This app was mentioned in 32 comments, with an average of 22.09 upvotes
https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice
Prevents you from surreptitiously connecting to rogue wireless access points [on android]. It keeps a locally stored geotag of every AP you authorize, and if that doesn't match when you detect it again, you're asked if you expect to see it there. Kind of handy.
Just one app to recommend this week, one that is essential for everyone but which is easy to forget is there. I'm going to copy below the Play Store info which does a better job than I could do of explaining the benefits:
......
Wi-Fi Privacy Police prevents your smartphone or tablet from leaking privacy sensitive information via Wi-Fi networks. It does this in two ways:
It prevents your smartphone from sending out the names of Wi-Fi networks it wants to connect to over the air. This makes sure that other people in your surroundings can not see the networks you've connected to, and the places you've visited.
If your smartphone encounters an unknown access point with a known name (for example, a malicious access point pretending to be your home network), it asks whether you trust this access point before connecting. This makes sure that other people are not able to steal your data.
View their paper at https://doclib.uhasselt.be/dspace/handle/1942/17224 for more technical information.
Yeah, I think the bot is having a nap
https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice
I've used this for a couple of weeks now and in my previous experience of using Pryfi found it much more stable. I do believe it's my ROM that was playing havoc with me though so I imagine it's YMMV.
Ooh, I know this one!
Your devices find known networks via one of two mechanisms: either "seeing" the network via a broadcast from the router or by sending out a probe and waiting for a response. If your device is configured to connect to a hidden SSID it will actually send out more probes trying to find the network, making it more susceptible to a MitM (man-in-the-middle) attack.
Imagine this:
Visible SSID, device doesn't need to probe because the router broadcasts:
> Router: Hello, world! I am broadcasting information about my network!
> Computer: I see that you are broadcasting information about a network I already know! I would like to connect to you.
> Router: "Okay. Initiating secret handshake."
Hidden SSID, device needs to probe because the router does not broadcast:
> Computer: "Hello...? Is anyone there? I'm looking for a network named [SSID]. Are you there, [SSID]?"
> Router (or attacker): "Why yes, here I am. Let's do our secret handshake."
> Computer: "Awesome, here goes!"
Edit: If you're running Android, there's an app named Wi-Fi Privacy Police that stops your device from sending out probes and will ask whether networks it knows about should be visible so your phone doesn't automatically try to connect to every "linksys" it sees.
I use WiFi Privacy Police app https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice
It does two things:
There's a great video with examples of why that app is necessary https://youtu.be/2GpNhYy2l08
Guy did an AMA a while back and talked about this. I think he was on the team that developed this: https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice its definitely helped me prevent autojoining random WiFi access points.
Good suggestions.
I like Wi-Fi Privacy Police. (I have nothing to do with them, just a happy user):
Wi-Fi Privacy Police prevents your smartphone or tablet from leaking privacy sensitive information via Wi-Fi networks. It does this in two ways:
Hi! Original developer pitching in here.
Wi-Fi PrivacyPolice actually does a bit more than just asking you to connect. For example, it makes sure that your smartphone is not broadcasting the list of wireless networks when these networks are not available. Moreover, it will only ask you to connect when it encounters an unknown access point with a known network name. You can find more information in the papers which are linked on the Google Play listing.
Please let me know if you still have doubts about the effectiveness of Wi-Fi PrivacyPolice after reading, I'd be happy to discuss this with you :-)
Best OSes for privacy/security:
-iPhone (negative: proprietary; can't be assured of integrity, see here for why open source is better)
-CyanogenMod (negative: finding hardware)
-Blackphone (negative: maturity? have to use the blackphone apps which cost $)
Must have Apps:
-Wifi Privacy Police (only available on Android/Cyanogen)
-Signal/TextSecure/RedPhone
Useful Apps
-ChatSecure
-Peerio
Your device would try to connect to it, send it your password and possibly fail to connect. The rogue device would then be able to catch your password.
There is little you can do about it - but there is, e.g. on Android with the Wi-Fi Privacy Police app but it is impractical if you are connected to a network with a lot of access points, because you would have to authorize every one of them.
I've been using an app called WiFi Privacy Police on my Android for a while now for this very reason. Maybe there's a similar or better one out there.
I own a v410 and the automatically reconnect to the last wifi on boot thing as fixed in one of the september builds, at least for me. I've updated a couple of times since then, currently on a november build and it's working, when rebooting or turning the device on. A couple of builds ago it still took a bit to automatically start the wifi on boot, but lately it has been quite fast when doing it. Also, not exactly sure if this could have done anything to it, but I'm using an app called Wi-Fi Privacy Police.
Are you near an ATT hotspot or any hotspot you generally connect to? Might be a long shot but the wifi privacy police app was a mandatory add for myself, it required little permissions and otherwise I'd always be connecting to an ATT hotspot when going by.
GL
On Android, there's the open-source Wi-Fi Privacy Police and for obfuscation purposes, there's the root app Pry-Fi, although it's not entirely stable on my M8.
That's why this Android app is invaluable: https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice
From the app description:
Wi-Fi Privacy Police prevents your smartphone or tablet from leaking privacy sensitive information via Wi-Fi networks. It does this in two ways:
Wi-Fi Privacy Police does not have any negative impact on your battery. In fact, you may see your battery life increase by using this app.
View our paper at https://doclib.uhasselt.be/dspace/handle/1942/17224 for more technical information.
Wi-Fi Privacy Police is an app developed at the Expertise Center for Digital Media, a research institute of UHasselt. It is open source, with its source code being publicly available at https://github.com/BramBonne/privacypolice .
Do you mean Wi-Fi Privacy Police?
I use WiFi Privacy Police Google Play/F-Droid made by Bram Bonné
For those interested, there's an app to prevent this.
Generally, I would advise you to use apps that respect your privacy, don’t track you and don’t include ad banners. If you are using an app that is violating your privacy, it is already too late. You can try to fix a few things using XPosed modules, but this should only be used as an additional measurement. An app that is spying (or potentially spying) on you should just be removed.
By any chance have you/do you use this:
https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice
It worked well on Marshmallow; I've not had a chance to properly test it on CH/nougat....
"...Wi-Fi Privacy Police prevents your smartphone or tablet from leaking privacy sensitive information via Wi-Fi networks. It does this in two ways:
Wi-Fi Privacy Police does not have any negative impact on your battery. In fact, you may see your battery life increase by using this app.
View our paper at https://doclib.uhasselt.be/dspace/handle/1942/17224 for more technical information.
Wi-Fi Privacy Police is an app developed at the Expertise Center for Digital Media, a research institute of UHasselt. It is open source, with its source code being publicly available at https://github.com/BramBonne/privacypolice .,,,"
How deep into the rabbit hole would you like to chase?
Wi-Fi Privacy Police has looked into AP MAC Spoofing/MITM.
You could create an app that for App security via Network monitoring and alert user on http calls. (although this sounds like a proxy in nature)
You could do CM Privacy Guard, which doesn't look to have any pubs on it.
Depending on your chops, you could look at modules in the AOSP codebase for known issues. Could do some assessments of vender frameworks and where their hooks lie, etc.
Or you could let your audience do the work for you (i.e. a survey) in regards to their own security practices (e.g. screen locks, password management, root, unlocked, etc.) and get in contact with professionals and ask them their suggested security practices.
EDIT: Forgot the other thing I was going to mention, dissecting android apps. Example and discussion on /r/netsec, discussion on /r/androiddev - The post appears heavily redacted at request of Subway management since original post, but does give some insight
Prevent WiFi leakage to other devices https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice
Wifi Privacy police? https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice&hl=en
The answer to that is very simple. Technically you never need to send your real phone MAC to anybody.
There are a couple of root apps that attempted to solve this problem (WiFi Privacy Police, Pri-Fy).
In case you're wondering why Google keeps mucking about with pseudo-random MACs and half-assed measures like that, instead of doing what the apps above are doing, the answer is simple. Google currently runs a tracking network consisting of every functional Android device in existence. They collect the location and identity of every Android device owner, constantly. They use this for various purposes. Some of the public-facing ones are things like traffic information in Maps and Waze, as well as improving their location services by matching wifi APs with geographical location. Making all Android devices stop disclosing their real MAC would mess up their tracking, so they'll never do that.
For those on Android:
https://play.google.com/store/apps/details?id=be.uhasselt.privacypolice
Have you tried WiFi Privacy Police?