It’s 2026. Why is your phone still talking to 1991?

I was sitting in a coffee shop last Tuesday, trying to push a commit over a tethered connection, when my signal dropped. Not just a bar or two—my Pixel 10 Pro went from a solid 5G UC connection straight down to “E”. Edge. 2G.

In the middle of downtown San Francisco.

If you know anything about cellular architecture, that shouldn’t happen. Not here. Not now. My first thought wasn’t “bad coverage.” It was “Stingray.” Well, that’s not entirely accurate—I immediately suspected something was up with the network.

See, there’s this nasty little vulnerability that’s been haunting mobile networks for decades. It’s called an IMSI catcher, or Stingray. These devices mimic cell towers, screaming at your phone with a stronger signal than the legitimate tower down the street. Your phone, being the helpful little device it is, connects to the loudest signal. Once connected, the fake tower forces your phone to downgrade its encryption—or drop it entirely—by pushing you onto a legacy protocol. Usually 2G.

And 2G is a security nightmare. It doesn’t authenticate the tower to the phone. Your phone just trusts it. Blindly. Like a puppy.

So, I did what I should have done the day I unboxed this thing. I killed the 2G radio.

The “Allow 2G” Toggle is Your Best Defense

Google introduced this toggle back in Android 12, but nobody really talked about it. It was buried. Forgotten. But as of Android 16, it’s right there in the SIM settings, and yet, almost everyone I know leaves it on.

Here’s the thing: modern attacks don’t try to break 5G encryption. That’s hard. The math is brutal. Instead, they use a “downgrade attack.” They jam the 4G/5G frequencies or just tell your phone “Hey, 5G is down, come talk to me on 2G.”

If your phone allows 2G connections, it complies. Boom. Your calls and texts are now potentially interceptable. Even worse, some sophisticated attacks can use that 2G connection to push malware.

How to fix it (on stock Android 16):

1. Open Settings.
2. Tap Network & internet.
3. Select your SIMs.
4. Scroll down to Allow 2G.
5. Turn that switch OFF.

On my Samsung S25 Ultra (running One UI 8.1), it’s in a similar spot under Connections > Mobile Networks. Same logic applies.

But wait, won’t I lose signal?

Maybe. But probably not.

I’ve been running with 2G disabled for about three months now. I’ve driven through the Nevada desert and parts of rural Oregon. The reality is, most carriers in the US have already sunset their 2G networks or are maintaining them on life support for legacy M2M (machine-to-machine) devices like old vending machines and utility meters.

If you are in an area where only 2G exists, you are basically in a dead zone anyway for data. You might get a garbled voice call out, but that’s it. For 99.9% of my daily life, disabling this radio has had zero impact on my connectivity. It just stops my phone from desperately clinging to a ghost network that shouldn’t exist.

The Emergency Exception: And you know what? Android is smart enough to re-enable 2G automatically if you make an emergency call (911). So you aren’t risking your safety in a crash. The modem firmware overrides the user setting during emergency dialer events. I tested this (accidentally, long story involving a pocket dial) and watched the signal indicator flip momentarily.

The “Null Cipher” Problem

While we’re digging around in radio settings, there’s another toggle that showed up in the QPR1 update late last year that deserves attention: “Require encryption.” Actually, let me back up—this one is about “null ciphers.”

Technically, this disables “null ciphers.” In plain English? Sometimes a network (or a fake tower) will tell your phone, “Okay, we’re connecting, but let’s not use encryption for this session.” This is called a Null Cipher. It’s valid in the spec, mostly for testing, but in the wild, it means your traffic is cleartext.

I flipped this switch on my Pixel immediately. Last week, I was at a trade show—notorious for hostile radio environments—and my phone refused to connect to a suspicious “public” small cell that my colleague’s iPhone latched onto immediately. His connection? Unencrypted. Mine? No service. I’ll take “No Service” over “Compromised” any day.

Real-World Battery Impact?

And here is something weird I noticed. I didn’t expect this, but my standby battery life actually improved slightly. I’m talking maybe 3-4% over a day, nothing huge, but consistent.

My theory? The modem isn’t wasting energy scanning for those legacy bands. I checked the battery stats in Developer Options (using the System Tracing tool because I’m a nerd), and the modem sleep states seemed more consistent. When you’re in a building with thick concrete walls, phones often panic and start hunting for any signal, dropping down to 2G/3G frequencies which penetrate better but are useless for data. By forbidding that drop, the modem just accepts its fate on a weak LTE signal or stays idle.

The Verdict

Look, security is usually a trade-off. Convenience vs. safety. Speed vs. verification. But this? This is low-hanging fruit. The 2G network is a relic. It’s a backdoor that we’ve left open for too long.

Unless you are a farmer in a very specific part of the Midwest where T-Mobile is the only carrier and they haven’t upgraded the tower since 2010, you do not need 2G. Turn it off. It stops Stingrays, it might save a tiny bit of battery, and it forces your phone to live in the present.

Just don’t blame me if you can’t make a call from inside a lead-lined elevator. Actually, do blame me. I’d rather you miss that call than have it intercepted.

IMSI catchers, also known as Stingrays, are a well-documented security vulnerability in mobile networks. According to a blog post by security expert Bruce Schneier, these devices can force a phone to downgrade its encryption to the insecure 2G protocol.

The “Allow 2G” toggle was introduced in Android 12 to help users mitigate this threat, as described in the Android source documentation.

Additionally, the “Require encryption” setting, which disables the use of null ciphers, was added in a later Android update to further strengthen the security of cellular connections, as noted in the Android security features documentation.