| | Category | Examples | Advantages | Disadvantages |
| | App-based | SnoopSnitch [18], AIMSICD [20], Cell Spy catcher [28], and GSM Spy Finder [25] | App-based ICDs can give the user a direct real-time notification shortly upon IMSI catcher activity because they are directly facing the user. | The smartphone itself does not know the network deployment status, and some apps present false notifications to the user.
Furthermore, there is a potential burden on a smartphone due to increased battery consumption and side effects such as some security features being disabled caused by rooting the smartphone. |
| | Sensor-based | SeaGlass [8, 18, 32]. | ICD sensors can monitor a larger area compared to smartphones, thanks to the bigger antenna size than smartphones. This allows a detailed and focused analysis of a group of base stations, while app-based ICDs are bound to the mobility of the phone. Moreover, sensors provide more computing power for IMSI catcher detection. Since they are powered from a mains power unlike smartphones, they do not run any additional background process that may hinder the analysis of incoming signaling messages. | Sensors need long observation times and require some time to detect the IMSI catcher event and deliver a warning to the phone. As a result, an IMSI catcher might already succeed in an attack well before it is detected by a sensor. While individual sensors could be easily built with minimal cost, maintaining backend infrastructure for sensor management and analysis requires recurring cost (power, Internet, place rental, and management), which will also increase when service coverage is expanding. |
| | Network-based | FBS-radar [2, 26, 33] | Operators retain up-to-date information of the cellular network deployment; hence, detection of unknown cells and base station identities are a clear sign of an IMSI catcher. Furthermore, this reduces false-positives and increases accuracy. Deployment cost is low as it only requires software upgrades within the network. | Implementation requires cooperation with network operators, which is not always possible. Like sensor-based detectors, the detection is performed after the phone was released from the IMSI catcher. |
|
|
