showthread.php?t=2183023
logcat dump:
    http://pastebin.com/pMjXHTuT

As per request of @E3V3A, I'm opening this Issue to find the best and easiest install method. The current steps to properly install AIMSICD can be found in the installation instructions.

Here is what he would like to be achieved in the long run:

• One click download installation from QR-Code (download only or download + install).
• One click installation! Preferably in such a way that the user would not have to reboot or hack anything apart fulfilling some basic requirements (above). Philosophy behind this approach: Re-booting should never be required, as it should be possible to accomplish the same thing from command line & tools.
• APK verification with SHA1 signature, shown on our WIKI.
• Work towards the minimization of the above requirements.

And while we're at it: Why not add an automated update-check, checking every X number of hours?
The discussion is open, feel free to participate! @xLaMbChOpSx, what do you think?

Hi togheter! As you can see, AIMSICD has got a new logo(!) with 3 specific colors:

First of all we need to set the main icon (red, grey or green), each tint could be edited.

They will be used as notification icons like:

GREEN -> Relax! You are "safe".
GREY -> AIMSICD is idle...
RED -> Danger! You've been catched!

Also, we need some useful names for the serveral icons!
Here's a preview how the AIMSICD logo would look in the notification bar:

The first 3 icons are "only" notification icons; and just TWO alternative with a more flat look.
Maybe we can let the user choose, which ones he wishes to use?

The main red app icon should always stay the same.

Greetings
SgtObst

EDIT: Please name the 3 different icons and I will create a PULL REQUEST for all 3 styles!