Before 2G, networks used completely unencrypted analog voice. You could snoop on anyone's calls with a slightly-modified radio; at least until Congress heard about this and made it illegal to sell a radio that could be modified to do this[0].
2G was actually considered a huge bump up in security because you could encrypt the contents of calls. Albeit with hilariously insecure crypto mandated by the old ITAR regime[1]. IMSI catchers weren't part of their threat model, for the same reason why people only recently have realized that metadata is relevant to security.
[0] This law is still on the books, even though analog cellular is entirely dead. It's still a pain in the ass to properly comply with this for, e.g. software-defined radio.
[1] This is the same reason why DVD CSS was so easy to crack, and why we there used to be 10 different ways to strip SSL before we decided to stop serving old browsers entirely.
2G was actually considered a huge bump up in security because you could encrypt the contents of calls. Albeit with hilariously insecure crypto mandated by the old ITAR regime[1]. IMSI catchers weren't part of their threat model, for the same reason why people only recently have realized that metadata is relevant to security.
[0] This law is still on the books, even though analog cellular is entirely dead. It's still a pain in the ass to properly comply with this for, e.g. software-defined radio.
[1] This is the same reason why DVD CSS was so easy to crack, and why we there used to be 10 different ways to strip SSL before we decided to stop serving old browsers entirely.