More of an art than a science, the following explains how Cell Spy Catcher reports its findings to you.
When a New Unknown Network is Detected, the Red Warning Screen is shown.
The Unknown Network could be a Fake Cell Tower - or it could just be a New Legal Cell Tower.
If you are afraid that there is a Fake Cell Tower near you - that has been Detected - and you want to Avoid being Listened in on - you should at least Stop Using your Phone for a While. Better turn it OFF.
When the Unknown Network is NO LONGER being Detected, it is Logged as "Unknown Network No Longer Detected. <------".
In order to Close the Warning Screen, you must click on the WHITELIST or the BLACKLIST Button.
If you click on the SETTINGS Button, the Red Warning Screen will not Close Permanently - so that you can come back to it.
This can be quite useful, in case you want to check up on something in the FAQs Section - or have a look at one of the Lists (on the Settings page) - before you decide whether you shall Whitelist or Blacklist the Flagged Unknown Network.
When you return from the Settings page, respectively (using the Back Key of your Phone), the Red Warning Screen will reappear.
If you just touch the Back Button of your Device (while the Red Warning Screen is being shown), the Red Warning Screen is closed, but it will reappear the next time you enter the "Cell Spy Catcher" App.
If another Warning Events should occur before the currently shown Warning Screen is exited, the New Warning will be shown on the Warning Screen (and the original content of the Warning Screen will be lost). However - both/all Events will be logged - and Shown in the List of Detected Networks - so that you are able to see all New Unknown Networks that have been Detected.
By clicking on the WHITELIST Button (on the Red Warnings Page), the currently shown New Network is Whitelisted.
A Whitelisted Network will not be detected as a New UNKNOWN Network again.
If you Disable the Visual Warning (on the Settings page) (i.e. no Red Warning page will be shown), New and Unknown Networks will be Whitelisted by default.
Also - if a Warning is Suppressed - the Network will normally be Whitelisted by default.
It is possible to avoid Whitelisting by default, by enabling the "Register Mode".
It is also possible to Ignore the Whitelist (when Detecting Networks), by enabling the "Register Mode Plus".
The Whitelist is saved in a compressed form, and it is not directly available for the User.
It can be Cleared (on the "Show Complete List" page), by first clicking on the Clear List Button), but normally it should never be done.
Networks without Operator Name are whitelisted by default.
I.e. if a Network with no Operator Name is detected, it will be Whitelisted. Meaning that if the same Network is Detected again, it will NOT be Logged or shown in the Complete List.
If you think that all Detected Networks that have no Operator Name are suspicious - and you want to have All of them included in the Log and in the Complete List, you should ENABLE the "Do NOT Whitelist Networks Without Operator Name" Option to (on the Setting page).
By clicking on the BLACKLIST Button (on the Red Warnings Page), the currently shown New Unknown Network is Not Whitelisted, but Blacklisted.
Blacklisting can be considered to be the opposite of Whitelisting. It is just a List of Networks which you have considered to be Suspicious.
A Blacklisted Network can be flagged again - later - as an UNKNOWN Network - if it is Detected again.
If you are in doubt of whether you shall Whitelist or Blacklist a Network, Blacklist it.
(IF you see it again - you can always Whitelist it.)
The Blacklist can be shown from the Settings Page.
The Blacklist is only meant to be a List of previously Detected Unknown Suspicious Networks - which you may use as a sort of Reference.
Remember that the Networks in the Blacklist are NOT Whitelisted - i.e. they can be Detected again.
Unknown Networks may be Duplicated in the Blacklist (if they are ReDetected later on.)
You can Remove a Network from the Blacklist - but it has no other effects or purpose than just to Delete it from this List.
If you want to Remove a Network from this list, move the Cursor UP or DOWN to the Required Network, and Click on the DELETE Button.
As shown in the Log, sometimes Data for a New Detected Network is contributed to the External Database, and sometimes it is not.
For Every New Detected Network, Data for this Network is attempted sent to the External Database.
If this was not sent, the Reason could be one of the following:
- There was no Internet Access
- You have not agreed to Contributing Data to the External Database
(Then this App will also not Consult the External Database for Network Data/Parameters)
- You may not have Enabled the Location Services on your Phone (by GPS and/or Network)
- There is currently no Location available on your Phone
- The available Location is not sufficiently accurate
- The Data for the New Detected Network contained some obviously Incorrect Values
- The Data was sent to the External Database, but it did not Confirm or Accept it
A New Detected Network will only be attempted Confirmed from the External Database after the Self Learning Process is Completed.
As shown in the Log, sometimes when a New Network is Detected by this App, it is "Found on the External Database", and sometimes it is "Unconfirmed by the External Database".
If it is "Found on the External Database", then it is a known Network, and it will not be flagged by this App as being an UNKNOWN Network.
If it is "Unconfirmed by the External Network", this App assumes that it is Not Known, and flags it as being an UNKNOWN Network.
If it is Logged as being "Unconfirmed" - it does not necessarily mean that it is an Unknown Network, but the Reason could also be that NO RESPONSE was received from the External Database.
One Reasons for No Response could be that there was no Internet Access.
Occasionally this App will not send a Confirmation Request to the External Database, and hence no Response can be received.
This will happen when there are obvious Incorrect Data associated with the New Detected Network. This will not necessarily be shown in the Log, but it may still be observed, as there is neither a "Found" nor a "Unconfirmed" Entry in the Log before a New Network is being Logged.
In this Context, there is NO DIFFERENCE.
These names mean the same thing.
A Mobile (or Cellular) Phone System consists of many relatively small Radio Cells. In the middle of the Cell there is a Base Station with a Radio, and a Cell Tower Antenna, providing a Network for the Mobile Phones which are located inside the Cell.
When the Mobile Phone moves, it will soon move inside another Cell, and make contact with another Network.
So when we say a Network, we mean a Network provided by a Base Station with a Cell Tower.
You can learn a lot by going to http://www.opencellid.org
There you can e.g.
- See the (approximate) Location of all Base Stations in your (and any other) Area.
- See the Newly Found Base Stations (inside a given period of time) - that may have been contributed by you.
- See the Recently Uploaded Networks/BaseStations (called "Measurements").
- Read about how your Contributions are used to calculate the Location of Base Stations.
- etc.
The more Users (like you) that can Contribute with New Detected Networks/BaseStations (and their Location where you are when you Detect them), the more Accurate the Locations of the BaseStations on the OpenCellId will be.
And the more Users (like you) that can Contribute, the fewer False Warnings (about Unknown Networks) you will see.
You can see all known Cell Towers on a Map, on the External Database OpenCellid's Web Page.
One way of getting there, is to click/tap on "Show Cell Towers On Map" on the Settings page of this app.
The OpenCellid's Web Page may not be particularly well suited/adapted for small SmartPhone screens.
E.g. the Full Screen button and the Location button (on the right hand side of the screen) may not work.
The page may look and work better if you rotate your Phone to Landscape mode.
On this page you can:
- Search for your own Town,
- Search for specific Cell Towers,
- Zoom to see individual Cell Towers,
- See the data for each Cell Tower (by clicking/tapping on it).
Note that all Cell Towers have been contributed by/from Apps such as this (Cell Spy Catcher) App.
As only the Location of the user of this (and other Apps) is known/contributed to the database, contribution by several users/apps are required in order to be able to calculate an approximate location of a specific Cell Tower. The more users/apps that contribute data about a particular Cell Tower, the more accurate its Location will be.
So - once again - note that the Location of the Cell Towers may only be approximate.
Note the number of measurements (contributions) for a Cell Tower. If it is only one (or a very small number), it may well be a FALSE Tower. (Even though this app tries not to contribute False Towers to this Database.)
If you suspect that one of the Cell Towers that you have been warned about (by this app) is a FALSE Tower, you can try to find it on this OpenCellid database. If it is not here, it could well be a FALSE Tower.
If you want your Phone to "Learn" most of the Networks in your area in a Short Time, you can take the Phone with you, and Drive slowly around Town for an Hour or Two. The larger the Area you cover, the more Networks will be learned. If you want to check out the Log - to see what is going on - you could let a Friend drive you - or take a bus.
(Remember that the Log does not Update Automatically, so that you have to Close the Log - and reOpen it to see Changes.)
You should also spend some time inside buildings - Shopping Malls, etc. - where the mobile/cellular coverage often is less than perfect - as that may result in connection to other Networks (than those which are the mostly used in your Area). Like Pico- and Femto-Cells.
In order to make sure that all Types of Networks are being found, you should change Network Types at different times during your Trip.
Use the Settings App of your Phone:
(Settings->More->Mobile Networks->Preferred network type)
IMSI catchers are being used (by the Police) for at least three different purposes:
- to find out WHO are present (at a meeting, demonstration, etc),
- to find out if a given person is present (in a specific building, etc),
- to listen in on phone calls and read SMSs of phones being tracked.
The two first methods only require the use of an IMSI Catcher for a very short time, probably only a few seconds.
The third method requires the use of an IMSI Catcher for a longer time, may be several minutes.
If you detect an IMSI Catcher Attack that only lasted for a few seconds, it is probably too late to do anything.
Or - if you are paranoid - throw your phone and run! And hope that they didn't Catch you, and avoid being Catched later on.
If you detect an IMSI Catcher Attack that lasts for a longer time, you can at least protect yourself by stop using your phone, or - better - turn it off completely.
When a Network is no longer Detected, it is shown in the Log.
The Period of Time between the Start of the Detection of a Network and the End of the Detection is the DURATION of Detection.
As the Duration has proved to be important to Detect Fast Attacks from IMSI Catchers, it is now included in the Complete List of Detected Networks.
An IMSI Catcher that is only looking for the IMSIs of nearby Phones, will normally only Attack for a few Seconds.
Please note that when a Network is Detected, the Duration of Detection is not yet known. So only "Approx Duration:" is written for the Detected Network.
First when Another Network is Detected, the Duration of the Previously Detected Network is known, and then the Duration Time can be written.
An Additional Audible Alarm can optionally be Selected (on the Settings page), for Attacks that last shorter than a selected Period of Time.
Please note that the Duration Time is neither Calculated nor Written during the Self Learning Process.
It has been observed that - in some Countries - on some Devices - the Time of some Logged Events are wrong BY ONE HOUR.
This Error is done by the Android System, and it seems to have something to do with the Time Zone of the Device's current Location.
When this happens, the shown Duration of a Network Connection will also be wrong.
As one hour corresponds to 3600 seconds, you will see an Approx Duration of something near MINUS 3600 seconds in these cases.
We are working on this issue.
There are two "Register Modes" which are primarily meant for Advanced Users.
They can be used to Register All Ongoing Network Activity.
E.g. during short Periods when you may suspect that you are being attacked by an IMSI Catcher, and you want to see all that is going on. And e.g. to avoid having Real IMSI Attacks being Whitelisted.
The Idea is to Enable one or both of these Options, and let the App Collect info about all Network Activity in the List of All Detected Networks.
Later on you can make a CSV File, and study what was actually going on.
- "Register Mode" is used to Avoid Whitelisting by Default. You can still Whitelist Networks Manually (as before, on the Red Warning Screen).
- "Register Mode Plus" is used to Ignore the Whitelist. I.e. to Show/List all Networks as they are being Detected, regardless of whether they have previously been Whitelisted or not.
These two Modes can be used independently of each other.
The "Register Mode" will NOT work during the Self Learning Process, but the "Register Mode Plus" will.
This means:
During the Self Learning Process:
- ALL Networks will be Whitelisted by Default - regardless.
- You can Optionally already then start Collecting info about all Ongoing Network Activity in the List of All Detected Networks, and later make a CSV File of it for studying purposes.
If you have had the "Register Mode Plus" Enabled for a Long Time - and Data of a LOT of Networks have been Collected - , it may be a good Idea to generate a CSV File, and then Delete the List of All Detected Networks - in order to save Memory Space and Battery Consumption.