Hacker News new | past | comments | ask | show | jobs | submit login
Does disabling Wi-Fi prevent my Android phone from sending Wi-Fi frames? [pdf] (inria.fr)
123 points by fanf2 on Aug 31, 2017 | hide | past | favorite | 115 comments



One of my frustrations with Android is the fact Google Maps constantly bugs me to enable "Google's Location Service". Even if I've asked for something as simple as centering the map on my GPS location. I must have answered 'no' to that prompt a hundred times by now.

My phone has GPS, which is privacy-preserving and more accurate when outdoors - which is any time I'm navigating, as I don't need maps indoors. So "Google's Location Service" is useless to me. I don't understand why Google has made it so difficult to avoid sharing my location "anonymously" with them.


What I find particularly aggravating about that is the UX dark pattern they've utilised for the dialogue. I forget the exact wording, but rather than "Would you like to switch on Google's location service? [Yes] [No]", it's something like "To continue, enable Google's location service. [OK] [Cancel]" - implying that you need to switch it on to do what you wanted to.


Not surprising.

Your lifetime value for Google multiplies when they can track your location. They learn where you live/work, how you commute, who you hang out with, whether and where you travel, when you get sick, etc.

Much of it can be approximated by looking at your searches alone, but the correlation with your location record yields much higher accuracy.


I am SOOO glad that in iOS 11 I'll be able to force apps to only get my location data when they're running (e.g. Waze). Right now some of these apps can get location data because they the app only presents old-style privacy controls (all the time / not at all).


I'm sure the calculator app that requested my location, camera, microphone, and list of running apps is streaming it to some ad/analytics company.


The dark pattern I remember they use is hiding the "No" button if you mark the "don't ask me again" checkbox.

Scumbags through and through.


The devious reason is because Google wants to encourage you to use their services, which will in turn improve their services and enable Google to provide more value to Android users.

The more mundane reason is because it's a better location service than your phone's GPS. It's a fair question how much more privacy-preserving your phone is when you disable Google's Location Service, given everything else your phone is doing but let's put the privacy angle aside.

Phone GPS is not consistently accurate, even outdoors. By allowing Google to use other signals, such as nearby wifi, cell towers, etc Google can provide a more consistent and accurate location for your device while also using less power.

Otherwise, answer hit "no". But I think it's worth questioning whether it's so frustrating when Google Maps assumes it can use Google Location Services.


I feel the same way about that, but there is something far more annoying than it, at least to people who are even aware of it.

That's the fact that Android hides a lot (even thousands a day) location requests as well as other types of requests from both Google's own apps as well as from third-party apps by routing them through the "Android OS" category in the battery usage stats. This way users are completely clueless about just how harmful these constant requests are to their battery life.

Android OS as well as Android System are two of the biggest eaters of battery life, and it's because of crap like that. My guess is Google doesn't want to show users exactly whose requests harm the battery the most because its apps are the biggest offenders (especially the ad-showing system).

I hope more people realize that this is going on and pressure Google into showing more detailed battery stats or at least assigning the location requests as well as other battery draining requests to the apps in question, rather than putting them all under the "Android OS" or "Android System" umbrella.


Because everything they do is funded by selling ads that target people based on a heap of different factors, one of which is location.

Honestly I wonder how anyone in tech doesnt know why google offers "free" services and pushes people towards their own non-private "solutions"


Yeah but they have my location by GPS, and still they need the Wifi-location service as well. Why?!?!?


That is to tie your wifi access point to a specific location. They can then use this information to deduce the location of users who are not using GPS too. They can use it to deduce relationships between people who are connected to same wifi at the same time. They can deduce what time you are at what location and predict where you will be next. The possibilities are endless.


There's a little subtle tech behind wifi geolocation. Skyhook Wireless has some of this figured out, and their material even claims they are "defying standard OS limitations."

In other words, they're finding you even when you prefer not.


They need it so they can train the wifi-location service. That way, they can violate your privacy later.

Also, (if you're on wifi) they presumably infer the location of anyone using the same public IP as you, whether or not they are using android and whether or not they disabled location tracking/gps on location tracking on their device.


They don't need it, but they'll keep asking in hopes that you'll click "yes" (by accident?)


After which the option disappears deep inside some obscure setting, is conserved across multiple major updates, and synced across devices on all platforms. ;)


I used to be on Android and I eventually clicked yes out of annoyance.


Agreed 100%. I found that on my phone (Galaxy S8, Android N), having the wifi location service enabled doubles or triples idle battery drain. So regardless of privacy concerns, I'm basically forced to have GPS-only location updating. It irks me to no end that Google incessantly bugs me to enable its service, which in turn changes my location mode back to GPS+Wifi and ills my battery life.


If there are only specific areas where you use wifi, you might find something like Llama useful - you do low power geolocation by 'learning' the cell towers at each location, then set actions for arrival or departure from locations.

The default rules may do more than you want (e.g fiddling with volume), but you can easily strip that back to just wifi control.


You only have to answer "yes" once to "Enable high accuracy location" and the have no option to change that, other than reflashing your phone. However if you don't answer yes, it will just keep asking forever every time you turn on location.

I have Cyanogen installed and it still does this, probably because of Google location services.


This is the exact reason why I use osmand for my lookup and navigation purposes. Offline maps are a nice feature on top of this.


TL;DR (from TFA): No. We show that another option, called "Always allow scanning", when activated, makes a device send Wi-Fi frames which can be used to track this device, even if the Wi-Fi switch is off. This option is not clearly described in all Android versions, and sometimes even not deactivatable. Besides, the Google Maps application prompts the user to activate this option.


TL;DR: No. Just from the rule of journalism about asking a question in the title.


In fairness, in this instance 'No' is the interesting answer.


But... "Is Betteridge's law of headlines correct?"



A bit tangential but here's another reason to disable wifi: even if you don't join a wifi network your phone can be tracked via the packets that it sends out to find wifi networks. That can be used is triangulate people's location within closed spaces like department stores. Source: I work at a company where we sell this tech to department stores and such. We are still not allowed to join that data with our shadow profiles of the users but that might happen in the future.

I've become extremely privacy oriented ever since I started working here and saw how creepily companies track users.


I don't really get the concern. Retailers also install video cameras and track everywhere you go in their stores.


Yea but cameras won't show them what you bought last week, your credit, your social network, your criminal records.

Man the possibilities for fascism only get more and more exciting for future dictators.


Facial recognition is getting better; cameras may well be enough to do this soon.


Installing cameras to discourage/punish theft is different from using them to learn people habits and use that information either to make money or to gain advantage against someone.


Cameras are also used for analytics. And they're way more accurate than wifi scan triangulation.


> Source: I work at a company where we sell this tech to department stores and such.

Are you based in Germany? I interviewed at a German company doing exactly that.


This is interesting, can you name the company? I’d like to report them to the Landes- and Bundesbeauftragen für Datenschutz.

Collecting this data requires specific opt-in, and the user can not give that by entering a store, but only if they sign a form, or agree with a specific checkbox in an app.

Due to that, I’d assume this would end up in court.

Please provide an anonymous tip to the Landesbeauftragten für Datenschutz in your state. Alternatively, send it to the https://www.datenschutzzentrum.de/ (they’re responsible for SH, but properly deal with PGP encrypted email, and can redirect them to the responsible agencies)


Why does the phone need to send packets to discover WiFi networks? Can't it do this receive only?


That is a good question. According to this presentation titled "Wi-Fi told me everything about you" [1], active discovery uses less power, so it's preferred over passive discovery. Can anyone else here explain why?

1: http://confiance-numerique.clermont-universite.fr/Slides/M-C...


Does this data really provide a monetary benefit to companies?


Of course. eg it can be used to measure how people are influenced by a clothing display, what brands/seasons they're looking for, the effectiveness of different "Sale!" signs, which products are dead inventory wasting floorspace, etc

On the other hand, personally I would immediately stop shopping at stores that spied on customers like that.


The devices are quite inconspicuous and the company has other competitors doing similar things so I stopped having my wifi and Bluetooth on except I know I want to use them. But there's tech being developed that can use cell signals as well but as I understand it's more difficult to read those packets.


Leave your phone in the car.

Also your smart watch, i guess.


yeah the tech works with smart watches, tablets and any other wifi enabled device


The stores can see correlations between products and how many people do "window shopping" in a section. Basically it's being marketed as giving e-commerce type insights into customer behavior for brick and mortar stores. But the tech can be used in many other scenarios.


Not tangential, they call this out in section 2.1 of the paper. I'd paste it but the formatting does not copy/paste well.


Yelp just paid 20 million dollars for Turnstyle Solutions, which specializes in tracking retail customers with the WiFi signals sent by smartphones, without asking for the phone customer's consent. If you want to opt out, you have to go out of your way to register your device's mac address with them.

https://www.wsj.com/articles/what-secrets-your-phone-is-shar...

https://techcrunch.com/2017/04/04/yelp-acquires-wi-fi-market...


registering with the company you want to avoid sure seems like a great way to guarantee privacy. /s


This whole era of data gathering boggles my mind, what kind of fluff do they extract ? and how valuable is it really ?

I think it was S. Yegge that said we turned the smartest brains into like-button developpers. :sigh!


> and how valuable is it really ?

at least 20 million dollars


Somewhat related is positioning your WiFi AP based on passive signal strength monitoring. Both Apple and Google do this to maintain their own private WiFi positioning databases, but there are also public databases with this information too. http://find-wifi.mylnikov.org/ is a great example of this - I was very surprised to find a brand new AP I'd installed less than six months ago already in the DB! I wonder how they track it - I certainly don't expect many people to be running their tracking apps. Perhaps there is some reporting SDK that gets bundled with certain free apps?

The author of the above page has a WiFi positioning demo app for iPhone and Android that uses those public databases - during my testing it was almost as accurate as GPS (even more so indoors) with instant results.


If I had to guess, Apple and Google use the GPS on the phones plus the WiFi information to feed back into those databases. It makes sense for them to do this as it helps improve the accuracy of their location services.


Presumably they also wardrive (war-fly with directional antennae??) when they're making maps/streetview?


No presumably about it, there was some minor outrage that they were capturing traffic when it first happened: http://www.pcworld.com/article/198667/google_wifi_data_captu...


It's called wardriving, and there's a huge db available for free at wigle.net


If you are concerned about this "privacy issue" you should try Smarter Wi-Fi Manager from Kismet Wireless: https://www.kismetwireless.net/android-swm/

But in newer versions of Android (afaicr > 7.0) is no longer using an aggressive approach (visible to other devices), it just passively collect frames (https://plus.google.com/+mikekershaw/posts/DmpQ2no5bEk) so it's no longer an a privacy issue to have this option on those versions, still would recommend SWM to increase security.


My Android 7 phone still sends WiFi probes anytime I wake the screen. Even though the power saving features are disabled such that it remains connected while the screen is off.

There's a lot Android could do better in this area.


If WiFi is on this is an expected behavior; The article is referring is when WiFi its off, haven't seen my android 7.0 launching probes on the network with WiFi-Scanning on and WiFi off, with WiFi on it does what you are describing.


Interesting, but requires location to be on, which is also a battery drain and privacy issue. (I have location on only when needed.)

I wonder which is better - WiFi always on and location off, or location on and WiFi sometimes off?


afaik SWM doesn't require location (gps) it uses your cellphone towers as the mechanism to find out if you are near those towers were you usually have wifi.

But speaking on your questions... Location On, Wifi Off offers better security IMHO, specially in the case your phone gets stolen/lost you may at least use that information find it or at least report to the authorities it's location the trade-off is that google/nsa et al will always know your location but unless you are Snowden or paranoid, you probably wont mind.

Also in the latest version (at least on the Beta afaik) you can activate Wifi Scanning, which uses the passive/aggresive mechanism mentioned on the article to find out if you are near the AP and turn on your wifi.


Yet another reason for privacy-conscious individuals to switch to iOS and a newer iPhone. I hate the walled-gardens as much as the next person, but Apple's stance on privacy and security is unparalleled in today's ecosystem.


Don't be so sure your $CURRENT iPhone does not do that. I am watching a screen right now where I see the probes from iPhones fly by (# tshark -i wlan0 subtype probereq). Seems less then other devices but still they're there.


Any indication this is still the behavior in Android 7.0 and beyond? What about in Pixel phones? The one first-party Google device used in the study was a Nexus S running 4.4.


>= 7.0 improved on these and its not longer aggressively looking for beacons, it uses a passive approach.


[pdf]

TL;DR: when wifi is off, and the setting whose description reads "allow scanning when wifi is off" is turned off (not all softwares have this toggle available in the WiFi settings, it seems default-on) then it doesn't seem to send frames.


PSA: Google stores your precise location, tied to your account, for every moment of every day. In about 1.5 years of using android regularly I generated 700,000 data points. I understand Google maps on iOS participates in this.

Go to takeout.Google.com to see what's in your personal dossier.


Google has started asking me to confirm if I really were at the location they detected, sometimes days or a week later. "Were you at Magnussen Park from 6pm to 8pm last Thursday?" It's as though Google is conducting a criminal investigation and I am a suspect.


You can also go to maps.google.com/timeline for a better visual.


Fortunately you can skip this one by never signing in to Google maps, although you then lose the benefits of history.

Just checked and my location timeline is blank after several years of this.


>my location timeline is blank //

The one they show you is, at least. /cynic


You can opt-out of this data collection in your Google account.


Yeah, opt-out from being visible to you, at least that is the feeling for many users and I guess it all depends on how cynical or optimistic you are about Google.


There really needs to be an alternative open source mobile OS. I had really hoped that would be Ubuntu touch, but now that development is moved over to ubports I am not sure wide spread support is going to happen.


I would go even further and say we need a free software mobile OS.


As long as it has a good UI. My experience has been that OSS can be functional, but often comes with a bad UI that turns off users.


it is a bad incentive loop.

- people change phones every year or two.

- OSS community can't keep up with driver support if they change every 6mo and are never documented, protected with NDA.

- big companies writing the OS make the older hardware obsolete on purpose.

- this forces people that don't want to change phones every year to do so. Back to step 1.


>- OSS community can't keep up with driver support if they change every 6mo and are never documented, protected with NDA.

LineageOS seems to be doing OK (other than the terrible name).

> - big companies writing the OS make the older hardware obsolete on purpose.

Not writing the OS, writing the drivers and platform support (also known as the Board Support Package).

I can't find the article, but at some point there was a "cut-off" for devices like the Nexus 4, largely because Qualcomm didn't provide further updates.


correct me if I am wrong but lineageOS/cyanogenMod only uses extracted binary drivers from the manufacturer.


The hope of the day in this space seems to be Plasma Mobile: https://plasma-mobile.org/


They should probably change their wording if they want to gain wider appeal:

"Plasma Mobile turns your phone into a fully open hacking device..."


Several AOSP forks are doing good things, such as https://copperhead.co/android/. I've been using it for about a year and I really don't miss the google apps.


The problem is that there is a mismatch of priorities between the device manufactures (and in certain places, carriers) and us consumers.


Android phones respond to ping when in airplane mode.

I have a speech bot that pings my phone (find IP by ARP) and it speaks randomly on successful ping.

Sometimes, at night, I put my phone in airplane mode, and sometimes my bot still speaks.


At least in iOS-land, you can be in airplane mode and still have wifi.


Wifi isn't forbidden on planes?


Airlines are pushing people to use Wifi on planes by installing Wifi based entertainment systems that display content on user devices (the airlines like it because they save weight and money by not needing seat-back displays).

Cellular transmissions are still technically prohibited, but I bet many people don't know how to turn on Wifi while in "airplane mode", so they don't use airplane mode.

Here's one such system:

https://www.united.com/web/en-US/content/travel/inflight/ent...


> Cellular transmissions are still technically prohibited

In the US. Internationally they are permitted and several airlines offer GSM service in flight. [0]

[0] http://www.telegraph.co.uk/travel/news/Which-airlines-allow-...


Not all the time, many airlines even offer on-board wifi with internet connectivity.


Same with Android.


This is pretty impressive if true, any reason you think this happens?


Because air travel companies are now selling in-flight wifi.

How will they sell it if airplane mode doesn't allow wifi?

Android since 4.0 and IOS since 6 allow for this. Just enable wifi after airplane mode.


To disable that deceptive snooping in 6.0 (Marshmallow):

Settings -> Location -> Improve Accuracy -> Toggle Wi-Fi scanning.


Yes but now every app you open is going to pester you about enabling wifi, including google maps, which will ask you every time you open it.


I've never seen that, but then I'm running an ancient version of Cyanogenmod (based on Android 4.4.4) that might not be obnoxious yet in this regard.


Any idea how to do this in 7?


google surreptitiously moved it to the ellipsis menu.

on android 7 and 7.1:

settings > location > three vertical dots on the top right > scanning.

And on this screen disable wifi and bluetooth scanning.

And, you would think that would disable wifi/bt scanning, right? wrong!

on the previous screen (settings>location), you also have to click on "mode". And then select "Device only". If you select "high accuracy" or "battery saving", it will ignore the wifi off on the ellipsis menu and still use it!

And there is more! ...still on the location screens, scroll down. Past the "recent location requests" and see a section called "Location services". It might very well include a "Qualcomm izat accelerated location". What it does? well, nobody knows! does it enable wifi from sleep mode on the chip? it might. it might not. again, who knows?


Same steps.


This is pretty simple and I don't think it's nefarious. Android WiFi is used for two purposes, networking and location. The main WiFi switch toggles the networking function and the main location switch toggles its location fuction as well as other location providers such as GPS and cellular location. If you want the main WiFi toggle to also affect its location function then that's what the "Always allow scanning" setting is for.


Well apparently it's not just my phone using it to track my location. This article convinced me to disable the always on Wi-Fi scanning.

> However, Wi-Fi scans are not only used by the device to derive its location, analytics companies now leverage the Wi-Fi probe requests to estimate the number of visitors in stores and malls and to record customer mobility. Indeed, by counting the number of unique MAC addresses broadcast in probe requests, retailers can derive the number of smartphone carriers in their store. Location tracking of these customers is performed by following these MAC addresses as they are heard by antennas located in different spots.


Both iOS and Android started randomizing WiFi Mac addresses a few years ago to prevent that kind of tracking.


I'm just now learning about all this (I'd heard about stores tracking customers, but thought it only worked with Wifi enabled), but it seems many Android phones don't actually do randomization, and it can be easily fingerprinted even if they do.

From a 2017 paper, https://arxiv.org/abs/1703.02874v1

> First, we show that devices commonly make improper use of randomization by sending wireless frames with the true, global address when they should be using a randomized address. We move on to extend the passive identification techniques of Vanhoef et al. to effectively defeat randomization in ~96% of Android phones. Finally, we show a method that can be used to track 100% of devices using randomization, regardless of manufacturer, by exploiting a previously unknown flaw in the way existing wireless chipsets handle low-level control frames.

and near the end of section 4.2

> Therefore we posit that much less than ∼50% of devices conduct randomization.


Then how is it possible for my iPhone to connect to my AP that has MAC filtering enabled?


I think the MAC address randomization is only for the scanning, not connecting.


Just like the tracking companies upgraded to fingerprinting around then.


I downvoted you for trivializing (or missing) the problem.


I disagree, gp's is a perfectly valid level headed response. It has been known for quite some time that WiFi is used to make the location service more accurate.

Think of it from the typical user's perspective: what would they think if disabling wifi suddenly made maps very innacurate? That sounds like the start of a bug report to me.

Everything doesn't have to be some big nefarious plan. Sometimes the sensible defaults for normal users don't align with privacy-conscious users.


>It has been known for quite some time that WiFi is used to make the location service more accurate.

>what would they think if disabling wifi suddenly made maps very innacurate?

Taking everything you said at face value.. So anything less than "more accurate" to you, means "very inaccurate" ?


So "normal users" doesn't automatically mean "privacy-conscious users" to you? You also are missing (or trivializing) the problem.


Serious question: have you met many normal internet users? At risk of being too blunt, "normal" people don't give a shit about privacy. I'm not talking about people that hang out here, or on some irc channel, or pretty much any other tech website. I'm talking about the hundreds of millions of people whose primary internet activities are facebook, google searches, media consumption, and online email, in that order. These people are "normal", by number. Only some of these people are aware of privacy enough to set their facebook profile off of public, and 99% of them never look into any privacy settings past that.

If you're privacy-conscious enough to worry about this, you probably don't even have a facebook profile (or at least don't have it installed on your phone), and that by itself puts you squarely outside of normal.

Most people don't care. I'm sorry.


I have, and you are correct, and still missing the point.

We don't have the right to invade their privacy despite their apathy.

That's what you and the other "level-headed" fella are normalizing: the idea that somehow being "a tech company" makes it okay for us to perform mass surveillance and manipulation on our fellow human beings. It's not okay. It's not okay if the people are ignorant of it, and it's still not okay even if they are just apathetic about it.

There should be a big ol' OPT IN button for tracking, right up front. If the user doesn't deliberately turn it on (and no fair offering incentives) then they don't get tracked.

(We are going to do it anyway, because they are literally too stupid to manage themselves, and they are too stupid to stop us.)

I'm actually in favor of total surveillance (I wrote a whole blog post a few years back about how it's the "perfection of Democracy".[1]) What I'm against is the idea that it's fine to "trick" people into being scanned and tracked w/o their knowledge and explicit consent.

What we are witnessing is the formation of a split between Morlocks and Eloi. There's a de facto privileged group that benefits from the massive asymmetry in the data collection and analysis machinery, and the "normal people" who now form a digital peasantry and must be content with what we give them. Maybe this is the way it has to be.

[1] http://firequery.blogspot.com/2013/10/total-surveillance-is-...


Does any body knows how to run a passive scan for networks in range from an app, even if the Wi-Fi is OFF?

I know this is possible for sure, the app "Wifi Analyzer" does it. As you can see on:

https://snag.gy/cfYTmy.jpg

The only network related permission this app requests is "Wi-Fi connection information" so I'm wondering how they do it, and if it is possible to do so from a background service. I will like to run scans periodically and show up a notification once a predefined network is in-range.


This relates to the setting mentioned in the article, "always allow scanning".



Title needs a pdf tag.


People concerned about such matters use devices with cellular and WiFi radio nuked. With separate devices for cellular and WiFi radio. Connected using shielded wires.

Edit: OK, people greatly concerned do that. I don't even use the damn things. But I know what it takes to secure them.

Edit: I note that none of my VM hosts have integrated cellular and WiFi radios. And I seriously doubt that devices used in high-security commercial, government and military roles have such things. Maybe not even integrated Ethernet. Also, devices with modular cellular and WiFi radios could be produced in the consumer sector. Maybe they'd cost more, and only sell in niche markets, but it's doable.


Interesting that simple UI on/off switch requires a scientific paper as proper documentation.


F Droid wifi police


Sleazy. Then again, par for the course for modern Google.


The honest answer is unless you physically disable your wifi antenna, you can't really be sure. The same thing with your laptop web camera or anything physical on your desktop/laptop/smartphone/etc.

If you want to be sure that your laptop camera isn't recording you, you have to put electric tape over it, if you want to make sure your mics on your devices aren't recording you then you have to physically block it.

http://www.telegraph.co.uk/technology/2016/09/15/put-tape-ov...

This is a very complicated issue of reliability of kernel/compilers/hardware/etc. We are dependent on these layers telling us what "reality" is. But how reliable is it?

And interesting look into "trust".

http://wiki.c2.com/?TheKenThompsonHack




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: