>How is it possible that in 2026 we're not notified by default when we connect to a cell tower with no certificate so our communications is being broadcast into the air completely unencrypted?

5G added that with Subscription Concealed Identifier (SUCI), but it's still optional. Certificates also don't work because you need to be able to roam, and doing certificate management for every carrier on earth is fiendishly hard. Not to mention that it's not feasible to hide IMEI before authentication could begin, imagine hiding IP or MAC addresses before a connection can be established, for instance.