Android-based project to detect and (hopefully one day) avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Sounds cool and security is important to you? Feel free to contribute! ;-)

German Article about our Project: IMSI-Catcher Erkennung für Android – AIMSICD.

• Discussion and constructive criticism: Official Development Thread on XDA.
• Before submitting a commit, please carefully read our Styleguide.
• Storage for source code we should add: MERGESOURCE, carefully follow this README.
• Developers will be rewarded. You know of a cool crowdfunding service? Recommend it to us.
• Not a developer? You can help too! Get the GSMmap-APP and submit collected data to the GSM Security Map to enlarge its database for comparison of mobile network protection capabilities!
• Want to know what's boiling under the hood? You're welcome to bookmark our Changelog.

YouTube: DEF CON 18 - Practical Cellphone Spying with Kristin Paget

Unfortunately it seems that IMSI-Catchers have been exponentially popular lately, with an explosion of various "bastards" with governments and criminals all the same, using it. Anyone can now buy an IMSI-Catcher (or build a cheap one on his own). In addition they can all crack the A5.1-3 encryption on the fly! This is why the original author named "E:V:A" started this project. Let's detect and protect against these threats! Never think that you've got "nothing to hide". You'll very likely regret it one day.

• Get scared on YouTube: How easy it is to clone a phone + call when connected to a femtocell.
• Also, check out this talk by Karsten Nohl and Luca Melette on 28c3: Defending mobile phones.

• a. collects relevant RF related variables using public API calls. (LAC etc)
• b. puts them in an SQLite database
• c. catches hidden SMS's
• d. catches hidden App installations

• e. opens a device local terminal root shell
• f. uses (e.) to connect to the modem AT-Command Processor ATCoP via shared memory interface SHM
• g. displays the results from sent AT commands
• NOTE: This is crucial to our project. Please help E:V:A develop a Native AT Command Injector!

• h. use the OTG (USB-host-mode) interface to use FTDI serial cable to interface with another OsmocomBB compatible phone (using Android host as a GUI host)
• i. uses the "CatcherCatcher" detector SW on the 2nd phone
• j. can inject fake 2G GSM location data
• k. find out how to access L0-L2 data using the ATCoP connection
• l. use a statistical algorithm (and smart thinking) on the DB data to detect rogue IMSI catchers
• m. combine all of the above (steps h to l) into a BETA App for testing, add more languages
• n. improve BETA app by adding (many more) things like IMSI-Catcher counter measures

• Add option to make app device administrator
• Add switch to utilize ROOT for digging deeper
• Usage of the XPosed Framework

• Detects IMSI based device location tracking
• Provides counter measures against device tracking
• Can provide swarm-wise-decision-based cellular service interruption
• Can provide secure wifi/wimax alternative data routes through MESH-like networking
• Detect and prevent remote hidden application installation
• Detect and prevent remote hidden SMS-based SIM attacks
• Prevent or spoof GPS data
• Does NOT secure any data transmissions
• Does NOT prevent already installed rogue application from full access

• Provide full device encryption
• Provide secure application sand-boxing
• Provide secure data transmission
• Provide firewalls (awesome solution: AFWall+)

This project is completely licensed under GPL v3+.

Found a bug? Please create an issue here on GitHub!

Our project would not have been possible without these awesome people. HUGE THANKS! ;-)

This list will be updated as our project evolves and shall be included within the final app.

• Smartphone Attack Vector - Smartphone flaws and countermeasures
• Kuketz IT-Security Blog - Great Security Reviews (written in German)
• PRISM Break - Alternatives to opt out of global data surveillance
• The Guardian Project - Secure Open Source Mobile Apps
• Security Research Labs - Stunning Security Revelations made in Berlin
• The Surveillance Self-Defense Project - Defend against the threat of surveillance
• Electronic Frontier Foundation - nonprofit organization defending civil liberties in the digital world
• TextSecure - Secure text messaging application for Android (replace WhatsApp)
• RedPhone - encrypted voice calls for Android
• KillYourPhone - make your own signal blocking phone pouch super fast for little money