The state of Pry-Fi
Posted on 2014-06-09, 46 comments, 226 +1's, imported from Google+/Chainfire

NOTICE: This content was originally posted to Google+, then imported here. Some formatting may be lost, links may be dead, and images may be missing.

iOS 8 reportedly having MAC randomisation seems to have renewed some base interest in Pry-Fi - since that news broke I've had a lot of questions about it, like why it hasn't been updated, when will it be, where is the promised OSS version, etc.

During the development and testing of Pry-Fi I've learned a lot about the operation of Wi-Fi on Android devices that I previously thought worked differently. Pry-Fi's implementation is rather naive and has some significant design issues.

If I had to rebuild it today, I'd build the core completely differently. That's the primary reason I have not OSS'd it either - even if someone else picked it up, it would be better to start over, as the current design's issues do not seem to be fixable without doing that anyway.

Back when, I did spend quite some time prototyping the replacement design, mostly inspired by +Kevin Cernekee 's ever present efforts in the Android security area. There are however still a couple of issues with the new design as well...

  • A fairly large share of Android devices simply does not support changing MAC addresses, and the drivers simply lie about it. I have not discovered a way to detect this, resulting in unexpected behavior for the end-user. iOS has this much easier as there is little hardware variance. Note that disabling all your known networks being spewed out at regular intervals alone is still fairly easy doable for most (all?) devices.

  • At least on stock Samsungs, all configured networks will be lost. This is because Samsung actually uses the wpa_supplicant binary itself as seed for the encryption of the network configuration (and we need to replace/proxy it). That would have to be reversed or worked around in some way. I have some new untested ideas on that, but the ones I tried in the past have been far from ideal. The vocal community keeps whining about whatever Samsung does and how bad they are, but in the end there are still more rooted users on Samsung than on any other OEM, so I'd rather not cause major breakage like this unless absolutely necessary.

  • While it could still be made to work on rooted 4.4.3, I suspect it will be harder on AOSP with the new SELinux policies, and that difficulty will increase with every future Android version. The guys working on the policies keep improving them, and while SELinux policy changes mostly come down to root apps requiring significantly more hoop-jumping rather than things actually becoming impossible to do, it does add significantly to development and testing time, as well as complexity.

( Before some of you scream bloody murder about SELinux only making things more difficult without fixing security holes, realize that that is only the case from the perspective of a root app running as kernel and/or init. It does add significant protection from exploitable holes in 'lower' contexts. So please don't start that line of 'discussion' again in this thread )

  • There's always the root app vs framework question. Code-wise, those would be two very different implementations. I usually prefer building root apps as they have a much wider target audience than a source patch would have (initially), but in the end are far less ideal to have.

In the end though, a very big reason for not doing the work on the rewrite is that there has been virtually no interest in it. How vocal the community is rarely translates directly to app popularity, and while it has received significantly more coverage by news sites when it came out than most of my apps have gotten, only very few people have given it a shot. You can imagine it is thus not very high on my ever-lengthening to-do list. I have apps with more users backing single minor feature requests than Pry-Fi has interested users in total, so the development time I have that isn't allocated to contract work I feel is best spent elsewhere.

Even if there would suddenly be significantly more interest due to the iOS news, I'd still be hard pressed to find time to do it this summer. Of course, if somebody else wants to do it, you are more than welcome to it - the base is not that complicated, just fairly heavy on testing time.

Disclaimer: this is a pre-coffee Monday morning post ... :)

Sébastien Garcia commented on 2014-06-09 at 06:51:


Jason Rayner commented on 2014-06-09 at 07:06:


Søren Holm commented on 2014-06-09 at 07:10:

I agree that it'd probably not be commercially viable at this point. I believe the interest is there, but it's the sort of feature people just expect to be present at os level.

Pete Le Boydre commented on 2014-06-09 at 07:17:

You people at Chainfire do a outstanding job I use Pry-fi on a regular basis on public wi-fi net work's and love it so job well done thank you

Matt Martin commented on 2014-06-09 at 07:22:

Weird I was just looking at this app in the play store today after installing StickMount (thanks for your work on that btw, its a handy app!) and it really sparked my interest as I like to keep my electronic fingerprint to a minimum. Don't understand why the major companies want to know your location when you aren't using a specific app that needs it, like navigation for example.

Chainfire commented on 2014-06-09 at 07:51:

+Paul Morris You misunderstand, there is no code like that to give away. If I had that nearly built already I would just release it. I only tested all the cases to figure out how I should build the new code, but never got around actually doing it.

Micheal May commented on 2014-06-09 at 08:10:

+Chainfire I personally can say ur app rocks. Oversea holiday, multiple public. WiFi and if I could gain info from other users, I knew others could do it faster and better... So thx u for making a great app, that works #n5

Craig D commented on 2014-06-09 at 08:16:

Maybe you could open source this and ask the Omnirom team to improve upon it. They could then embed it in their Rom. I know your a fan of Omni as you contributed to the delta update engine :)

Wolfgang Schwach commented on 2014-06-09 at 08:54:

Too sad that barely anyone seems to be interested in this. I think this functionality should be part of all mobile systems and would hope at least for the major Android custom ROMs to include this on a system level.

Tony Z Tan commented on 2014-06-09 at 10:45:

Too bad to see the halt of development. I really like the app and am still using it to protect my privacy. It works perfectly on the Nexus 5.

Jonathan Scruggs commented on 2014-06-09 at 10:57:

+Chainfire Google should higher you to bake this feature into AOSP then all devices could use it.

Craig D commented on 2014-06-09 at 11:00:

+Björn Petersen Well ya never know let's cross our fingers and hope chainy may change his mind :)

Peter Dräger commented on 2014-06-09 at 11:25:

I loved pry-fi app, but since i used my wifi passwords got lost randomly. I tested only 4 weeks with Nexus 5, Paranoid Android (Version when Pry-Fi was released)

Eduardo Soares commented on 2014-06-09 at 13:07:

I know your feelings about the Wifi drivers problems. In my recent past I created a Root app that talked closely with the wifi driver and after some tests I found allot of different behavior from device to device. (At least for what I was doing. )

Like in some Samsung devices the wpa_supplicant and the wpa_supplicant.conf is in a different location  and name. (But you can work with it exactly the same. )

Could you talk to the wpa_supplicant via wpa_cli binary maybe do it more compatible? 

Also from the viewpoint of security the device shouldn't broadcast the configured networks (the user needs to tell that it wants to connect explicitly).  I don't know if Pry-Fi does this.

But thanks anyway for the app, I'm not a user but would consider it.

Marcel Treu commented on 2014-06-09 at 13:29:

I use it and would love an update

Sam Nicarry commented on 2014-06-09 at 13:35:

+Chainfire Thank you for ALL the work you do for us. I love what Pry-Fi has been able to do for me since it came out.

Michael McDonnell commented on 2014-06-09 at 18:11:

I bought the app because I think it would be nice to have some control returned to the end users. I hope that you decide to not give up on this.

Ruben Kan commented on 2014-06-09 at 19:45:

I too hope Pry-Fi would be continued eventually. It's actually useful to me. I like to use it in locations where they give time-limited Wi-Fi. The difference between Pry-Fi's method and iOS 8 is Pry-Fi will actually use the random MAC to make a connection, whereas AFAIK, iOS will revert back to the original MAC when the device actually wants to connect. This is a significant difference and does more for privacy than iOS.

Tom Muir commented on 2014-06-09 at 20:03:

Thanks for the work you put into the app. I've enjoyed using it and it has been a great help.

Michael Bürschgens commented on 2014-06-10 at 06:28:

I tested your app just when it came out and it prevented my phone from getting any WiFi connection. So I uninstalled it and waited for a more mature version. Then I realized that development seemed to have stopped while the app still being non-usable. I lost interest on Pry-Fi. What else do you expect?

Michael Bürschgens commented on 2014-06-10 at 08:05:

+Paul Morris I just tried to give a hint why Pry-Fi probably is a low interest app. I started enthusiastic with it but it killed all wireless connectivity so the enthusiasm went away.

Chainfire commented on 2014-06-10 at 08:34:

+Michael Bürschgens as stated, on some hardware it simply cannot work because the hardware refuses to change the MAC address, though they claim they did. This results in sync issue with some part of the system thinking one MAC is used, and other parts another MAC. This results in loss of all Wi-Fi functionality (until reboot). The maturity of the app has nothing to do with that, it simply cannot be fixed on the app/customfirmware side.

Yes, I understand there are some major issues with it (I posted so myself, didn't I ?) and it's frustrating for users and makes you lose interest. That was however not the point about low interest.

You tried it, found it lacking, and ditched it - but you're already in the group who was interested. What I was saying is that the number of people who even downloaded and tried (which includes you) was exceptionally low, especially compared to how much publicity it got at release.

What that tells me is that the average (root!) user just really doesn't care about this stuff much, awesome as it may be (when it works)...

Anssi Saari commented on 2014-06-10 at 08:49:

Well, it's a shame about the lack of interest in Pry-Fi. I did try it out but quickly disabled when it seemed I couldn't connect to my home network any more... I don't think it does much for security but I like the idea of kicking the overwatch in the shins. 

Oh, some people have fiddled with this sort of thing before but by using command line scripts. Basically calling ip or ifconfig, I forget which.

Wilco van Rossum commented on 2014-06-10 at 10:10:

Well when finding out about the app I downloaded it right away and used it actifly inside AH and Mediamarkt .. totally loved the idea of your app

Grant Rees commented on 2014-06-10 at 15:30:

I've had it installed on my N4 since you released it. It appeared to be working but now I'm not so sure. 

Anyway thanks for all your work for the Android community. Keep coming with the innovative ideas, even though not all may pan out.

Nav Gi commented on 2014-06-10 at 16:33:

+Chainfire +Michael Bürschgens I have been using pry-fi since it was debuted and I know that I lost my password. But if you reboot your device its all fine as explained by +Chainfire or you can toggle on-off  in wifi setting. I love this app becz of freedom to be safe on public network.

Mark Adams commented on 2014-06-11 at 19:15:

This is the first I have heard of it! Although I have tried to get nearly all Chainfire's apps, somehow I missed this one. Anyway I've just installed it on my S4 and it works just fine, so I've gone Pro on it by way of support. My office router throws me off though, since only registered MAC addresses are allowed by it (for security of course!).

SheemOn Shapiro commented on 2014-06-16 at 00:17:

A couple of comments:

A) This is an essential program. One could argue with the

  usefulness, but improving security and reducing exposure

  are important.

B) Android is not "Open Source". It is "Source Available

  Sometimes".  The moving target described here is the


C) The app installs on my Nexus 7-2013, Android 4.4.3 but

  causes system reset (panic?) Within minutes of booting.

D) +Chainfire; you are a fine programmer

John Dharren commented on 2014-06-25 at 19:10:

good job

David Kokua commented on 2014-06-26 at 23:10:

So... what is the current status of this MAGGOTRY???

mark webber commented on 2014-07-01 at 02:01:

pre-coffee anything is rather impressive :)

btw great read, thanks

André Brock commented on 2014-07-03 at 17:16:

I'd pay for it again if you continued development.  I wish more people understood how important masking WiFi is for privacy concerns.

Chainfire commented on 2014-07-03 at 23:09:

+André Brock +Kahn Knight well there might be some good news in the pipeline, stay tuned

frédéric Wouters commented on 2014-07-04 at 08:40:

Hi, I have an HTC one M7 with CM11 M7, supersu 2.0, and pryfi 1.20, and it don't really work, I always have to reboot the phone with pryfi disabled, and after that I can enable pryfi, but sometimes after a sleep state wi-fi don't work no more and I have to reboot again

Steve Samson commented on 2014-07-04 at 14:34:

You got namechecked by the +Electronic Frontier Foundation today that might renew interest.

Bryan Burt commented on 2014-07-15 at 14:34:

I really just want to thank you for everything you've done. Just the ideologically behind Pry-Fi and your efforts to keep others privacy maintained. I could go on and on to the many awesome apps I use that you've created. CF-auto root, 500 firepaper, superSU, mobile Odin. Don't mean to get off base. I was very impressed by your vision with Pry-Fi and android security. That alone is remarkable. Keep up the good work! AND ANYONE, with a Samsung device, do yourself a favour and check out the many useful tools and applications offered by Chainfire

Gert Krein commented on 2014-08-23 at 00:21:

using the oneplus one but device cant find any network...pry fi 1.20; cyanogenmod 11.0-XNPH33R, Android 4.4.4

gil andrew navarro commented on 2014-09-07 at 03:33:


Michael Aronoff commented on 2014-10-25 at 19:55:

I would love to see an update for PryFi for Android L. I am running the latest preview and I get the message: "Could not gain WRITE_SECURE_SETTINGS permission, we need that!" I am fully rooted and other root apps work. Thanks!

Andrew Wilson commented on 2014-11-11 at 03:16:

I think the concept of PryFi is outstanding.  I also think the lack of community demand is a reflection of how poorly most people value their privacy.  At the end of the day, I thank +Chainfire for showing us what is possible (if difficult) and I concur with his decision not to waste energy developing something that's technically complex and yet of apparently little public interest.  

Thanks for what you do for the Android community sir.

Alan hat commented on 2015-01-03 at 06:03:

I'm registering my interest here & I shall 'follow' the XDA thread.

I'm not installing yet because I haven't yet made sense of the faults that users are posting & my phone has fragile WiFi. It's looking like it could be user error, but I'm not sure & I can't afford to lose WiFi.

I have Star N9599T (MediaTek MT6589T chipset), stock ROM, rooted with SuperSU

Andrew Wilson commented on 2015-01-03 at 19:08:

I love the concept, but this app made my wifi connections unstable.  It might be worth using once or twice for specific locations, but I would not leave it permanently on.

Corey Thompson commented on 2015-09-21 at 20:57:

Just wanted to let you know that there are still many people (in my circle at least) that would appreciate some love for this app. Just replaced my N5 (R.I.P. D': ) with a Moto G and it's not functioning.. It's actually impacted my day to day life significantly, as well as a few others I know that recently had similar situations. As always, the hard work is much appreciated!!

Damien H. commented on 2015-11-17 at 00:08:






Faiz Haidar commented on 2016-09-05 at 15:24:

Can you help me??

My wifi and tehering can't turn on after using pry-fi

MrNuel Nuel commented on 2017-01-01 at 21:33:

This destroyed my wifi. Please help me get it back on

This post is over a month old, commenting has been disabled.