You are being watched...
A fairly new trend in (for example) retail is tracking customer's movements by snooping Wi-Fi signals. If your Wi-Fi is turned on, even though it is not connected to any network, your phone will periodically broadcast a unique number (the MAC address), as well as all the Wi-Fi network names and addresses it remembers ever connecting to. With newer Android versions this can happen even if Wi-Fi is turned off, due to a feature called "scanning always available", which helps your device better determine its location.
At the very least, businesses can use these signals to track your visits. But these signals can also be used by a malicious entity (store owners, for example) to track your exact physical location in any area under their Wi-Fi surveillance. In a store, this data can be used for optimizing another one of those annoying store re-arrangements, forcing you to walk by all the product you don't want, to get to those you do want. Or detecting products you're tempted by, but ultimately not buying.
Of course they can also track your trip to the register, and couple your device's MAC address to the payment information (and thus many details about who you are). The tracking hardware and software vendors, the store (or chain) owner, their business partners, they can now all track where you are every time you come into range of one of their systems, and fully profile who you are, what you do, your financials, and your daily patterns!
That's just one small example - the possibilities are endless. A crook could hide a tracker at a bunch of houses, and in an automated fashion learn the patterns of everybody living in all those houses, without even having to do any surveillance - picking the ideal time to heist the family jewels becomes trivial. Authorities can use this information to correlate physical evidence with your location as well, and all the nastiness that comes with that.
Not even mentioning that your device's habit of announcing who all it's friends are and their names, makes it easier for hackers to perform a man-in-the-middle attack, tricking your phone to connect to an access point under their control.
Pry-Fi
One solution is shutting off Wi-Fi completely (including the background network scanning), but you would lose benefits like automatically connecting to known Wi-Fi networks and improved location awareness for your apps. It also does nothing to help the situation for others.
Pry-Fi will prevent your device from announcing all the networks it knows to the outside world, but it will still allow background scanning and automatically connecting to Wi-Fi networks. While you are not connected to a Wi-Fi network, the MAC address will constantly be pseudo-randomized, following a pattern that still makes the trackers think you are a real person, but they will not encounter your MAC address again. This will slowly poison their tracking database with useless information.
When you do connect to a Wi-Fi network, unless you specify otherwise, your MAC address will also be randomized - the same MAC address will not be used the next time you connect to this or any other network.
War!
Though of course the companies involved with these trackers claim they wouldn't use the data maliciously, the possibility is there, and we all know that if something can be abused, ultimately it will be. There do not appear to be any laws against these practices yet, nor is it likely Wi-Fi will be redesigned any time soon to get rid of the information leaks.
But we can make an effort to reduce the usefulness of the tracking data for the exploiters. Pry-Fi comes with a War mode, which when enabled tries to make your Android device appear like dozens of people. Just wandering around an area under Wi-Fi location surveillance for a few minutes can ruin the tracking data for the period of your stay.
Proof-of-Concept
This is proof-of-concept code, and how for it will go in the future depends on interest and how well it works. It has been tested on several devices and seems to work, but it is very young still. The magic the app does to achieve its purpose is ever subject to changing Android security policies and OEM customizations, so even though it works now, there really is no saying if it will still be possible in future firmwares.
Download
You can get Pry-Fi from Google Play
If Play is not working out for you, the APK is also attached below
TEST
Attached you will also find a 'beta-test' version. This one is compiled to work on all Android 4.0+ devices (instead of 4.2+ of the current official release). I have made all the changes needed to make it compile and technically run on pre-4.2 firmwares, but I have not tested it on an actual 4.0 or 4.1 firmware yet. Let me know if it works for your pre-4.2 firmware!
A fairly new trend in (for example) retail is tracking customer's movements by snooping Wi-Fi signals. If your Wi-Fi is turned on, even though it is not connected to any network, your phone will periodically broadcast a unique number (the MAC address), as well as all the Wi-Fi network names and addresses it remembers ever connecting to. With newer Android versions this can happen even if Wi-Fi is turned off, due to a feature called "scanning always available", which helps your device better determine its location.
At the very least, businesses can use these signals to track your visits. But these signals can also be used by a malicious entity (store owners, for example) to track your exact physical location in any area under their Wi-Fi surveillance. In a store, this data can be used for optimizing another one of those annoying store re-arrangements, forcing you to walk by all the product you don't want, to get to those you do want. Or detecting products you're tempted by, but ultimately not buying.
Of course they can also track your trip to the register, and couple your device's MAC address to the payment information (and thus many details about who you are). The tracking hardware and software vendors, the store (or chain) owner, their business partners, they can now all track where you are every time you come into range of one of their systems, and fully profile who you are, what you do, your financials, and your daily patterns!
That's just one small example - the possibilities are endless. A crook could hide a tracker at a bunch of houses, and in an automated fashion learn the patterns of everybody living in all those houses, without even having to do any surveillance - picking the ideal time to heist the family jewels becomes trivial. Authorities can use this information to correlate physical evidence with your location as well, and all the nastiness that comes with that.
Not even mentioning that your device's habit of announcing who all it's friends are and their names, makes it easier for hackers to perform a man-in-the-middle attack, tricking your phone to connect to an access point under their control.
Pry-Fi
One solution is shutting off Wi-Fi completely (including the background network scanning), but you would lose benefits like automatically connecting to known Wi-Fi networks and improved location awareness for your apps. It also does nothing to help the situation for others.
Pry-Fi will prevent your device from announcing all the networks it knows to the outside world, but it will still allow background scanning and automatically connecting to Wi-Fi networks. While you are not connected to a Wi-Fi network, the MAC address will constantly be pseudo-randomized, following a pattern that still makes the trackers think you are a real person, but they will not encounter your MAC address again. This will slowly poison their tracking database with useless information.
When you do connect to a Wi-Fi network, unless you specify otherwise, your MAC address will also be randomized - the same MAC address will not be used the next time you connect to this or any other network.
War!
Though of course the companies involved with these trackers claim they wouldn't use the data maliciously, the possibility is there, and we all know that if something can be abused, ultimately it will be. There do not appear to be any laws against these practices yet, nor is it likely Wi-Fi will be redesigned any time soon to get rid of the information leaks.
But we can make an effort to reduce the usefulness of the tracking data for the exploiters. Pry-Fi comes with a War mode, which when enabled tries to make your Android device appear like dozens of people. Just wandering around an area under Wi-Fi location surveillance for a few minutes can ruin the tracking data for the period of your stay.
Proof-of-Concept
This is proof-of-concept code, and how for it will go in the future depends on interest and how well it works. It has been tested on several devices and seems to work, but it is very young still. The magic the app does to achieve its purpose is ever subject to changing Android security policies and OEM customizations, so even though it works now, there really is no saying if it will still be possible in future firmwares.
Download
You can get Pry-Fi from Google Play
If Play is not working out for you, the APK is also attached below
TEST
Attached you will also find a 'beta-test' version. This one is compiled to work on all Android 4.0+ devices (instead of 4.2+ of the current official release). I have made all the changes needed to make it compile and technically run on pre-4.2 firmwares, but I have not tested it on an actual 4.0 or 4.1 firmware yet. Let me know if it works for your pre-4.2 firmware!
Attachments
-
71.8 KB Views: 38,499
-
71.9 KB Views: 24,168
Last edited: