Free WiFi points in public places are becoming more common, if not trivial. Practices where these locations are poorly covered by the 3G / 4G antennas of the operators, they are not only present for the well-being of the customers since they also allow the shopping malls – among others – to know very precisely where they have traveled the buyers. But as French researchers have shown, it is not enough simply to disable the WiFi on its Android smartphone to no longer be traced.
If it’s free … You know the rest. And the adage is never as true as for the free WiFi that one can find in malls. Strategically located, they allow customers to track exactly where they are most visited and where they spend the most time, and collect valuable data to improve – among other things – their turnover, or even why not to display targeted advertising.
For Android, cutting WiFi does not mean that it should not be looked for anymore
But as shown by a study by INRIA (available in English and PDF at this address) published ten days ago by three French researchers, it is not enough to cut the WiFi of his phone to become invisible. This study, titled “Does Wi-Fi deactivation prevent my Android from broadcasting Wi-Fi frames? , Shows that “another option, called” Always allow scanning “, allows the device to send frames even if Wi-Fi is disabled, thereby exposing the user to Wi-Fi tracing”.
To sum up, cutting the WiFi out of his phone is not always enough to escape a tracing. Indeed, even cut, some versions of Android, continue to send “probe requests” via a more or less hidden option named “Always allow scanning”. With it, Android constantly scans the surroundings in search of WiFi points, even when the WiFi is no longer activated on the phone. These “probe requests” contain the MAC address of the phone, which is unique to each phone. It is then easy for the one who owns the WiFi terminals to easily track down a single user.
The puzzle of different versions of Android
If the study focuses on a very small number of Android smartphones (Samsung Galaxy S3, Nexus S, Lenovo Moto G5, OnePlus One), it shows mostly the disparities between the versions of Android and the options of the interfaces manufacturers built on these smartphones. On older phones, which have versions 2.2 or 2.3 of Android, the option “Always allow scanning” simply does not exist. They can not therefore be traced.
But on the newer smartphones, this option is present. The problem is that it is not always easy to disable it, nor always possible to disable it. This is the case, for example, with the OnePlus One – where the option is nowhere present in the menus – and the (old) Nexus S which, even after the option is disabled, continues to issue probe requests.
As for other smartphones that allow to disable it, the option appears under various names depending on the version of Android and especially the interface manufacturer. On my Galaxy S7, go to Connections> Position> Improve Precision> Wi-Fi Analysis. But on an Xperia X, go to Location> Search (in a hidden menu at the top right of the screen) > WiFi search. Difficult to make more difficult access. It’s much simpler on iOS, since it goes to the Privacy menu where you can manage the main location settings of the phone.