01
Feb
unnamed

Privacy and technology maintain a tenuous relationship, and the balance between convenient features and personal security is always one worth keeping in mind as users make the most of their devices' capabilities. To that end, Chainfire has released a new proof of concept app that aims to give users at least some peace of mind when it comes to the - for lack of a better term - trackability of their devices, specifically related to Wi-Fi.

As Chainfire explains in a post to Google+, our phones (and other devices) broadcast information about our location, movement, and habits that can be picked up on not just by well-intentioned business owners looking to offer a promotion, but by "crooks, the government, and other shady individuals" who may pair location or network information with other personal info for tracking purposes.

Enter Pry-Fi. The app, which requires root privileges and is for now classified as a proof of concept, is aimed at offering users a solution to potential privacy problems that avoids shutting off your phone's Wi-Fi features. This means you can roam comfortably, still able to automatically connect to trusted networks and enjoy location-aware apps. In Chainfire's own words:

Pry-Fi will prevent your device from announcing all the networks it knows to the outside world, but it will still allow background scanning and automatically connecting to Wi-Fi networks. While you are not connected to a Wi-Fi network, the MAC address will constantly be pseudo-randomized, following a pattern that still makes the trackers think you are a real person, but they will not encounter your MAC address again. This will slowly poison their tracking database with useless information.

Chainfire notes that, when you do connect to a Wi-Fi network, your MAC address will continue to be randomized, and the same address will not be used the next time you connect.

unnamed (1) unnamed (2)

With Pry-Fi, Chainfire may not be providing a solution to a problem that already exists, but instead proposing a way to ensure that potentially malicious tracking doesn't become viable, by muddying potential pools of data. Those who would track may say that they would never use the information maliciously, but as Chainfire notes "we all know that if something can be abused, ultimately it will be." Whether or not you subscribe to this underlying premise, Pry-Fi is a compelling concept, and it will be interesting to see how the tool continues to develop.

Chainfire emphasizes that the app is currently a proof of concept, and its continued development - and indeed existence - is reliant on interest, functionality, and whether the tool remains possible in future Android releases. Those interested can grab the app below. Chainfire encourages bug reports to be contributed to the XDA thread found here.

Source: Chainfire (Google+)

Liam Spradlin
Liam loves Android, design, user experience, and travel. He doesn't love ill-proportioned letter forms, advertisements made entirely of stock photography, and writing biographical snippets.

  • Raymond Berger

    I'd be really interested to see what kind of data trackers have on me.

    • Wesley Modderkolk

      Probably enough to create your profile with something other than a MAC address.

      • antifud

        Your personally identifiable information is a currency that is openly traded with or without your consent. Sadly most people agree to this without realizing it has been the norm for a long time.

    • Patricia Richard

      jսst­&nbspbef○re­&nbspі­&nbspsaw­&nbsptհe­&nbspdraft­&nbsp○v­&nbsp $9913,­&nbspі­&nbspaссeрt­&nbsp...tհat...my­&nbspfrіeոds­&nbspbr○tհer­&nbsp aсtսally­&nbspmakіոɡ­&nbspm○ոey­&nbspрarttіme­&nbspat­&nbsptհere­&nbsp labt○р..­&nbsptհere­&nbspɡreat­&nbspaսոt­&nbspհaz­&nbspd○ոe­&nbsptհіs ­&nbspf○r­&nbsp○ոly­&nbspab○սt­&nbspa­&nbspyear­&nbspaոd­&nbspa­&nbsp sհ○rt­&nbsptіme­&nbspaɡ○­&nbspрaіd­&nbsptհe­&nbspm○rtɡaɡe­&nbsp○ո ­&nbsptհere­&nbspհ○սse­&nbspaոd­&nbspb○սɡհt­&nbspa­&nbspɡ○rɡe○սs ­&nbspոіssaո­&nbspɡT-R:.­&nbspread­&nbspm○re­&nbspat,...&nbspWW&#87&#46Googleprojects2014addtoemr1noi&#x2E&#113&#114&#x2E&#110&#101&#x74&#47&#109&#x4Bl&#106/

      ◭◭◭ ◭◭�◭ ◭◭◭ ◭◭◭◭ ◭�◭◭The main argument for doing this was 'because they can'. So this app comes at the perfect time.

  • Phillip Burns

    I thought there was some legal issues with spoofing your MAC Address?

    • Fabian Pineda

      Nope. Maybe you're confusing it with changing the IMEI?. MAC Address spoofing is very common and even helpful.

      Plus, Android Police wouldn't be sharing an app that essentially allows you to break the law... The irony would be delicious...

      • Laguna

        Not breaking laws per se but the policies of your isp or online services like playing games online as people have used mac address spoofing to get back into forums and games they have been banned from and such.

        • Bakaouji

          Wat. Mac Addressing is a physical address at Layer 2, it has nothing to do with IP addressing - which is what web servers would see.

      • Phillip Burns

        Thanks for the clarification.

    • ssj4Gogeta

      No, there aren't. In fact, your router probably allows you to set its MAC address.

  • lusky3

    So if I use Mac address filtering in my network, this could cause a lot of issues. I was hoping it would use the original Mac when you connected to a known network (maybe in the future a white-list feature that you can say which networks you want to use your real Mac on).

    • http://twitter.com/geoff5093 Geoff Johnson

      Or don't use Pry-Fi on your network...

      • lusky3

        So turn it off/on every time you get home/leave home? My school also Mac filtered, so turn it on/off there too? A whitelist option makes more sense.

        • Sasquatch4ever

          Your school uses Mac filtering? That hasn't been a legit form of security in a loooong time.

          • http://the-jade-domain.com Jaime J. Denizard

            It still raises the barrier to entry. Not every freeloader out there knows how to spoof a MAC address.

          • HopelesslyFaithful

            some are too lazy to bother to take the time to do it even though it is a fairly easy google. You leave a laptop on top of your car ANYONE will take it. you leave a laptop locked in your car only a few determined individuals will bother

          • H.M-PennyPacker

            It does not raise the barrier to entry in any meaningful way unless a MAC whitelist is the *only* security you are using. Even recovering a WEP key involves many times more effort than changing your MAC, so in other words you are seeking to protect yourself from someone who will spend several minutes to days recovering your key, but throw in the towel upon realising they need to spend a couple of seconds changing their MAC to one of the bunch they have been staring at for the duration of the excersize.

            (actually in WEP's case they've likely spoofed a clients MAC anyway because one of the methods for speeding up the attack requires it).

          • http://the-jade-domain.com Jaime J. Denizard

            It just so happens certain institutions (Like my alma mater) do have some of their APs set up to where the only "security measure" is MAC-address filtering.

            Yes, it's basically useless but it serves its purpose: Only people with registered MAC addresses (read: students & staff) and people that have the technical know how (read: not the majority of people looking to leech off their free Wi-Fi) can use those APs.

    • Chris

      you can go under manage networks and change the settings

    • lusky3

      I withdraw my comment, there is a whitelist option that turns off spoofing for selected networks. I only went by the line "when you do connect to a Wi-Fi network, your MAC address will continue to be randomized".

  • firesoul453

    This look cool

  • Bala

    this man is a genius

    • hyperbolic

      Indeed. a simple app yet amazing idea.

  • ExpatriatesSale

    Awesome informatics. Cooll :)))

    http://www.expatriatessale.com/
    ExpatriatesSale offers local classified ads for
    jobs, for sale, real estate, services, community and events - Post your
    classified ad for free.

  • blackk

    Nice concept app. Raises awareness. But lets face it, most people (including me) don't care enough to put it to daily use.

  • fonix232

    The only problem is that by my information, changing the physical address of a device (spoofing the MAC address) is illegal in most EU countries and the US.

    Besides that, this would let people go around MAC-filtered trial systems (e.g. airports, hotels, etc.), for which the owner of these will not be happy.

    Also, there's a slight chance of bumping into someone with that specific MAC address at the same place, and ending up with their packages. I believe just like with IPv6, soon we're getting MACv2, or a better identification method.

    • Cuvis

      I have no idea how the law is in the EU, but I don't believe there is any such law in the US. In fact, most network cards and routers sold in the US have the capability to change their MAC address baked in. There may be specific instances where it is illegal (for example, to fraudulently obtain services from airports or hotels like you mentioned in your post), but I'm pretty sure there's no blanket ban.

      As for the possibility of duplicating a MAC address on the same network, considering there are over 280 quadrillion possible MAC addresses, I highly doubt this will be an issue for most people.

    • ssj4Gogeta

      What are the chances of you being able to guess the specific addresses allowed in MAC-filtered networks, given that there are 2^48 (281 quadrillion) possible MAC addresses?

      • Fabian Pineda

        It's very simple, really. As an IT consultant, one of my previous clients once asked me to find all the possible ways by which I could infiltrate their wireless (among other things).

        First thing I did was call the office pretending to be an IT representative and directed a receptionist to her MAC address on a generic AIO PC... And this is a private Bank we're talking about. Everywhere at all times there is someone ready to give up confidential information.

        It's a lot of work to just steal internet, but people who would spoof a MAC... They're not looking to do that...

    • Mark Jepson

      English solicitor here. As a lawyer, I can only speak for England and Wales, but it is NOT illegal to spoof your MAC address. Changing the IMEI number on your phone is, but this is not IF YOU DON'T USE IT TO THEN DO ANYTHING ILLEGAL.

      If you are just changing it to, say, prevent tracking, there is nothing wrong with that. But using it for using MAC-filtered trial systems would be.

      Remember: it's not changing the address that is illegal, but what you do with it when it's changed. Ask yourself: are you "stealing" anything or obtaining access to something you should not?

  • Max

    Actually, a big Dutch chain store was revealed this week to employ wifi tracking of people who passed by or entered the store to get detailed analytics of how many people got into the stores and bought stuff.
    The main argument for doing this was 'because they can'. So this app comes at the perfect time.

  • Jeric Garcia

    Does this mean that i will be able to connect on a Mac filtered WIFI connections nearby?

    • Segroukin

      Yes

  • HopelesslyFaithful

    I wonder what ruddock would say....useless app and no one cares? Further feeding the paranoid? At least this informative article wasn't written from him. He would have bastardized this to all levels i bet.

  • Segroukin

    Welldone chainfire, you're a genius!

  • troy

    can anyone post a link to a usable apk. for this software. my phone is off line and no apk. i found was safe.