FORUMS
Remove All Ads from XDA

Understanding Pry-Fi and 802.11 probe requests

186 posts
Thanks Meter: 422
 
By cernekee, Senior Member on 2nd February 2014, 08:08 PM
Post Reply Email Thread
12th June 2014, 10:17 AM |#31  
h4waii's Avatar
Senior Member
Thanks Meter: 79
 
More
Quote:
Originally Posted by E:V:A

Has anyone done any testing for possible side-effects when using MAC address randomization while using VPN, large downloads or other persistent connection?

Provided the address doesn't change between sessions (only on association and connection) there is no issue with changing addresses.
The Following User Says Thank You to h4waii For This Useful Post: [ View ] Gift h4waii Ad-Free
 
 
12th June 2014, 06:49 PM |#32  
Chainfire's Avatar
Moderator Emeritus / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 88,027
 
Donate to Me
More
Here's some source patches: http://forum.xda-developers.com/show....php?t=2780902
The Following User Says Thank You to Chainfire For This Useful Post: [ View ]
4th July 2014, 08:02 PM |#33  
Chainfire's Avatar
Moderator Emeritus / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 88,027
 
Donate to Me
More
EFF is letting their voice be heard on this subject:

https://www.eff.org/deeplinks/2014/0...ere-youve-been

A Googler submitted a patch to wpa_supplicant yesterday about this:

http://w1.fi/cgit/hostap/commit/?h=p...38fec049ba1827

If anyone is still interested in this debate ( @cernekee ?), I find that patch very curious. There's not that much information out there about PNO, but as I understood it, it's primary purpose is allowing the device to notice Wi-Fi networks it knows while the main CPU is asleep, so it can then wake the main CPU to take action. The scanning PNO does is implemented in the Wi-Fi firmware.

With this patch to wpa_supplicant, only manually added and hidden networks will be handed over to be scanned by the PNO feature. While this obviously prevents leakage of the names of the other configured Wi-Fi networks, this would then also mean those latter Wi-Fi networks (which would be most of the networks you normally use, for most people) are no longer scanned for at all, if the main CPU is sleeping.

To me it seems that for most cases this completely negates the use of PNO. If you're building a firmware and disable PNO support completely, in that case Android would wake up the CPU every few minutes to manually scan and connect to any known network (without the leaking), while with PNO you'd end up only connecting to hidden/manual networks (while the main CPU is sleeping).

Of course it is possible that Google is also modifying Android itself to keep doing those scans every few minutes even if PNO is enabled with this new patch, this can't be learned from this specific commit. Then I don't see the use for enabling PNO at all though ...

Seems to me that it would be much better if the Wi-Fi chips firmwares were updated, so PNO only broadcasts the hidden/manual SSIDs, but still checks for all the others ones as well.

Thoughts?
The Following User Says Thank You to Chainfire For This Useful Post: [ View ]
6th July 2014, 12:15 PM |#34  
E:V:A's Avatar
Inactive Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,205
 
More
Quote:
Originally Posted by Chainfire

... There's not that much information out there about PNO, but as I understood it, it's primary purpose is allowing the device to notice Wi-Fi networks it knows while the main CPU is asleep, so it can then wake the main CPU to take action.

I'm not sure that is the main purpose. I think the main purpose would be to use a (preferred/known) WiFi network when that is available, to make various services updates, instead of using the mobile network, thus saving energy and packet data money. This is useful for apps constantly using the network, like Facebook, Viber, weather and so on. About the sleep policy, I don't know, but I would assume it doesn't matter wheather the phone is sleeping or not. If it is sleeping, ok then perhaps it's woken up. And if not, then that particular WiFi connection is used instead of 3/4G.

Quote:

With this patch to wpa_supplicant, only manually added and hidden networks will be handed over to be scanned by the PNO feature. While this obviously prevents leakage of the names of the other configured Wi-Fi networks, this would then also mean those latter Wi-Fi networks (which would be most of the networks you normally use, for most people) are no longer scanned for at all, if the main CPU is sleeping.

Why do you say that? I certainly don't use any other WiFi networks, than those I have added manually.
6th July 2014, 12:54 PM |#35  
Chainfire's Avatar
Moderator Emeritus / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 88,027
 
Donate to Me
More
Quote:
Originally Posted by E:V:A

I'm not sure that is the main purpose. I think the main purpose would be to use a (preferred/known) WiFi network when that is available, to make various services updates, instead of using the mobile network, thus saving energy and packet data money. This is useful for apps constantly using the network, like Facebook, Viber, weather and so on. About the sleep policy, I don't know, but I would assume it doesn't matter wheather the phone is sleeping or not. If it is sleeping, ok then perhaps it's woken up. And if not, then that particular WiFi connection is used instead of 3/4G.

Your explanation doesn't make any sense, as PNO is only used when the main CPU is asleep (so no apps can communicate), and the only information it gets from wpa_supplicant is the names of the networks to connect to, as I can see it.

Quote:

Why do you say that? I certainly don't use any other WiFi networks, than those I have added manually.

I don't mean one you've tapped to connect to, then entered the password, but ones you add fully manually, including typing in the network name and manually picking the encryption settings.
6th July 2014, 05:10 PM |#36  
E:V:A's Avatar
Inactive Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,205
 
More
Quote:
Originally Posted by Chainfire

Your explanation doesn't make any sense, as PNO is only used when the main CPU is asleep (so no apps can communicate), and the only information it gets from wpa_supplicant is the names of the networks to connect to, as I can see it.

Well then I just can't see any point of having PNO on at all. What is that, another marketing trick? I don't care if my wifi connection take 1 second longer to be established, as long as I can be confident its not spewing my personal data all over the ether. Remove it.

Quote:

I don't mean one you've tapped to connect to, then entered the password, but ones you add fully manually, including typing in the network name and manually picking the encryption settings.

WTF! I had no idea it made that distinction. That is sickening. So in what files are these two distinct lists kept? I wanna check this out. (Another chicken whim from the head-less Android development team?)
The Following User Says Thank You to E:V:A For This Useful Post: [ View ] Gift E:V:A Ad-Free
20th August 2014, 03:13 PM |#37  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by Chainfire

A Googler submitted a patch to wpa_supplicant yesterday about this:

http://w1.fi/cgit/hostap/commit/?h=p...38fec049ba1827

[...]

With this patch to wpa_supplicant, only manually added and hidden networks will be handed over to be scanned by the PNO feature. While this obviously prevents leakage of the names of the other configured Wi-Fi networks, this would then also mean those latter Wi-Fi networks (which would be most of the networks you normally use, for most people) are no longer scanned for at all, if the main CPU is sleeping.

Could it be that this patch would have wpa_supplicant include a wildcard SSID, together with the list of hidden networks, so PNO would effectively ask every network in range (including any known hidden networks) to reply? Reading the comment on the following line (which is called only when num_match_ssid > num_ssid, and thus when any non-hidden network is in the user's PNL) made me suspect this:

Code:
+		params.num_ssids++; /* wildcard */
I'm not sure how this would work, though, as it would then need to wake up the CPU as soon as *any* network is in range (unless the Wi-Fi chip has another way of knowing which networks it should look for). I agree that the only real solution seems to be to fix it at the level of the firmware.
17th December 2017, 09:25 PM |#38  
Junior Member
Thanks Meter: 0
 
More
The last response in this very interesting topic being over 3 years old, I'd be interested if anyone has been following the Android Wi-Fi security developments and could tell us something about the current state.

One article from 2017 I found stated:
Quote:

Only an estimated 6% of Android phones randomize MACs, and they do it poorly.

arstechnica.com/information-technology/2017/03/shielding-mac-addresses-from-stalkers-is-hard-android-is-failing-miserably/
Post Reply Subscribe to Thread

Tags
pri-fi, privacy, wifi

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes