brambonne / privacypolice Goto Github PK

The README lists as one of the reasons to use this app:

It prevents your smartphone from sending out the names of Wi-Fi networks it wants to connect to over the air. This makes sure that other people in your surroundings can not see the networks you've connected to, and the places you've visited

However, AFAICS this no longer appears to be the case even without this app installed: I haven't been able to reproduce this issue with my Android 9 device. Do we know until what Android version this was a problem?

Honest question, as this is preventing me to upgrade to latest.

Similar to issue 13, I have access to a large numbers of AP (15000 through the city) and it is a pain to explicitly manually allow them one by one. Since they are secured using EAP-SIM, is it possible to select a different access granting policy than the default MAC-based one?

If i connect to a new network, i got the popup if i want allow it, but the connection isnt blocked.
Yes, i allow and enable GPS.

How can i verify that the other features still work?

Thank you for privacypolice. Please post your bitcoin address on the f-droid page and the readme. Please also do this for all of your other projects.

I just did a fresh install via f-droid. Every time i click on "show known hotspots" the application crashes. Is there anything i can do to help you fix this?

This is my first issue reported in this repository. Good idea!

So the point, after clicking on the notification, AskPermissionActivity is called but after clicking on the "no" button nothing happens and the hotspot doesn't add to the list as a blocked network. tested on Galaxy E5 - Lollipop v5.1.1.

Happy Coding!

Hi Bram,
First of all, congrats for your Wi-Fi Privacy Police Android app!

I think it would be very interesting to add granular management capabilities for the access points (APs) registered by the "Data protection" feature. Instead of just having a single "Clear allowed and blocked hotspots" option, I would provide an advanced option (replacing the current one, or simply complementing it for advanced users) to be able to manage each trusted (or untrusted) entry individually.

The suggested new option should allow the user to get access (view) the current list of trusted/untrusted APs (including at least the network name (SSID) and all the associated MAC addresses (BSSIDs: 1-N)), and also provide edit capabilities, at least to be able to simply delete one of the entries individually (instead of them all, as it works currently). By entry I mean a single association between a SSID and a BSSID, as there can be multiple BSSIDs pointing to the same SSID.

This would allow users to have visibility on the current list of trusted/untrusted APs, and also allow them to clean it up easily, for example, when an single AP is replaced at home or at the office.

Cheers,
Raul

I installed the app on my two devices, N5 and N6, where one connects to our work Guest network and the other to our Private network. The private network is a hidden SSID.

When I first ran the app on the guest network it was immediately blocked as expected, and I authorised it. However on the phone connecting to the private network the app has simply ignored it and connects without needing to be authorised.

Is this as designed or a bug?

It would be handy to have this app distributed through F-Droid. Do you think that would be feasible?

Hi
I'd find it useful to have an option to backup or export the list of known hotspots. That would be a nice feature if you use multpile devices or reset your phone.

As of today, this app blocks traffic from additional android users, which might not have installed the app. The rules should only apply to the current user, since this behavior causes network failures for all other users on the device.

what would be needed to spoof wifi mac address?

Currently when I leave my home and so a trusted hotspot, WiFi stays enabled this is the correct behavior?
WiFi should be disabled automatically IMO.

I'm on Samsung Galaxy S2, running on CyanogenMod 12.1.

I'd like to see a feature where we can choose which WiFi access points we do not want to auto connect to. I currently connect sometimes to WiFi access points like ISP supported access points or Starbucks, etc. But I only want to connect when cell service is iffy or slower than what I'd expect from these free WiFi access points which I can't configure in Lineage OS 14.1 (Nougat 7.1).

As proposed in an e-mail by Denilson Sá:

An airport is a large location, thus it is covered by several access points with the same name. It is also a place where people walk around a lot. This means that I walk 10m and I get a question from your app and the Wi-Fi disconnects.

A solution for this could be an option/button/whatever that let's the user say "auto-add all hot spots with the same name for the next hour". Since the user will be around for quite some time, and for sure it will hop from one access point to another (but with the same name), it makes sense to let the app consider all of them as valid ones. The same UX can be applied whenever there is a large area, such as in a Mall.

(of course, the time of "1 hour" could be selected by the user, but I know making the time adjustable makes the interface harder to design)

"Known hotspots" only shows hotspots it knows about, or has seen. It doesn't show which ones are blocked and which are trusted though.

Suggested: green blob next to name of trusted MAC address, red next to blocked. And then some combination of the colours on the SSID level.

Hey,

this seems to be pretty neat. There is however still one big factor that destroys privacy, and that's the device's MAC address being sent out during probe requests. I don't think this app takes care of that too, does it?

If it doesn't, that's something that should really be added. Afaik Apple does randomize the source MAC for each probe request, which is the right way to do it.

Could this be added?

Hello.

First, thanks to the developer(s) for such great app. It makes our devices a little safer.

Here is the problem:
I have been using the Google Play version of the app for several months without problem (under Android Lollipop).

Today, I updated my Nexus 6 to Mashmallow, and when I have any of the two main switches of the app enabled and the app is not in the foreground, my device disconnects from WiFi.
In Android WiFi settings, it says "Authentication error".
When I disable the two switches or the app is in the foreground, the device correctly connects to my WiFi network.
I am using my home WiFi network, which is on the list of allowed hotspots.

Do you have any reports of the app failing on Marshmallow?

Please, tell me if you want more info.

Connceting to an AP the first time works fine. but reconnecting or connecting to other network is broken. You can see android trying to rescan for network very agressively. The only workaround is to forget existing networks and restart android before it is possible to reconnect.

If you need any logcat dumps I can make one.

For the F-Droid build we currently force sed -i -e 's@lista/string@lista</string@g' src/main/res/values-pt/strings.xml, which should be fixed in upstream, too.

Hello. I have tried your app, but I still see probe requests in monitor mode. You need to change wpa_supplicant settings, to do it you need to modify a component which is used to connect to hotspots which creates settings file and starts wpa_supplicant. This probably can be done using xposed. Also could you add mac addr randomisation and displaying into it?

It would be very handy to have a whitelist / blacklist mechanism, especially for EAP networks. I understand the reason behind rejection of #17, but it would help (in my use case for example) to consciously choose respond to the nag screen "Should the network be available" with yes/no and then "never bother me again about this SSID" as an option.

My usecase is my work network to which I want to say YES everytime, and my ISP WiFi network which is present in the whole nation, to which I want to reply NO everytime, apart from a few cases where I don't have other access to the Internet.

Good evening @BramBonne, I've been a long-term user of your wonderfull app and now wonder why it suddenly needs limited location access after the latest release. I would like to keep my GPS turned off and not be nagged all the time that the app may not function correctly without having revealed my location.

As per mail from Denilson Sá:

• There is a free WiFi called "X". This is the Wi-Fi that I've saved and that I want to connect.
• There is also "Y", which is provided by a phone operator here. I don't want to connect to it. But I admit that someday in the past I had connected to it.
• I've already selected "forget" at the Android settings, I've also cleared known hot spots (for that Wi-Fi name) in your app; still I get the question "Are you sure network 'Y' should be available right now?"

I'm using Wi-Fi Privacy Police version 2.0.1 in a test Nexus 5 mobile device running Android 5.1.1 (build LMY48M). This behavior was present also in previous Android 5.x versions and builds.

The mobile device is connected to a Wi-Fi network and it leaves that physical location. When it returns back after a few minutes, it does not reconnect back automatically to any of the well-known Wi-Fi networks. The location has a few well-known Wi-Fi networks (and access points) it can connect to, and all them have been previously registered in the list of "Known hotspots" (both SSID and BSSID).

Both options "Privacy protection" and "Data protection" are enabled in the app.

If the Wi-Fi interface is turned off and on again, the device automatically connects to one of the well-known Wi-Fi networks.

Unfortunately, I've not had the chance of capturing the Wi-Fi traffic in this scenario to know what it's really going on, but I've preferred to submit this issue and confirm if it is a well known misbehavior.

I've used your app for quite some time now, and I'm sure I've used it on my Pixel with Android 8.0 in the past without issues, though this would have been up to ~mid September 2017

Unfortunately the recent OTA update for the OnePlus 5 has a significant battery drain issue when this app is installed.

Model: ONEPLUS A5000
OxygenOS: v5.0.1
Android: v8.0.0
App: v2.2.4 (from Play)

The screenshot below covers an 8-hour period where I installed and removed the app every so often.
As you can see the "Awake" bar is solid when the app is installed, and significantly more empty when the app is not installed, additionally the battery discharge curve is significantly steeper with the app installed... which is what drew my attention to the problem in the first place (significantly shorter battery life).

I would be happy to collect more data if you like, though I'm afraid I'll need guiding.

Using hoover.pl (from https://github.com/xme/hoover) I was able to receive probe requests from my phone where Wifi Privacy Police is installed and running.
The phone is a Moto G 4G running LineageOS 14.1 with android 7.1.

I wonder if WPP is working because I was able to get 3 probe requests (aka 3 known SSID) from my phone as if WPP was not installed or working.

protection of private life is on in the app.

Or may be I misunderstood what WPP i capable of doing ?

No commits since Aug 3, 2017 and 9 open issues.

Is your project dead?

I tried the latest Wi-Fi Privacy Police (2.2.4) downloaded from Google Play and it doesn't allow any wifi connection to be made.

With both the options disabled (Privacy protection and Data protection) there is no issue and the wifi works as expected. If any of the options is enabled then the wifi connection will be closed. Viewing the connection list, all the hotspots that I have saved and can be accessed have this text written under them: "WiFi Connection Failure".

Also, if Data protection is enabled, pressing Known hotspots shows an empty page. Any attempt to connect to a new hotspot does not trigger a dialog window telling me to trust or not the hotspot.

My phone is a Motorola Moto X Force, Android 6.0

Since upgrading to Android 5.1 (from 4.4, via CyanogenMod 12.1), I have found that my Nexus 5 will not reconnect to the known Wi-Fi when returning into range. The status is, "Wi-Fi connection failure". I must turn Wi-Fi off and then on again to successfully connect. This was working on Android 4.4. I have tested with and without the app installed several times to confirm that the app is causing it.

In Korea the network providers provide free complimentary wifi with data plans to help you cut down on 4g usage. The implementation is a bit strange though. It is an open wifi available almost anywhere, and you need to register your device wlan adapter MAC address. Because it is available almost everywhere it isn't usable with privacypolice. Unless there would be a way to whitelist a wifi so it would connect to it anywhere. Which would somewhat defeat the idea of privacypolice. What do you think?

Do you know in which situations an Android's MAC address is broadcast? For example if I had Wi-Fi enabled but no networks saved, would my device potentially produce a signal with a unique identifier such as a hardware MAC address? Is it possible to use Wi-Fi in a listening mode that allows for use of location services but otherwise undetectable by sensors in my physical vicinity?

I was not able to find the answer to this in the documentation or reddit threads.

Look at this screenshot.

As you can see, there is many unused space around the two switches and the text is rather tight in a small column.
May be you've got this behaviour on other devices.
It is not very annoying but could it be fixed ?

For information, I'm using a Samsung Galaxy S2 with JB v4.1.2 stock ROM.
Thanks for taking this case into account.

With F-droid biild 2.1.1 I observe a new issue.
On one hotspot protected by wpa psk, the connection is instable : i see a succession of connection/deconnection which either never ends or finally succeeds after a couple of minutes.

I do not observe the issue on a WPA2 protected network, nor when the data protection option is turned off.

I tried to clear the list and even the cache and data of the app but it did not solve the issue.

Hi Bram,
I've got an issue on current version of the app.
Here is the scenario :

• I switch off my Wi-Fi on the phone,
• I launch the app --> the main screen appears,
• I select "Known hotspots" --> it takes a long time to display a black screen and then FC.

Can you please check and let me know ?
Thanks again for this very useful app.
La Globule

I suspect this happens because in my Android settings > location > advanced > I disabled 'locationnaccuracy by Google'. This is a setting which directly relates to access point scanning.

I can't tell if wifi privacy policy is working or not or if I even benefit from this app while I have my phone configured not to use wifi based location accuracy. Either way the request for the location permission is confusing, since it is already granted.

I am using Android 10 on a Motorola Moto G7 Plus

Hi,

Is it planned to also distribute the application through the f-droid repository?

Regards.

I'm on CM13 and have a problem with Privacy Police 2.2.3 (from fdroid): The app is constantly scanning in the background. So even when wifi is completely disabled, it keeps scanning every few seconds. Might this be, because I have background wifi scanning always enabled?

Here are some logs:

05-29 02:35:13.473  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:13.486  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -50, frequency: 2412, timestamp: 545672298239, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:13.490  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:15.934  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:15.940  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -51, frequency: 2412, timestamp: 545674761985, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:15.944  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:18.433  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:18.439  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -45, frequency: 2412, timestamp: 545677260553, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:18.442  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:20.930  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:20.936  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -46, frequency: 2412, timestamp: 545679769984, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:20.938  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:23.433  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:23.438  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -46, frequency: 2412, timestamp: 545682261052, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:23.440  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:25.933  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:25.941  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -44, frequency: 2412, timestamp: 545684787584, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:25.944  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:28.432  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:28.460  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -42, frequency: 2412, timestamp: 545687260684, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:28.465  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:30.973  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:31.019  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -39, frequency: 2412, timestamp: 545689761176, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:31.025  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:33.437  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:33.446  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -40, frequency: 2412, timestamp: 545692264686, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:33.450  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:35.938  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:35.953  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -43, frequency: 2412, timestamp: 545694762931, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:35.957  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference
05-29 02:35:38.437  4592  4592 V PrivacyPolice: Ensuring we're still awake
05-29 02:35:38.444  4592  4592 D PrivacyPolice: Wi-Fi scan performed, results are: [SSID: YYYY, BSSID: xxxxxxxxx, capabilities: [WPA-PSK-CCMP][WPA2-PSK-CCMP][ESS], level: -40, frequency: 2412, timestamp: 545697280384, distance: ?(cm), distanceSd: ?(cm), passpoint: no, ChannelBandwidth: 1, centerFreq0: 2432, centerFreq1: 0, 80211mcResponder: is not supported]
05-29 02:35:38.451  4592  4592 E PrivacyPolice: Null pointer exception when handling networks. Wi-Fi was probably suddenly disabled after a scan. Exception info: Attempt to invoke interface method 'java.util.Iterator java.util.List.iterator()' on a null object reference

https://f-droid.org/packages/be.uhasselt.privacypolice/

Does Wifi Privacy Police defend against the Broadpwn exploit?

Having skimmed through the Broadpwn blog post and your papers, this seems to be the case to me, but I would highly appreciate a confirmation.

I understand that Wifi Privacy Police in any case can't provide a complete defense and merely would raise the bar for a successful attack.

Good morning @BramBonne, I am currently using two apps managing WiFi networks: Your great Wi-Fi Privacy Police and another app that I used much longer than yours: Wifi Protector, which unfortunately was not open source and ceased development. I would love your open source app to adopt these features so that I can finally uninstall that old closed-source and unmaintained app. Thank you so much!

Hi,
when is a new version release planned?

Using Kali Linux and a 2Ghz USB wifi dongle with monitor mode, I observed that wifi networks which were installed by the carrier, broadcast whenever I turn my phone on. When I unlock my phone, turn it on, etc... these networks always broadcast, and the WiFi Privacy Police app cannot seem to stop these networks.

Not sure if it's possible to fix this. Testing on a Bell Canada Android phone, "BELL_WIFI" and "509251212" always broadcast probe requests when turning on/unlocking the phone, and are impossible to forget/remove.

This issue completely undermines the effectiveness of the app.

We use MaaS360 (an MDM) on our work devices and it adds our private workplace SSID and password via its policy enforcement. Unfortunately PrivacyPolice ignores this entry in the list of saved networks and never prompts for it. If I delete the network myself and then enter it manually, PrivacyPolice sees it and prompts me to accept the connection, but any update from MaaS360 can overwrite this and then it gets ignored again.

I'm not sure why a 3rd party app adding a network would be any different to doing it manually, but PrivacyPolice doesn't acknowledge them.

Hey @BramBonne, lovely app you've created here! Please make it show it's neat Icon so that I know it runs? I have also added it to my own Android app WIKI on page recommendations. Continue hacking!:+1:

Currently switches still with Holo design even on Android 5.0 and above.

Does this app protect against the attack "Known WiFi beacons" presented at the 34c3? https://events.ccc.de/congress/2017/wiki/index.php/Lightning:Known_Beacons_Wi-Fi_Automatic_Association_Attack

The attack is supposed to be implemented in https://wifiphisher.org/.

Hi I loved the app,

but it is not working property on cyanogenmod 13.

When I connect to a wifi station, it works fine for 2 minutes e suddenly disconnects and never reconnects again.

any sugestions?

Thanks