Andy Burnelli wrote:
> e. Enhanced Wi-Fi MAC randomization (turn on for privacy per AP)
> [Note you've also set MAC Address type = Randomized MAC in settings]
Clarification of MAC randomization switches & broadcast _nomap SSID issues.
Below are the gory details that you only need if you desire basic privacy.
Here's what I recommend others set for privacy & functionality:
(again, listed in the order they appear in the developer options)
a. Quick settings developer tiles, Wireless debugging (turn on)
[Interestingly its position in the Android tile remains valid!]
<
https://i.postimg.cc/JhjpnRgh/webdav14.jpg> Tile position returns!
b. USB Debugging (turn on to allow adb connections over USB or Wi-Fi)
c. Wireless debugging (turn on to allow adb connections over Wi-Fi)
d. Disable adb authorization timeout (turn on but it won't matter much)
e. Enhanced Wi-Fi MAC randomization (turn on for privacy per AP)
[Note you've also set MAC Address type = Randomized MAC in settings]
f. Mobile data always active (turn on for faster Wi-Fi:data switching)
g. Default USB configuration (mine is set to "Transferring files")
[Most phones have the default set to "No data transfer" instead.]
h. Select mock location app (turn on & set to your fake GPS app)
As of Android 10+ there's also a new "Wi-Fi scan throttling" option, which
is on by default so that it reproduces Android 9 Wi-Fi scan throttling of
i. Each foreground app can scan four times in a 2-minute period.
(note that this default allows for a burst of scans in a short time)
ii. All background apps combined can scan one time in a 30-minute period.
<
https://betterprogramming.pub/how-to-avoid-wifi-throttling-on-android-devices-494a0cc29dd8>
<
https://github.com/VREMSoftwareDevelopment/WiFiAnalyzer/wiki/Android-WiFi-scanning-throttling>
As always, if you know more than I do about this, please add technical
value, clarify existing value, and correct any mistakes I may have made.
Bear in mind everything works together... just as we do on this newsgroup!
The first thing we need to do is clarify what these _two_ switches above do
in the later Android versions to allow for MAC randomization not only per
AP but also per connection. And I should probably touch on what "static ip"
means too.
Note these switches are in my Android 12 but the first one came in Android
10 (as I recall) while the other was added around Android 11 (as I recall).
Note that the very useful "Wireless debugging" tile came only in Android
12, my point being not all these options will be on any older phone.
CAVEAT: For convenience when using adb to connect a Windows (or macOS or
Linux) desktop to Android, you often set the IP address to "static", which
you can no longer do as easily today from a home router as you used to be
able to do whenever you use random MAC addresses! (Ask me how I know this.)
Most people have their home router set to serve addresses out of a block.
[x] Use Router as DHCP Server
[_] Set Address Reservation per device (see below why this is set to off)
[_] Broadcast SSID (this should always be off for privacy reasons)
Note you can no longer "easily" use "Address Reservation" on a typical
home router because it usually requires locking to a specific MAC address.
What you do nowadays, instead, is set a "static" IP address on Android:
Android12: Settings > Connections > {longpress on} Wi-Fi >
{Press on the gear icon for _each_ access point in your settings}
Auto reconnect = off (this should _always_ be "off" for privacy reasons)
View more > IP settings = static
IP address = 192.168.1.4 (set to whatever address you want)
MAC address type = Randomized MAC
Note this last setting randomizes the MAC address *per connection*.
That is, every time you connect to that SSID, it will have the same
(randomized) MAC address. If this is all you set, then you _can_ use
Address Reservation in your router; but there's _another_ MAC randomizer!
As per this thread, there is another MAC randomizer for _each_ connection!
*Do you turn USB Debugging on the instant you get a new phone?*
<
https://groups.google.com/g/comp.mobile.android/c/c8b0FRvALmo>
When you turn "Developer options" and "USB debugging" as of Android 11+,
you also get the option to set the MAC randomization for _each_ connection!
Android Settings > Developer options > Enhanced Wi-Fi MAC randomization
"Change this phone's MAC address each time it connects to a network
that has MAC randomization turned on."
Note you need _both_ MAC-randomization settings in order to accomplish this
(and it's suggested you also end your SSID with "_nomap" to complete the
privacy steps - which of course, requires you to not broadcast the SSID).
My point in bringing this up to Android, Windows, and wireless newsgroups
is to communicate these wonderfully new privacy-based options which never
existed before, and which therefore require understanding of what they do.
Note: I'm fully aware that hiding the SSID broadcast is not for _security_
reasons, but many people do not realize hiding it is for _privacy_ reasons!
Specifically, most Android phones driving by your home will upload your GPS
location and your unique router BSSID even if you have "_nomap" appended to
the SSID (unique because you want your unique-as-possible SSID to stay out
of voluminous Internet butterfly/hash tables but that's a separate thing).
Even if Google/Mozilla respect the _nomap on the server side... notice that
distinction because it's the whole point that it's _already_ uploaded even
if you have "_nomap" appended (where we can forget nowadays about
_optout_)... there's no guarantee that the others (e.g., Kismet, Wiggle,
etc.) will respect the _nomap optout request).
The solution is to prevent "most" Android phones from even seeing your
SSID, which can only be done by hiding the broadcast - where - if someone
knows what they're doing, of course _they_ will see your (hidden) SSID -
but "most" phones will not _upload_ a hidden ID to the Internet servers,
and that's why you hide it.
Of course, once you hide it, then you have to worry about your phone
constantly trying to _reconnect_ to it (which shouts out your supposedly
unique SSID everywhere you go), so you also need to turn off the
auto-reconnection option in Android - which is very easily done.
Here are some representative screenshots illustrating some of the above:
There is a short description of every option listed above (and others) here
*Explaining every setting in Developer Options* (as of April 2022)
<
https://www.xda-developers.com/android-developer-options/>
In summary, it all works together, and each release of software allows more
privacy options - where this clarifying post is to put some of it together
so that you can understand why each specific switch is set and how it has
ramifications for setting other things on your PC, router, and phone.
--
Posted out of the goodness of my heart to disseminate useful information
which, in this case, is to clarify Android MAC randomization switches.