An Android Change for the Better (Maybe)
Chatty smartphones have been an issue for years. Whether you're concerned with security or performance (or both), the amount of Probing being done by unconnected iPhones, Galaxies and the like has been worrisome.
Today, things have changed. Smartphones don't Probe as much. This is probably for the better, but there could be a catch.
I'm an Apple guy. Even when I was using PCs in college (things were different back in the 90's, I tell ya), it was always because they were free. Once I finally had to buy a computer, I went straight to the very first iBook in 2001. I own an iPod, iPad, iPhone and MacBook Air. My next computing purchase will probably be an iMac (to better record those promised-but-not-yet-delivered online training videos on WiFi that I touted six months ago). So, I like the company. And I like bashing its competitors sometimes. (Not my most magnanimous trait, but nobody's perfect.)
I liked pointing out that Google's Android operating system had worst wireless security than Apple's iOS. Including:
-Apple requires server certificate validation by default for WPA2 Enterprise authentications (even if it is user-controlled), while Android does not.
-Apple smartphones and tablets Probe only for hidden SSIDs, like so:
-Android smartphones and tablets Probe for all saved SSIDs.
At least, they used to.
I was demonstrating the inferiority of Android's wireless security recently when I learned something new. They're not inferior anymore. Some time recently (or, at least in between the time of my previous Android OS update and my recent update to Android 4.2.2) Google changed Android devices' wireless behavior to match that of Apple's. Android smartphones and tablets started Probing for hidden SSIDs and staying quiet for broadcasting SSIDs, like so:
Of course, I was ambivalent. GOOD that Android devices' wireless security has improved! BAD that I can no longer tout Apple devices' wireless security superiority in comparison!
So, there you go. A begrudging admission that Android's wireless security has been shorn up to match the level of Apple's. (In fact, Android's wireless security is even considered superior in some circles because Android has an option to eliminate user-based verification of server certificates during WPA2 Enterprise authentication. But we don't need to discuss that right now.)
But... (and, there's always a But)
...this may actually be bad for mobility.
Apple iOS and Android devices don't Probe unless they connect to a hidden SSID. Nice. But, let's take a step back. Why is Probing in the IEEE 802.11 standard to begin with?
Probing (a process where a client/station device sends a Probe Request frame in order to elicit a Probe Response frame from an access point [AP]) is in the 802.11 standard to facilitate mobility. Roaming. Handoff. Whatever you want to call it when someone moves out of the range of one AP and into the range of another. Probing also helps devices connect more quickly when starting/waking up and can help devices find an AP in areas that are congested with neighboring WiFi devices and APs.
So, Probing can be a good thing. Especially for mobile devices in crowded areas. And now Android devices (like Apple iOS devices) do less of it.
If you say to yourself, "gosh, this iPhone/iPad/Galaxy/HTC One seems to really crap out when I go to a crowded place" (like the Starbucks by my place in Los Angeles), then you might want to ADD Probing to your device. How? By tricking your device into thinking that the SSID is hidden.
That's what I did at my local Starbucks. My phone sends out these Probe Requests...
Today, things have changed. Smartphones don't Probe as much. This is probably for the better, but there could be a catch.
I'm an Apple guy. Even when I was using PCs in college (things were different back in the 90's, I tell ya), it was always because they were free. Once I finally had to buy a computer, I went straight to the very first iBook in 2001. I own an iPod, iPad, iPhone and MacBook Air. My next computing purchase will probably be an iMac (to better record those promised-but-not-yet-delivered online training videos on WiFi that I touted six months ago). So, I like the company. And I like bashing its competitors sometimes. (Not my most magnanimous trait, but nobody's perfect.)
I liked pointing out that Google's Android operating system had worst wireless security than Apple's iOS. Including:
-Apple requires server certificate validation by default for WPA2 Enterprise authentications (even if it is user-controlled), while Android does not.
-Apple smartphones and tablets Probe only for hidden SSIDs, like so:
(That's a Probe Request filter in WildPackets OmniPeek. The SSIDs that you see in those Probe Requests are all hidden SSIDs, with the exception of "Google Starbucks". Read on to learn why my local Starbucks' SSID is showing up in there.)
-Android smartphones and tablets Probe for all saved SSIDs.
At least, they used to.
I was demonstrating the inferiority of Android's wireless security recently when I learned something new. They're not inferior anymore. Some time recently (or, at least in between the time of my previous Android OS update and my recent update to Android 4.2.2) Google changed Android devices' wireless behavior to match that of Apple's. Android smartphones and tablets started Probing for hidden SSIDs and staying quiet for broadcasting SSIDs, like so:
Of course, I was ambivalent. GOOD that Android devices' wireless security has improved! BAD that I can no longer tout Apple devices' wireless security superiority in comparison!
So, there you go. A begrudging admission that Android's wireless security has been shorn up to match the level of Apple's. (In fact, Android's wireless security is even considered superior in some circles because Android has an option to eliminate user-based verification of server certificates during WPA2 Enterprise authentication. But we don't need to discuss that right now.)
But... (and, there's always a But)
...this may actually be bad for mobility.
Apple iOS and Android devices don't Probe unless they connect to a hidden SSID. Nice. But, let's take a step back. Why is Probing in the IEEE 802.11 standard to begin with?
Probing (a process where a client/station device sends a Probe Request frame in order to elicit a Probe Response frame from an access point [AP]) is in the 802.11 standard to facilitate mobility. Roaming. Handoff. Whatever you want to call it when someone moves out of the range of one AP and into the range of another. Probing also helps devices connect more quickly when starting/waking up and can help devices find an AP in areas that are congested with neighboring WiFi devices and APs.
So, Probing can be a good thing. Especially for mobile devices in crowded areas. And now Android devices (like Apple iOS devices) do less of it.
If you say to yourself, "gosh, this iPhone/iPad/Galaxy/HTC One seems to really crap out when I go to a crowded place" (like the Starbucks by my place in Los Angeles), then you might want to ADD Probing to your device. How? By tricking your device into thinking that the SSID is hidden.
That's what I did at my local Starbucks. My phone sends out these Probe Requests...
...because I manually added the "Google Starbucks" SSID to my phone. Instead of tapping on "Google Starbucks", I tapped Settings -> Wi-Fi -> Other... (ellipse in the GUI, not added by me) once I got in line for a Tall Skinny Peppermint Mocha, Hold The Whipped Cream and then typed in "Google Starbucks". I don't know if it helps a whole heck of a lot (Starbucks still uses the darned Captive Portal, which will slow down any wireless connection), but it does optimize a couple of things.
In summary, Android's move to Apple-like wireless behavior is good for security and overall channel performance. But if your problems are mobility and speed of connectivity, then you might want to un-do what Android has done by adding your SSID manually.
***
If you like my blog, you can support it by shopping through my Amazon link or donating Bitcoin to 1N8m1o9phSkFXpa9VUrMVHx4LJWfratseU
ben at sniffwifi dot com
Twitter: @Ben_SniffWiFi
ben at sniffwifi dot com
Twitter: @Ben_SniffWiFi
Cool trick with pre-defined network - will test it on my Android devices :)
ReplyDeleteHere's something you can still tout (I've done it for Android, you can try doing it for Apple, I'm pretty sure it can be done, but I'm over with Apple).
https://arsenb.wordpress.com/2014/12/23/bypassing-android-security-via-backups-psk-recovery/
My opinion, that in consumer-oriented OSes the weakest link in 90%+ of cases is the user, be it insecure backups, approving wonky certificates or plain ignorance (will write another blog entry on that - wonderful utility was released that unlocks your device as soon as it sees 'known' WLAN - you get the idea :) :) )
Read this blog about monitoring apps to get more information on the subject
ReplyDelete