Rogue access points (APs) have been used in several attacks such as packet sniffing and man-in-the-middle attacks. It is becoming a serious security threat to users in public and enterprise networks. Moreover, it is easy to install malicious APs using mobile devices and networks, and existing solutions do not effectively detect these rogue APs. In this paper, we propose a method to detect rogue APs over mobile networks using round-trip time measurements, without relying on information from authorized lists of APs or users. Through experiments, we proved that our proposed method could detect rogue APs successfully. Copyright © 2013 John Wiley & Sons, Ltd.