A fairly new trend in (for example) retail is tracking customer's movements by snooping Wi-Fi signals. If your Wi-Fi is turned on, even though it is not connected to any network, your phone will periodically broadcast a unique number (the MAC address), as well as all the Wi-Fi network names and addresses it remembers ever connecting to. With newer Android versions this can happen even if Wi-Fi is turned off, due to a feature called "scanning always available", which helps your device better determine its location.
At the very least, businesses can use these signals to track your visits. But these signals can also be used by a malicious entity (store owners, for example) to track your exact physical location in any area under their Wi-Fi surveillance. In a store, this data can be used for optimizing another one of those annoying store re-arrangements, forcing you to walk by all the product you don't want, to get to those you do want. Or detecting products you're tempted by, but ultimately not buying.
Of course they can also track your trip to the register, and couple your device's MAC address to the payment information (and thus many details about who you are). The tracking hardware and software vendors, the store (or chain) owner, their business partners, they can now all track where you are every time you come into range of one of their systems, and fully profile who you are, what you do, your financials, and your daily patterns!
That's just one small example - the possibilities are endless. A crook could hide a tracker at a bunch of houses, and in an automated fashion learn the patterns of everybody living in all those houses, without even having to do any surveillance - picking the ideal time to heist the family jewels becomes trivial. Authorities can use this information to correlate physical evidence with your location as well, and all the nastiness that comes with that.
Not even mentioning that your device's habit of announcing who all it's friends are and their names, makes it easier for hackers to perform a man-in-the-middle attack, tricking your phone to connect to an access point under their control.
One solution is shutting off Wi-Fi completely (including the background network scanning), but you would lose benefits like automatically connecting to known Wi-Fi networks and improved location awareness for your apps. It also does nothing to help the situation for others.
Pry-Fi will prevent your device from announcing all the networks it knows to the outside world, but it will still allow background scanning and automatically connecting to Wi-Fi networks. While you are not connected to a Wi-Fi network, the MAC address will constantly be pseudo-randomized, following a pattern that still makes the trackers think you are a real person, but they will not encounter your MAC address again. This will slowly poison their tracking database with useless information.
When you do connect to a Wi-Fi network, unless you specify otherwise, your MAC address will also be randomized - the same MAC address will not be used the next time you connect to this or any other network.
Though of course the companies involved with these trackers claim they wouldn't use the data maliciously, the possibility is there, and we all know that if something can be abused, ultimately it will be. There do not appear to be any laws against these practices yet, nor is it likely Wi-Fi will be redesigned any time soon to get rid of the information leaks.
But we can make an effort to reduce the usefulness of the tracking data for the exploiters. Pry-Fi comes with a War mode, which when enabled tries to make your Android device appear like dozens of people. Just wandering around an area under Wi-Fi location surveillance for a few minutes can ruin the tracking data for the period of your stay.
This is proof-of-concept code, and how for it will go in the future depends on interest and how well it works. It has been tested on several devices and seems to work, but it is very young still. The magic the app does to achieve its purpose is ever subject to changing Android security policies and OEM customizations, so even though it works now, there really is no saying if it will still be possible in future firmwares.
If Play is not working out for you, the APK is also attached below
Attached you will also find a 'beta-test' version. This one is compiled to work on all Android 4.0+ devices (instead of 4.2+ of the current official release). I have made all the changes needed to make it compile and technically run on pre-4.2 firmwares, but I have not tested it on an actual 4.0 or 4.1 firmware yet. Let me know if it works for your pre-4.2 firmware!
- Sony Xperia family - NOT COMPATIBLE
- Oppo devices - NOT COMPATIBLE
Note that your firmwares should be fully up to date - that includes the TrustZone component in case of Samsung.
- Requires SuperSU ?
It's tested against SuperSU, and uses some features that may not be available in other root management apps. Depending on both your Android and root management app version it may or may not work with other solutions, but I certainly recommend against it.
- Using the Android Wi-Fi settings is weird
Pry-Fi does a lot of event-based Wi-Fi on/off switching and connecting/disconnecting. So if you go to settings and turn Wi-Fi on or off, add a network, etc, the interface may start looking as if it has gone mad for a few seconds. Don't worry, this is expected behavior.
- Connecting to a Wi-Fi network (either a new one or a previously known one) is slower
- Forgetting networks
You can't just forget a network from the normal Android Wi-Fi settings. If Pry-Fi is enabled, you need to use the in-app network management tool to forget a network.
- Multiple known networks
Since v1.10, multiple known networks should be supported.
- Hidden networks
It doesn't currently work with hidden SSIDs, and it won't in the future.
- Wi-Fi Direct (to-do)
Behavior is undefined. Pry-Fi probably heavily interferes with this. Needs more testing/development.
- Beam, S Share, etc
Some methods that quickly share data between two Android devices that are close, tapped together, etc, make use of Wi-Fi Direct, and may thus be negatively affected by Pry-Fi.
- Authentication errors
If the Wi-Fi settings keep claiming authentication errors, your device may not actually support changing the MAC address, and Pry-Fi may not be for you... this doesn't have to be the issue, but it is one of the indicators.
2014.02.02 - v1.20
- Force toolbox calls. Typical case of busybox symlinks causing unexpected failures. Probably the primary cause of people losing Wi-Fi completely
- Service receivers are now en/disabled dynamically. Saves a few CPU cycles and a bit of memory when Pry-Fi is installed but disabled.
2014.02.02 - v1.10
- Support for multiple simultaneously known SSIDs
- Spoofing MACs *also* while connected to a network is now a feature you need to enable separately, as this is the feature that causes most issues yet is arguably the least important tracking-wise.
2014.02.01 - v1.02
- Fixed crash/freeze in case of SU denied
- Changed non-SuperSU error to a warning
- Fixed various reported crashes
- Added Superuser permission (doh)
2014.02.01 - v1.01
- (Hopefully) Fixed an issue with the optional IAP
This app only works with SuperSU. Would it be able to work with Koush's Superuser in the near future?
Maybe. Currently has to do with some changes to AOSP that haven't fully panned out yet. Once I'm clear on that, I might put in some time to make it work with Superuser. But I'm certainly not going to delay a release to make it compatible...
Sometimes, we all like to sit back and enjoy a bit of diversion with our favorite mobile apps. Be … more
XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Are you a developer?