For years, mobile carriers have been forced to keep a 1990s-era network alive because modern phones would not let users fully walk away from it. That is now changing. New controls arriving with Android 16 finally give carriers and subscribers a practical way to shut off 2G by default and sharply reduce the risk of fake cell-tower surveillance.
The shift sounds technical, but the stakes are concrete. Police departments, private investigators, and criminals have all used impostor base stations to quietly track phones and intercept calls. Removing 2G as a fallback path cuts off one of their easiest tools and forces attackers to work much harder for the same results.
How Android 16 lets carriers truly retire 2G fallback
Until now, most Android phones have treated 2G as a safety net. Even if a user toggled off 2G in settings, the modem firmware and carrier profiles could still push the device to connect to a 2G tower in fringe coverage or during network trouble. That behavior made sense when 3G and 4G were new, but it left a permanent backdoor for anyone running a spoofed base station that pretended to be the only available signal.
Android 16 changes that logic. According to Android 16 documentation, Google is adding new mobile network security options that let the operating system and carrier configuration jointly enforce a hard block on 2G connectivity. When the feature is enabled, the phone will not attach to a 2G cell, even if the radio environment is degraded or a fake tower tries to advertise itself as the strongest signal.
The same controls also give carriers more direct influence over which legacy technologies a device can use. Rather than relying on scattered manufacturer settings or hidden modem flags, operators can ship a unified profile that disables 2G for entire classes of subscribers, such as postpaid smartphone plans, while keeping it available for specific machine-to-machine devices that still depend on it. That policy hook is what finally lets a carrier flip the default off for the vast majority of customers without breaking niche services that have not migrated yet.
Android 16 also tightens how the system handles insecure network features. The new settings allow users and carriers to reject connections that do not support modern encryption or that try to downgrade authentication. This makes it harder for a rogue base station to trick a phone into dropping protections that are standard on LTE and 5G. While 2G is the headline, the broader goal is to stop silent downgrades across all radio generations.
Why shutting off 2G is a security milestone, not just a tech upgrade
For privacy researchers and civil liberties groups, 2G has long been the weak link in mobile security. The original GSM standard did not require mutual authentication between the phone and the tower. A handset had to prove it belonged on the network, but the tower did not have to prove it was legitimate. That asymmetry allowed devices like IMSI catchers to pose as real infrastructure, capture the International Mobile Subscriber Identity of nearby phones, and often force them to use outdated ciphers or no encryption at all.
Those devices have been used by law enforcement agencies and, in some cases, by foreign intelligence services and criminal organizations. They can be mounted in vans, aircraft, or even backpack-sized rigs. Once deployed, they quietly pull in identifiers from every phone in range, which can be used to track movement patterns or single out a target for further surveillance. Because 2G tolerates weak security, these systems have had an easier time coercing phones to connect on that band even if the user thought they were on LTE.
Carriers have tried to limit the damage by rolling out 4G-only and 5G-only plans, but without operating system support, those efforts have been partial at best. A phone that still treats 2G as a last resort will eventually talk to a fake tower if that is what appears to be available. With Android 16, the default can finally flip. A subscriber with a modern device and a carrier that enforces the new policy can move through a city where an attacker is running a rogue base station and never silently fall back to 2G.
The timing matters because the rest of the stack has already moved on. Many carriers have shut down 3G entirely and are refarming that spectrum for LTE and 5G. Voice calls increasingly ride on Voice over LTE and Voice over New Radio, which use stronger encryption and better authentication. That leaves 2G as an aging island of weak security in an otherwise hardened ecosystem. Removing it from default operation aligns the radio layer with the expectations users already have from their apps and messaging services.
There is also a consumer trust angle. High-profile reports about tracking devices, data brokers, and location leaks have made people more sensitive to how their phones can be used against them. When a platform vendor and carriers collaborate on a feature that directly addresses one of the oldest over-the-air surveillance vectors, it signals that network-level privacy is finally getting the same attention as app permissions and browser cookies.
What carriers, users, and regulators will need to do next
Even with Android 16’s new controls, 2G will not vanish overnight. Many regions still rely on it for basic voice coverage, particularly in rural areas where upgrading towers is expensive. Some machine-to-machine deployments, such as older alarm systems and industrial sensors, still use 2G modules that cannot be upgraded with a simple software patch. Carriers will have to map where those dependencies exist and plan a staged shutdown that avoids stranding critical services.
That is where the new policy levers become useful. Operators can start by disabling 2G for mainstream smartphones in urban and suburban markets where LTE and 5G coverage is dense, then keep it alive only for whitelisted devices that genuinely need it. Over time, as those legacy deployments are replaced, the whitelist can shrink until 2G is effectively gone. The key difference is that the default will finally favor security instead of backward compatibility.
Regulators and standards bodies are likely to weigh in as well. Some jurisdictions already require transparency when law enforcement uses IMSI catchers or similar tools, while others are considering outright bans on certain types of cellular interception. As 2G becomes optional rather than mandatory for basic connectivity, policymakers will have more room to push carriers toward disabling it without risking widespread service loss. At the same time, they will need to watch for attackers who pivot to more advanced techniques on LTE and 5G, which still have their own implementation flaws and configuration risks.
For users, the near-term steps are straightforward. Once Android 16 reaches their devices, subscribers should check the new mobile network security settings and, where coverage allows, opt out of 2G entirely. Enterprises with sensitive field staff, such as journalists, activists, or executives handling trade secrets, can make that choice part of their standard mobile device management profiles. The fewer phones that will talk to a 2G tower, the less attractive that attack vector becomes.
Device makers and chipset vendors also have work ahead. They will need to ensure that modem firmware, radio stacks, and diagnostic tools all respect the new hard block on 2G when it is enabled. Historically, debugging modes and factory test settings have created side doors that bypass user preferences. If those paths are not closed, sophisticated attackers could still try to exploit them. Aligning hardware behavior with the operating system’s promises will be essential if carriers are to confidently advertise 2G-free service tiers.
Looking a bit further out, the Android 16 shift hints at how future network generations might be managed. Instead of treating each radio technology as a permanent layer that must be supported forever, platforms and carriers can treat them as features that can be retired on a predictable schedule once better options are available. That mindset would avoid repeating the 2G problem when it comes time to sunset early LTE implementations or transitional 5G modes that lack the security properties of their successors.