Besides beginning to roll out passkey support on Android and Chrome, Google — for Cybersecurity Awareness Month — announced today that Fi now uses a Virtual Carrier Network (VCN) to keep cellular data anonymous on Pixel devices.

Your internet traffic is kept anonymous from both Google Fi and the MVNO partner networks (T-Mobile and U.S. Cellular), with the company noting that it already has “built in privacy protections in the contractual agreements” with them.

Google explicitly says in a technical white paper that “neither party is capable of associating traffic with any specific user.”

Fi created a VCN – which uses Android’s Virtual Carrier Networking capabilities but goes beyond it in terms of data-layer protections – in response to gaps with VPNs, Secure DNS, and other existing privacy tools. 

…we believe that instead of having an over-the-top, partial solution for slices of a user’s internet traffic, privacy should be baked directly into the network–purpose-built to cover all cellular data network usage.

This Fi VCN “subsumes and replaces the general notion of a Cellular Network” on the device and will be used by “any application sending internet data traffic over the mobile data provider.” Compared to a VPN, it applies to the main, work, and secondary user profiles on a phone, as well as when tethering another device.

The Fi VCN encrypts all internet-bound traffic using modern IPsec tunnels with AES-GCM.

In addition to whats happening on your phone, there are carrier network-level components involved.  

The Fi VCN uses blind signing to ensure full separation of your identity from your network traffic. With blind signing, it is possible to authenticate that a user has a valid Fi subscription (required to prevent abuse), and can therefore be granted access to the VCN service, but avoids any metadata regarding the content of internet traffic and internet services being used from being tied back to an individual subscriber.

While you will still need a VPN, like Fi’s, if you want to protect your data on Wi-Fi, this Fi VCN joins last year’s introduction of end-to-end encrypted calling between Fi Android users.

As of the VCN’s initial launch, Google is prioritizing network connectivity and may fall back to the previous carrier approach if something goes wrong as it tries to reconnect. Moving forward, the company hopes to see “other carriers build their networks around the new Android VCN infrastructure.”

The Google Fi VCN is available on the Pixel 4-7 running Android 12+ starting today for a majority of subscribers. You can tell whether your cellular data is encrypted with the VCN by checking your IP address online and seeing if the ISP listed is Google. A full rollout for Pixel owners will take place in the coming weeks.

More on Google Fi:

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com