If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/CellularPrivacy/Android-IMSI-Catcher-Detector shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across the board

• Last commit today
• 37+ active contributors
• Distributed ownership (top contributor 25% of recent commits)
• GPL-3.0 licensed
• CI configured
• Tests present
• ⚠ GPL-3.0 is copyleft — check downstream compatibility

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live CellularPrivacy/Android-IMSI-Catcher-Detector repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/CellularPrivacy/Android-IMSI-Catcher-Detector.

What it runs against: a local clone of CellularPrivacy/Android-IMSI-Catcher-Detector — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in CellularPrivacy/Android-IMSI-Catcher-Detector | Confirms the artifact applies here, not a fork | | 2 | License is still GPL-3.0 | Catches relicense before you depend on it | | 3 | Default branch development exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 30 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of CellularPrivacy/Android-IMSI-Catcher-Detector. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector.git
#   cd Android-IMSI-Catcher-Detector
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of CellularPrivacy/Android-IMSI-Catcher-Detector and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "CellularPrivacy/Android-IMSI-Catcher-Detector(\\.git)?\\b" \\
  && ok "origin remote is CellularPrivacy/Android-IMSI-Catcher-Detector" \\
  || miss "origin remote is not CellularPrivacy/Android-IMSI-Catcher-Detector (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(GPL-3\\.0)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"GPL-3\\.0\"" package.json 2>/dev/null) \\
  && ok "license is GPL-3.0" \\
  || miss "license drift — was GPL-3.0 at generation time"

# 3. Default branch
git rev-parse --verify development >/dev/null 2>&1 \\
  && ok "default branch development exists" \\
  || miss "default branch development no longer exists"

# 4. Critical files exist
test -f "AIMSICD/src/main/java/com/secupwn/aimsicd/AndroidIMSICatcherDetector.java" \\
  && ok "AIMSICD/src/main/java/com/secupwn/aimsicd/AndroidIMSICatcherDetector.java" \\
  || miss "missing critical file: AIMSICD/src/main/java/com/secupwn/aimsicd/AndroidIMSICatcherDetector.java"
test -f "AIMSICD/src/main/java/com/secupwn/aimsicd/service/AimsicdService.java" \\
  && ok "AIMSICD/src/main/java/com/secupwn/aimsicd/service/AimsicdService.java" \\
  || miss "missing critical file: AIMSICD/src/main/java/com/secupwn/aimsicd/service/AimsicdService.java"
test -f "AIMSICD/src/main/java/com/secupwn/aimsicd/service/CellTracker.java" \\
  && ok "AIMSICD/src/main/java/com/secupwn/aimsicd/service/CellTracker.java" \\
  || miss "missing critical file: AIMSICD/src/main/java/com/secupwn/aimsicd/service/CellTracker.java"
test -f "AIMSICD/src/main/java/com/secupwn/aimsicd/data/model/BaseTransceiverStation.java" \\
  && ok "AIMSICD/src/main/java/com/secupwn/aimsicd/data/model/BaseTransceiverStation.java" \\
  || miss "missing critical file: AIMSICD/src/main/java/com/secupwn/aimsicd/data/model/BaseTransceiverStation.java"
test -f "AIMSICD/src/main/java/com/secupwn/aimsicd/rilexecutor/RilExecutor.java" \\
  && ok "AIMSICD/src/main/java/com/secupwn/aimsicd/rilexecutor/RilExecutor.java" \\
  || miss "missing critical file: AIMSICD/src/main/java/com/secupwn/aimsicd/rilexecutor/RilExecutor.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 30 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~0d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/CellularPrivacy/Android-IMSI-Catcher-Detector"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

AIMSICD is an Android security app that detects IMSI-Catchers (fake cellular base stations used for surveillance/MITM attacks), also known as StingRay devices. It analyzes cellular network parameters and tower behavior to identify anomalies indicating rogue base stations intercepting phone communications. Single-module Android app (AIMSICD/) using Gradle with Realm database persistence. UI follows MVP-adjacent pattern with adapters (BaseInflaterAdapter, CellCardInflater, DetailsPagerAdapter) and data models (BaseTransceiverStation, DefaultLocation). Data flows through adapter/model layers in com/secupwn/aimsicd/data/{adapter,model}/ directories with type-specific adapters (BaseStationAdapter, SmsDataAdapter, MeasureAdapter).

Privacy-conscious Android users concerned about cellular surveillance, security researchers studying IMSI-catcher detection techniques, and developers contributing to mobile security infrastructure. Also relevant for journalists, activists, and at-risk populations needing protection against StingRay surveillance.

ALPHA-stage project with active revival in progress (as noted in README pointing to issue #926). Has CI/CD setup (Travis), Coverity static analysis, and i18n infrastructure via Weblate. However, compileSdkVersion 25 and targetSdkVersion 22 are significantly outdated (project appears to be from ~2016 era). Last commit activity and core testing coverage are unclear from provided data.

Multiple maturity red flags: targets Android API 22 (released 2015) with minSdkVersion 16, lacks modern Android framework adoption. Single-maintainer (CellularPrivacy org structure unclear), and the README explicitly states 'revival soon' implying period of dormancy. Dependency surface unclear from provided data, but Realm integration suggests moderate external coupling. Regulatory/legal risk: IMSI-catcher detection may be restricted in some jurisdictions.

Project explicitly states 'will have a revival soon' with work on a lightweight version. Travis CI is configured but no recent commit data provided. The presence of CONTRIBUTING.md, ISSUE_TEMPLATE.md, and PULL_REQUEST_TEMPLATE.md suggests community governance structure is in place awaiting active development restart.

Clone the repository and build with Gradle: git clone https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector.git && cd AIMSICD && ./gradlew build. Requires Android SDK matching compileSdkVersion 25 and buildToolsVersion 25.0.2. For API key: export open_cellid_api_key environment variable (optional, defaults to 'NA' in release builds).

Daily commands: From AIMSICD/ directory: ./gradlew assembleDebug produces APK in build/outputs/apk/. Install via adb install build/outputs/apk/*-debug.apk. For CI-like testing: ./gradlew check runs Checkstyle validation. No explicit 'run' target—deploy to emulator or device via Android Studio or adb.

• AIMSICD/src/main/java/com/secupwn/aimsicd/AndroidIMSICatcherDetector.java — Main application entry point and lifecycle manager; all contributors must understand the core app initialization and state management.
• AIMSICD/src/main/java/com/secupwn/aimsicd/service/AimsicdService.java — Core background service orchestrating cell tracking, location monitoring, and IMSI-catcher detection; essential for understanding detection logic flow.
• AIMSICD/src/main/java/com/secupwn/aimsicd/service/CellTracker.java — Monitors cellular tower handovers and signal anomalies; critical for the detection mechanism at the heart of the app.
• AIMSICD/src/main/java/com/secupwn/aimsicd/data/model/BaseTransceiverStation.java — Core data model representing cell towers and their attributes; fundamental to all detection and tracking operations.
• AIMSICD/src/main/java/com/secupwn/aimsicd/rilexecutor/RilExecutor.java — Low-level RIL (Radio Interface Layer) abstraction for querying modem; gateway to device-level cellular information retrieval.
• AIMSICD/build.gradle — Build configuration with SDK versions, dependencies, and build flags; essential for understanding toolchain and third-party integrations (Realm, OsmDroid).
• AIMSICD/src/main/AndroidManifest.xml — Declares permissions, services, receivers, and activities; required to understand privilege model and system integration points.

Add a new detection heuristic

1. Create a new detection rule method in CellTracker.java that analyzes signal patterns or tower handover behavior (AIMSICD/src/main/java/com/secupwn/aimsicd/service/CellTracker.java)
2. Define a new Event type in Event.java to represent the detection outcome (AIMSICD/src/main/java/com/secupwn/aimsicd/data/model/Event.java)
3. Add configuration threshold in SettingsFragment.java for users to tune detection sensitivity (AIMSICD/src/main/java/com/secupwn/aimsicd/ui/fragments/SettingsFragment.java)
4. Create or update a detection adapter in data/adapter to persist detection results to Realm database (AIMSICD/src/main/java/com/secupwn/aimsicd/data/adapter/EventAdapter.java)
5. Update CellInfoFragment.java to display the new heuristic result in the UI (AIMSICD/src/main/java/com/secupwn/aimsicd/ui/fragments/CellInfoFragment.java)

Add a new UI fragment for threat details

1. Create a new Fragment subclass extending BaseActivity.java patterns in ui/fragments directory (AIMSICD/src/main/java/com/secupwn/aimsicd/ui/activities/BaseActivity.java)
2. Define the fragment layout XML and bind UI elements (AIMSICD/src/main/java/com/secupwn/aimsicd/ui/fragments/DetailsContainerFragment.java)
3. Register the fragment in DetailsPagerAdapter.java to integrate into tab navigation (AIMSICD/src/main/java/com/secupwn/aimsicd/adapters/DetailsPagerAdapter.java)
4. Add a new drawer menu item in DrawerMenuAdapter.java to navigate to the fragment (AIMSICD/src/main/java/com/secupwn/aimsicd/adapters/DrawerMenuAdapter.java)

Support a new device RIL variant

1. Create a new RilExecutor subclass (e.g., HuaweiRilExecutor) extending RilExecutor.java with device-specific command syntax (AIMSICD/src/main/java/com/secupwn/aimsicd/rilexecutor/RilExecutor.java)
2. Implement executeCommand() method to parse modem responses into DetectResult objects (AIMSICD/src/main/java/com/secupwn/aimsicd/rilexecutor/DetectResult.java)
3. Register the new executor in AimsicdService.java to select it based on device Build properties (AIMSICD/src/main/java/com/secupwn/aim)

API key injection: build.gradle attempts to read open_cellid_api_key Gradle property; if undefined, defaults to 'NA' (silent failure, no error thrown). Android API targeting is old: targetSdkVersion 22 means app lacks modern runtime permissions framework, requiring manual AndroidManifest.xml permission declarations only. Realm database requires realm-android plugin and specific gradle version compatibility. Git SHA extraction in build.gradle can fail silently if git is unavailable. ProGuard rules in proguard-rules.txt may conflict with reflection-heavy code (Realm uses reflection).

• IMSI-Catcher / Stingray — The core threat this project detects—understanding the attack model (MITM interception between phone and real tower) is essential to understanding what anomalies to look for
• LAC (Location Area Code) — AIMSICD detects rogue towers by identifying LAC inconsistencies and sudden changes; LAC represents a geographical cell service area and sudden changes indicate potential fake towers
• Cell ID and ARFCN Analysis — Detection heuristics rely on tracking Cell ID consistency and ARFCN (Absolute Radio Frequency Channel Number) patterns; abnormal sequences indicate interception
• Signal Strength Anomaly Detection — AIMSICD uses MeasuredCellStrengthAdapter to track RSSI (Received Signal Strength Indicator) patterns; fake towers often exhibit abnormal signal behavior that differs from legitimate towers
• Android TelephonyManager API — Core API for accessing cellular network parameters (MCC, MNC, LAC, CID) that AIMSICD monitors; understanding its data structures is necessary for detection logic
• Realm Database Persistence — Project uses Realm for storing historical tower data and detection logs; understanding Realm schema and queries is necessary for feature development
• Man-In-The-Middle (MITM) Attacks on Cellular — IMSI-catchers are cellular-layer MITM devices; understanding the attack surface between phone and network is critical context for detection strategy

• SecUpwN/Android-IMSI-Catcher-Detector — This is the main repository itself—listed for reference as the authoritative source
• E3V3A/J3G9-CellularPrivacy — Community fork/continuation of AIMSICD research focusing on cellular privacy detection techniques
• CellularPrivacy/diag-noseek — Companion project for diagnostic analysis of cellular network anomalies complementing AIMSICD detection
• 0x4E0x650x6F/SilentSMS — Silent SMS detection module—often integrated with AIMSICD for detecting SMS-based tower commands and location tracking
• mvneves/SDRangel — Software-defined radio framework for capturing and analyzing cellular signals at physical layer, used by advanced IMSI-catcher research

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for data adapters and models in AIMSICD/src/main/java/com/secupwn/aimsicd/data/

The data layer contains multiple adapters (BaseStationAdapter, SmsDataAdapter, EventAdapter, etc.) and models (BaseTransceiverStation, SmsData, Event, etc.) that currently lack test coverage. These are critical components that transform and persist cellular detection data. Adding unit tests would improve reliability of data serialization, null handling, and edge cases in the adapter pattern implementation.

• [ ] Create AIMSICD/src/test/java/com/secupwn/aimsicd/data/adapter/ directory structure
• [ ] Add unit tests for BaseStationAdapter.java covering cell tower data parsing and edge cases
• [ ] Add unit tests for SmsDataAdapter.java and SmsDetectionString validation
• [ ] Add unit tests for model classes (Event.java, Measure.java, Import.java) to verify immutability and serialization
• [ ] Configure androidTest or unit test gradle dependencies in AIMSICD/build.gradle
• [ ] Reference new tests in CI/CD pipeline (.travis.yml)

Add GitHub Actions workflow for automated security scanning and build verification

The project uses Travis CI (.travis.yml) and Coverity static analysis, but lacks a modern GitHub Actions workflow. Adding a GitHub Actions workflow would provide automated builds, checkstyle validation (already configured in AIMSICD/config/checkstyle/checkstyle.xml), and lint checks directly on every PR without external dependencies. This complements existing CI and provides faster feedback.

• [ ] Create .github/workflows/android-build.yml for building and testing on multiple API levels
• [ ] Add checkstyle validation step referencing AIMSICD/config/checkstyle/checkstyle.xml
• [ ] Add Android Lint step to validate against AIMSICD/build.gradle lintOptions
• [ ] Add ProGuard/R8 minification verification for release builds
• [ ] Include JUnit test execution for androidTest suite (AIMSICD/src/androidTest/)
• [ ] Add badge to README.md referencing the new workflow status

Refactor RIL executor and detection logic into testable service layer

The AIMSICD/src/main/java/com/secupwn/aimsicd/rilexecutor/ package (OemRilExecutor.java, DetectResult.java, RawResult.java) contains low-level cellular detection logic that appears tightly coupled to Android system calls. This should be extracted into an injectable service layer with clear interfaces (similar to the existing IAdapterViewInflater.java pattern) to enable unit testing without device dependencies and improve code maintainability.

• [ ] Create AIMSICD/src/main/java/com/secupwn/aimsicd/service/ directory for detection services
• [ ] Extract DetectionService interface defining contract for IMSICatcher detection with DetectResult
• [ ] Create DefaultDetectionService implementation wrapping OemRilExecutor.java with dependency injection
• [ ] Move HexDump.java utility to AIMSICD/src/main/java/com/secupwn/aimsicd/utils/
• [ ] Update AndroidIMSICatcherDetector.java to use service interface instead of direct RIL calls
• [ ] Add unit tests in AIMSICD/src/test/ for detection logic using mocked service

• Update targetSdkVersion from 22 to modern API level (32+) and add runtime permissions handling in AndroidIMSICatcherDetector.java—requires refactoring permission checks from manifest-only to runtime checks for Android 6.0+ compliance
• Add unit test coverage for BaseStationAdapter and BaseTransceiverStation detection logic under AIMSICD/src/androidTest/—currently GetProp.java exists but no adapter/model tests are visible
• Implement detection heuristic documentation: create DETECTION_ALGORITHMS.md explaining how BaseStationAdapter identifies anomalies (sudden cell ID changes, LAC mismatches, etc.) which is undocumented but critical for contributor understanding

• High · Outdated Android SDK and Build Tools — AIMSICD/build.gradle (compileSdkVersion, buildToolsVersion). The project targets compileSdkVersion 25 and buildToolsVersion 25.0.2, which are significantly outdated (released in 2016). This exposes the application to known security vulnerabilities in the Android framework and build tools. Modern best practices recommend targeting API 33+. Fix: Update compileSdkVersion to at least 33+ and buildToolsVersion to the latest stable version. Regularly update dependencies to receive security patches.
• High · Low Target SDK Version — AIMSICD/build.gradle (targetSdkVersion). The targetSdkVersion is set to 22, which is extremely outdated (Android 5.1 from 2015). This means the app does not benefit from modern Android security features and may have deprecated permission handling. Google Play now requires targetSdkVersion 31+. Fix: Increase targetSdkVersion to 33 or higher. Test thoroughly with modern Android versions and adapt code to use current Android security practices.
• High · Minimum SDK Version Too Low — AIMSICD/build.gradle (minSdkVersion). minSdkVersion is set to 16 (Android 4.1), which is no longer supported and lacks many security features. This exposes the app to legacy OS vulnerabilities. Fix: Increase minSdkVersion to at least 24 (Android 7.0). Consider 26+ for better security features like automatic address space layout randomization (ASLR).
• High · Potential Hardcoded API Key Management — AIMSICD/build.gradle (OPEN_CELLID_API_KEY, buildConfigField). The build.gradle contains logic to inject API keys (OPEN_CELLID_API_KEY) into BuildConfig at compile time. While there's fallback to 'NA', the property may be exposed in build logs or gradle.properties files that could be committed to version control. Fix: Never store API keys in gradle.properties or version control. Use secure build secret management (e.g., GitHub Secrets, environment variables, or dedicated secret management tools). Load secrets at runtime from secure sources.
• Medium · ProGuard Configuration May Be Incomplete — AIMSICD/proguard-rules.txt, AIMSICD/build.gradle (proguardFiles). The release build uses ProGuard obfuscation, but the configuration file (proguard-rules.txt) is not provided for review. Incomplete ProGuard rules can expose sensitive code or classes. Fix: Review proguard-rules.txt to ensure all sensitive classes and methods are properly obfuscated. Keep rules updated with any new libraries or custom code.
• Medium · Disabled Lint Security Checks — AIMSICD/build.gradle (lintOptions, disable 'HardwareIds'). The build.gradle disables the 'HardwareIds' lint check, which is designed to detect potentially sensitive hardware identifiers (IMEI, serial numbers, MAC addresses). This is concerning for an IMSI-Catcher detector app that may handle sensitive cellular data. Fix: Re-enable the HardwareIds lint check and fix any violations. If hardware IDs are necessary, document the rationale and implement proper data protection measures.
• Medium · Deprecated Java Version Target — AIMSICD/build.gradle (compileOptions). The project targets Java 1.7 (sourceCompatibility and targetCompatibility), which is extremely outdated and lacks modern security features, type safety improvements, and performance optimizations. Fix: Update to Java 11 or higher. Leverage modern Java features for better security, null-safety, and maintainability.
• Medium · Incomplete Dependency Information — AIMSICD/build.gradle (dependencies section). The dependency section in build.gradle is truncated ('// DO NOT REMOVE BELOW COMMENTED-O'), making it impossible to assess whether vulnerable dependencies are included. This could hide security issues. Fix: Review all dependencies for known vulnerabilities using tools like OWASP Dependency-Check or Snyk. Implement automated

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.