Immigration and Customs Enforcement has quietly begun ordering a new fleet of vehicles equipped with cell-site simulators, the news outlet reported. They are designed to capture cellphone subscriber data, including call records, cellular tower locations, and even the content of conversations, in violation of privacy laws.
The mobile surveillance technique is better known by its brand name Stingray. Federal procurement records flagged by TechCrunch indicate that ICE has spent more than $800,000 on phone-tracking hardware this year — a purchase you’d typically expect to see deployed on the battlefield — that the agency believes will allow it to intercept cellular traffic right from the curb.
For advocates of privacy, the purchase underscores a long-standing tension: The technology can help locate a suspect’s phone while also scooping up data from people who happen to be in the vicinity. The expansion comes as new defensive tools on Android and in the research community make detecting or mitigating rogue cellular activity more feasible for regular users.
What Cell-Site Simulators Do and How They Capture Data
Cell-site simulators, otherwise known as IMSI catchers, impersonate real cell towers. Phones in range will try to connect, disclosing unique identifiers such as IMSI or IMEI and, depending on the scenario, even enabling a device to estimate a phone’s location by measuring signal strength.
Some simulators force phones to revert to earlier, less secure protocols such as 2G, on which encryption is more lax or turned off entirely. Such a downgrade can reveal metadata, helping identify a device. Crucially, the sweep is indiscriminate: while one simulator is running, it can communicate with every handset in the vicinity and is not limited to those that agents wish to monitor.
Vendor and agency narratives often describe CSS as highly specific and temporary. But the technological truth is that it’s inherent in how decoy towers operate, prompting constitutional and public-safety concerns that courts and watchdogs continue to grapple with.
How ICE and Police Use These Vans and Set Safeguards
ICE and other federal and local agencies use CSS to find devices connected to investigations, serve warrants, or buttress operations in which a phone is an effective stand-in for a person’s physical presence. The inspector general of the Department of Homeland Security has reviewed how DHS components have used CSS and called for tighter control measures, such as improved recordkeeping and training.
Courts have increasingly recognized that location data are sensitive. In the Carpenter ruling, the Supreme Court held that historical cell-site location data is generally subject to a warrant. Even though Carpenter does not definitively answer every question concerning real-time simulators, the Department of Justice and DHS have issued policies saying that agents are required to get a probable-cause warrant in all but emergency situations.
Experience shows the stakes. One investigation by USA Today found that the Baltimore Police Department had deployed cell-site simulators over 4,300 times, in most cases without disclosing it to courts until changes in policy were made. Civil liberties groups like the ACLU caution that without openness and clear guardrails, the same tools can chill free assembly by making it possible to identify tens or hundreds of thousands of phones around a protest or sensitive location.
Your Practical Defenses on Android Against Fake Towers
New Android builds are also becoming more intelligent about mobile threats. Android 16 introduces a Network Notifications switch that, when activated, can alert you to any potentially dubious base-station interactions—unencrypted connections or odd handoffs (a.k.a. fake towers). You’ll need to turn this setting on, and alert options will depend on your carrier and device.
Another meaningful step is turning off 2G. Since many attacks require a downgrade, recent Android versions reduce this attack surface with the system-level 2G toggle. Lock your device to LTE/5G only, if possible, and make sure your device is fully updated to provide the best radio and baseband protection.
Community tools can add visibility. The EFF-backed Rayhunter project shows how inexpensive sensors can map probable simulator use across a city. The researchers at the University of Washington’s SeaGlass project used distributed monitors to observe anomalous towers near airports and ports. Power users on some Android phones can run analysis apps that flag unusual paging or silent SMS behavior, but outcomes vary based on access to the chipset and root-level permissions.
No defense is perfect. Cell networks are complicated, and false positives occur. Some red flags can be imitated by genuine maintenance, anomalies in rural coverage, or cross-border roaming. Treat detections as a sign of heightened awareness rather than definitive evidence of surveillance, and incorporate the technical indicators with situational awareness.
Why Transparency and Audits Matter for Surveillance Tech
Procurements such as ICE’s European-made vehicles are a reminder that accountability must keep pace with capability. Many cities now demand public approval for any surveillance tech that an agency might want to buy, along with annual reports about how they’ve used it. Independent audits by inspectors general, along with disclosures to courts, help ensure warrant policies are being adhered to and that data captured from bystanders is quickly destroyed.
Non-disclosure agreements with vendors have effectively put a muzzle on transparency, restricting what officers could tell judges about CSS use. Pressure from judges, lawmakers, and advocacy groups has helped to unravel those constraints, but thorough reporting is still spotty in many places.
For the individual, there are two takeaways:
- Make sure your phone’s cellular defenses are up to date.
- Advocate policies that mandate sunlight on powerful location technologies.
Even as agencies adopt increasingly sophisticated phone-tracking vehicles, users and communities have tools — and an emerging constellation of privacy safeguards — to weigh overarching security needs against core cultural values of privacy.
