[Q] AT&T Detected Tether Apps?

Search This thread

willp2

Senior Member
Nov 8, 2004
95
4
So today I got the letter in the mail from AT&T telling me that I need to stop tethering or that I'll lose my old grandfathered in unlimited data plan and be moved to plan that supports tethering and a data cap.

I called the number they gave me to get some info on what they were going to say they told me very generally that they have detected tethering and that if I don't stop by the end of the month, they will bump my plan. She gave me a laundry list of things that are considered tethering, from wifi hotspots to getting internet access for a gaming console.

I pressed very hard to find out what exactly I have done that they register as tethering more than anything I wanted specifics. She told me several times that they couldn't give out specifics as that is proprietary information. When I suggested that this might just them trying to force me onto a more expensive plan since they were unable to give me any proof that I had been tethering, she paused and said that she's wait while I look in my phone for tethering apps. I told her I don't have any tethering apps and she told me to look again. After some back and forth, she told me that the mere existence of a tethering app on the phone was considered tethering.

Beyond the issue of tethering at the moment I'm bothered that they even know what apps are on my phone and that they might use the existence of an app as justification to alter my service.

Has anyone heard of the carrier looking at apps like this before? From a privacy standpoint, I'd like to see if there is some way to keep their nose out of my business. Anyone know of a way to keep AT&T out of my phone?
 

RocketSled

Member
Dec 10, 2006
29
9
Samsung Galaxy Z Fold2
If you were to have a tethering app on your phone (and of course, you don't), what would it be? i.e., if AT&T can detect certain apps, what, do you suppose (without admitting anything incriminating), are the apps they're talking about?

I can't imagine they'd be crazy enough to surreptitiously audit the content of a subscriber's phone, and then tacitly admit to it with this sort of inquiry. But I could imagine that they can detect tethering "signatures" via snooping network traffic. For example, if you tether to a PC and use that to browse the internet, the user agent will look different than when the phone's browser is being used. Or if you left a tethering session running and they saw your phone pulling down updates for Microsoft Windows, that'd sure be a dead giveaway. There's little if any reason to pull anything off Windows Update with a phone. They could maybe get away with detecting that sort of thing since they wouldn't be looking at data content, just whether or not the data source was consistent with a smartphone or not...
 

TEKHD

Inactive Recognized Developer / XDA Portal Scout
So today I got the letter in the mail from AT&T telling me that I need to stop tethering or that I'll lose my old grandfathered in unlimited data plan and be moved to plan that supports tethering and a data cap.

I called the number they gave me to get some info on what they were going to say they told me very generally that they have detected tethering and that if I don't stop by the end of the month, they will bump my plan. She gave me a laundry list of things that are considered tethering, from wifi hotspots to getting internet access for a gaming console.

I pressed very hard to find out what exactly I have done that they register as tethering more than anything I wanted specifics. She told me several times that they couldn't give out specifics as that is proprietary information. When I suggested that this might just them trying to force me onto a more expensive plan since they were unable to give me any proof that I had been tethering, she paused and said that she's wait while I look in my phone for tethering apps. I told her I don't have any tethering apps and she told me to look again. After some back and forth, she told me that the mere existence of a tethering app on the phone was considered tethering.

Beyond the issue of tethering at the moment I'm bothered that they even know what apps are on my phone and that they might use the existence of an app as justification to alter my service.

Has anyone heard of the carrier looking at apps like this before? From a privacy standpoint, I'd like to see if there is some way to keep their nose out of my business. Anyone know of a way to keep AT&T out of my phone?

Are you on stock AT&T rom?

Sent from my SAMSUNG-SGH-I317 using XDA Premium HD app
 

willp2

Senior Member
Nov 8, 2004
95
4
While I hope for their own sake that they aren't auditing software on the devices, I suppose they could be watching what people download. For instance, some tethering apps are just not available in the Play store if you are coming from AT&T or Sprint. I could see that perhaps in one of the many TOS agreements I clicked OK on without reading there was something that said they could sniff around my phone.

I assumed they would be looking at traffic, but after being quite vague over and over again, she was very specific about a tethering app. Agreed that as soon as a PC goes online it creates all kinds of traffic that wouldn't look like a smart phone.

I am using the stock / not rooted AT&T ROM at this point. I normally root right away, but I haven't really had a need on this one.

I would root and use a different ROM if I felt like it would keep their noses out of my junk. Even if I was tethering, I'm not using a crazy amount of data so I find the whole thing pretty silly.

Now I am thinking that if they do change my tethering plan without my permission, I have to assume that I can break my contract if I want and move elsewhere. Just not sure where I could get another Note II with unlimited data at a decent price.
 

hyelton

Recognized Contributor
May 26, 2010
13,958
6,233
31
Wilmington
While I hope for their own sake that they aren't auditing software on the devices, I suppose they could be watching what people download. For instance, some tethering apps are just not available in the Play store if you are coming from AT&T or Sprint. I could see that perhaps in one of the many TOS agreements I clicked OK on without reading there was something that said they could sniff around my phone.

I assumed they would be looking at traffic, but after being quite vague over and over again, she was very specific about a tethering app. Agreed that as soon as a PC goes online it creates all kinds of traffic that wouldn't look like a smart phone.

I am using the stock / not rooted AT&T ROM at this point. I normally root right away, but I haven't really had a need on this one.

I would root and use a different ROM if I felt like it would keep their noses out of my junk. Even if I was tethering, I'm not using a crazy amount of data so I find the whole thing pretty silly.

Now I am thinking that if they do change my tethering plan without my permission, I have to assume that I can break my contract if I want and move elsewhere. Just not sure where I could get another Note II with unlimited data at a decent price.


Also make sure you DONT use internet explorer that is a NO NO for tethering with AT&T they see the browser agent and KNOW that`s not possible without tethering.
 

spycedtx

Senior Member
Oct 19, 2009
738
175
Also make sure you DONT use internet explorer that is a NO NO for tethering with AT&T they see the browser agent and KNOW that`s not possible without tethering.

Prove I haven't just changed my agent string to make the stupid app server think I'm on a windows desktop and using IE.


One of my friends pinged me 2 days ago. He got the friendly text stating tethering isn't allowed without a tether plan. No tethering on his part, just a lot of vevo traffic.
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html
 

DeMiNe0

Senior Member
Dec 13, 2007
271
100
You could setup a linux machine at home and keep that running. Setup an SSH tunnel from your phone to your home linux box and tunnel all the tethering traffic through that. To AT&T that would just look like an encrypted ssh connection.
 

DeMiNe0

Senior Member
Dec 13, 2007
271
100
You could also run a Windows virtual machine on your phone. It's already been done.

That wouldn't help. FIrst, I don't think there are any hardware network drivers for windows for the Note II, so it wouldn't be able to get internet. Second, If he did have internet, he would still run into the same issue of unencrypted traffic being sniffed by at&t. Sure he could setup an ssh tunnel from windows, but at that point it's just silly to run windows on the note just to encrypt traffic.
 

willp2

Senior Member
Nov 8, 2004
95
4
I assume one could use any VPN like the SSH tunnel or something like hotspot shield or similar as long as all traffic is forced through the tunnel and there really would be no way for anyone to tell what you are doing.
 

DeMiNe0

Senior Member
Dec 13, 2007
271
100
I assume one could use any VPN like the SSH tunnel or something like hotspot shield or similar as long as all traffic is forced through the tunnel and there really would be no way for anyone to tell what you are doing.
YA, thats the idea. As long as traffic is encrypted somehow there is little that AT&T can sniff.
 

willp2

Senior Member
Nov 8, 2004
95
4
That wouldn't help. FIrst, I don't think there are any hardware network drivers for windows for the Note II, so it wouldn't be able to get internet. Second, If he did have internet, he would still run into the same issue of unencrypted traffic being sniffed by at&t. Sure he could setup an ssh tunnel from windows, but at that point it's just silly to run windows on the note just to encrypt traffic.
I think he was perhaps referring to why there was traffic that looks like it originated from a PC coming from my phone. So if someone was running a VM on the phone itself it would produce some PC looking traffic. If that was the idea there, I assume tethering to a VM is still tethering?
 

Darkshado

Senior Member
Apr 16, 2011
1,028
501
Montréal
Nvidia Shield Tablet
Nexus 6
Yeah: Provided you can run Qemu or Virtualbox you can run Windows in it, and it will have network access just like any VM would from a full sized computer. My point is that you can make a non-tethered phone generate the very same sort of IP traffic a computer would.

Heck, if the Fujitsu LOOX F-07C can run on AT&T, you don't even need a VM to generate connections to Windows Update and a desktop IE user agent!
 

pyo

Senior Member
Jul 28, 2007
57
2
DC
I got the same message last week. I don't tether at all. I'm on cleanrom 4.5. Tried to request what apps they suspect me of using but wouldn't tell me either. I know all the apps I have on my phone as I keep things very simple. I will admit I do use a lot of data (4-4.5 gigs in 2 weeks lol)

I use Pandora and tunein app to stream music all the time. Only thing that I recently did out of the normal routine was use the desktop view on Google chrome. Would that give a different browser signature?
 

spycedtx

Senior Member
Oct 19, 2009
738
175
I got the same message last week. I don't tether at all. I'm on cleanrom 4.5. Tried to request what apps they suspect me of using but wouldn't tell me either. I know all the apps I have on my phone as I keep things very simple. I will admit I do use a lot of data (4-4.5 gigs in 2 weeks lol)

I use Pandora and tunein app to stream music all the time. Only thing that I recently did out of the normal routine was use the desktop view on Google chrome. Would that give a different browser signature?

Yes, it would show a user-agent string without indicating mobile. But not likely something to trigger a tether notice, as I use desktop view all the time. It's likely the high data usage that makes them think tether.

-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html
 

privatewarrior1

Senior Member
Nov 29, 2011
191
25
So today I got the letter in the mail from AT&T telling me that I need to stop tethering or that I'll lose my old grandfathered in unlimited data plan and be moved to plan that supports tethering and a data cap.

I called the number they gave me to get some info on what they were going to say they told me very generally that they have detected tethering and that if I don't stop by the end of the month, they will bump my plan. She gave me a laundry list of things that are considered tethering, from wifi hotspots to getting internet access for a gaming console.

I pressed very hard to find out what exactly I have done that they register as tethering more than anything I wanted specifics. She told me several times that they couldn't give out specifics as that is proprietary information. When I suggested that this might just them trying to force me onto a more expensive plan since they were unable to give me any proof that I had been tethering, she paused and said that she's wait while I look in my phone for tethering apps. I told her I don't have any tethering apps and she told me to look again. After some back and forth, she told me that the mere existence of a tethering app on the phone was considered tethering.

Beyond the issue of tethering at the moment I'm bothered that they even know what apps are on my phone and that they might use the existence of an app as justification to alter my service.

Has anyone heard of the carrier looking at apps like this before? From a privacy standpoint, I'd like to see if there is some way to keep their nose out of my business. Anyone know of a way to keep AT&T out of my phone?

To the OP, did you tether ever?

I am worried that innocent people will lose their unlmtd plan? We need to find out if their detection system is wrong?
 

JohnCorleone

Senior Member
Dec 19, 2010
16,188
5,864
Whittier,CA
Wait, I signed up for 2 lines around 3 or 4 months sgo and they said because I got the max 6gigs of data a month I could tether all I want. I haven't for more than 10 minutes but I have noticed that AT&T sales reps speak in half truths. I was told if I paid the 10 a month for insurance I could break it by throwing it at someone" Well I added my 2nd line 10 days later and only then found out about a $200 deductible. I was definitely never told about a high deductible upon signing with them. I dont hold back though. I had all prorated charges waived.

Sent from my SAMSUNG-SGH-I317 using Xparent Skyblue Tapatalk 2
 

cyrano821

Senior Member
Sep 27, 2010
53
6
You could setup a linux machine at home and keep that running. Setup an SSH tunnel from your phone to your home linux box and tunnel all the tethering traffic through that. To AT&T that would just look like an encrypted ssh connection.
That's exactly what I do and no problems thus far
 

woody1

Senior Member
May 2, 2010
770
103
Atlanta
Tethering detection has been discussed many times. The consensus is that they detect tethering by examining the TTL (Time-To-Live) value in the packet. When you tether a device, it shows a different TTL value than the one used in data packets sent by the phone and that's what they look for. There are other tricky things they can examine in the packet headers that can be used to detect tethering, but those are more complicated and take more effort on the part of the the wireless provider.

From what I read, it looks like SSH tunneling over a VPN would allow you to tether without detection, but I haven't heard of any definitive test on this. The biggest problem I see with that approach is that it really slows down your connection.

Here's a very technical paper that discusses tethering and methods to defeat it: Tethering Camouflage

These guys created a test app that rewrites packet data to hide tethering. In the article, they compare their method to using a VPN, which they imply will do the trick. Their opinion is that wireless providers will eventually give up on trying to enforce tethering restrictions because people will find ways to defeat it and it will cost them more than it's worth.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Tethering detection has been discussed many times. The consensus is that they detect tethering by examining the TTL (Time-To-Live) value in the packet. When you tether a device, it shows a different TTL value than the one used in data packets sent by the phone and that's what they look for. There are other tricky things they can examine in the packet headers that can be used to detect tethering, but those are more complicated and take more effort on the part of the the wireless provider.

    From what I read, it looks like SSH tunneling over a VPN would allow you to tether without detection, but I haven't heard of any definitive test on this. The biggest problem I see with that approach is that it really slows down your connection.

    Here's a very technical paper that discusses tethering and methods to defeat it: Tethering Camouflage

    These guys created a test app that rewrites packet data to hide tethering. In the article, they compare their method to using a VPN, which they imply will do the trick. Their opinion is that wireless providers will eventually give up on trying to enforce tethering restrictions because people will find ways to defeat it and it will cost them more than it's worth.