Google has a post up on its security blog that is half advertisement and half PSA-style announcement for Android users: go into your settings and turn off the "Allow 2G" toggle. This option, added in Android 12 back in 2021, does exactly what it sounds like: it turns off support for 2G cellular networking. Why would you want to do that? Because attackers are using the insecure 2G protocol to spoof phone numbers and
send SMS spam.
It works like this: a group uses a device known as a Stingray, a False Base Station, or an "SMS Blaster" to pretend to be
a 5G cell tower. Smartphones connect to it and it immediately sends them a command to step down to 2G, which they will obey if the "Allow 2G" option is still enabled. Once that happens, they can exploit the lack of modern security features in the 2G communications standard to essentially pretend to be you on the internet.
This is mainly used to inject SMS payloads for fraud, particularly scams and phishing purposes, but apparently it has also been used to spread malware by injecting messages with download links. The real problem with these attacks is that since they come from a supposedly-trusted source, they bypass carrier anti-spam filters. No problem for a savvy user, but as we all know, the majority of folks on the web don't belong to that category.
The setting on the user's Samsung Galaxy phone.
The post from Google notes that these attacks can work even if your carrier
no longer supports 2G, as the 2G signal comes from the SMS Blaster itself, not from the network. You're not necessarily safe if you avoid high-traffic areas, either, as these devices can be highly portable, carried in a backpack or other means. It offers up the example of fraudsters pretending to be a bank's notification system as one dangerous example.
Google says that the Allow 2G checkbox is an easy mitigation for these kind of attacks. With it disabled, the phone can still make emergency use of 2G networks, but it won't step down to 2G unless the user attempts to make an emergency call. Someone using an SMS Blaster can still interrupt your internet connection, but that's where their malfeasance ends, at least as far as your phone is concerned.
UPDATE: If you're not seeing the setting in "Mobile Networks" on your Android phone, first make sure you have all the latest software updates. However, Google says that the toggle requires a specific hardware feature that may not be available on all phones. It's present on the author's Samsung Galaxy S21, but your mileage may vary depending on device.