NOTICE: This content was originally posted to Google+, then imported here. Some formatting may be lost, links may be dead, and images may be missing.
iOS 8 reportedly having MAC randomisation seems to have renewed some base interest in Pry-Fi - since that news broke I've had a lot of questions about it, like why it hasn't been updated, when will it be, where is the promised OSS version, etc.
During the development and testing of Pry-Fi I've learned a lot about the operation of Wi-Fi on Android devices that I previously thought worked differently. Pry-Fi's implementation is rather naive and has some significant design issues.
If I had to rebuild it today, I'd build the core completely differently. That's the primary reason I have not OSS'd it either - even if someone else picked it up, it would be better to start over, as the current design's issues do not seem to be fixable without doing that anyway.
Back when, I did spend quite some time prototyping the replacement design, mostly inspired by +Kevin Cernekee 's ever present efforts in the Android security area. There are however still a couple of issues with the new design as well...
-
A fairly large share of Android devices simply does not support changing MAC addresses, and the drivers simply lie about it. I have not discovered a way to detect this, resulting in unexpected behavior for the end-user. iOS has this much easier as there is little hardware variance. Note that disabling all your known networks being spewed out at regular intervals alone is still fairly easy doable for most (all?) devices.
-
At least on stock Samsungs, all configured networks will be lost. This is because Samsung actually uses the wpa_supplicant binary itself as seed for the encryption of the network configuration (and we need to replace/proxy it). That would have to be reversed or worked around in some way. I have some new untested ideas on that, but the ones I tried in the past have been far from ideal. The vocal community keeps whining about whatever Samsung does and how bad they are, but in the end there are still more rooted users on Samsung than on any other OEM, so I'd rather not cause major breakage like this unless absolutely necessary.
-
While it could still be made to work on rooted 4.4.3, I suspect it will be harder on AOSP with the new SELinux policies, and that difficulty will increase with every future Android version. The guys working on the policies keep improving them, and while SELinux policy changes mostly come down to root apps requiring significantly more hoop-jumping rather than things actually becoming impossible to do, it does add significantly to development and testing time, as well as complexity.
( Before some of you scream bloody murder about SELinux only making things more difficult without fixing security holes, realize that that is only the case from the perspective of a root app running as kernel and/or init. It does add significant protection from exploitable holes in 'lower' contexts. So please don't start that line of 'discussion' again in this thread )
- There's always the root app vs framework question. Code-wise, those would be two very different implementations. I usually prefer building root apps as they have a much wider target audience than a source patch would have (initially), but in the end are far less ideal to have.
In the end though, a very big reason for not doing the work on the rewrite is that there has been virtually no interest in it. How vocal the community is rarely translates directly to app popularity, and while it has received significantly more coverage by news sites when it came out than most of my apps have gotten, only very few people have given it a shot. You can imagine it is thus not very high on my ever-lengthening to-do list. I have apps with more users backing single minor feature requests than Pry-Fi has interested users in total, so the development time I have that isn't allocated to contract work I feel is best spent elsewhere.
Even if there would suddenly be significantly more interest due to the iOS news, I'd still be hard pressed to find time to do it this summer. Of course, if somebody else wants to do it, you are more than welcome to it - the base is not that complicated, just fairly heavy on testing time.
Disclaimer: this is a pre-coffee Monday morning post ... :)
think
Word
I agree that it'd probably not be commercially viable at this point. I believe the interest is there, but it's the sort of feature people just expect to be present at os level.
You people at Chainfire do a outstanding job I use Pry-fi on a regular basis on public wi-fi net work's and love it so job well done thank you
Weird I was just looking at this app in the play store today after installing StickMount (thanks for your work on that btw, its a handy app!) and it really sparked my interest as I like to keep my electronic fingerprint to a minimum. Don't understand why the major companies want to know your location when you aren't using a specific app that needs it, like navigation for example.
+Paul Morris You misunderstand, there is no code like that to give away. If I had that nearly built already I would just release it. I only tested all the cases to figure out how I should build the new code, but never got around actually doing it.
Maybe you could open source this and ask the Omnirom team to improve upon it. They could then embed it in their Rom. I know your a fan of Omni as you contributed to the delta update engine :)
Too sad that barely anyone seems to be interested in this. I think this functionality should be part of all mobile systems and would hope at least for the major Android custom ROMs to include this on a system level.
Too bad to see the halt of development. I really like the app and am still using it to protect my privacy. It works perfectly on the Nexus 5.
+Chainfire Google should higher you to bake this feature into AOSP then all devices could use it.
+Björn Petersen Well ya never know let's cross our fingers and hope chainy may change his mind :)
I loved pry-fi app, but since i used my wifi passwords got lost randomly. I tested only 4 weeks with Nexus 5, Paranoid Android (Version when Pry-Fi was released)
I know your feelings about the Wifi drivers problems. In my recent past I created a Root app that talked closely with the wifi driver and after some tests I found allot of different behavior from device to device. (At least for what I was doing. )
Like in some Samsung devices the wpa_supplicant and the wpa_supplicant.conf is in a different location and name. (But you can work with it exactly the same. )
Could you talk to the wpa_supplicant via wpa_cli binary maybe do it more compatible?
Also from the viewpoint of security the device shouldn't broadcast the configured networks (the user needs to tell that it wants to connect explicitly). I don't know if Pry-Fi does this.
But thanks anyway for the app, I'm not a user but would consider it.
I use it and would love an update
+Chainfire Thank you for ALL the work you do for us. I love what Pry-Fi has been able to do for me since it came out.
I bought the app because I think it would be nice to have some control returned to the end users. I hope that you decide to not give up on this.
I too hope Pry-Fi would be continued eventually. It's actually useful to me. I like to use it in locations where they give time-limited Wi-Fi. The difference between Pry-Fi's method and iOS 8 is Pry-Fi will actually use the random MAC to make a connection, whereas AFAIK, iOS will revert back to the original MAC when the device actually wants to connect. This is a significant difference and does more for privacy than iOS.
Thanks for the work you put into the app. I've enjoyed using it and it has been a great help.
I tested your app just when it came out and it prevented my phone from getting any WiFi connection. So I uninstalled it and waited for a more mature version. Then I realized that development seemed to have stopped while the app still being non-usable. I lost interest on Pry-Fi. What else do you expect?
+Paul Morris I just tried to give a hint why Pry-Fi probably is a low interest app. I started enthusiastic with it but it killed all wireless connectivity so the enthusiasm went away.
+Michael Bürschgens as stated, on some hardware it simply cannot work because the hardware refuses to change the MAC address, though they claim they did. This results in sync issue with some part of the system thinking one MAC is used, and other parts another MAC. This results in loss of all Wi-Fi functionality (until reboot). The maturity of the app has nothing to do with that, it simply cannot be fixed on the app/customfirmware side.
Yes, I understand there are some major issues with it (I posted so myself, didn't I ?) and it's frustrating for users and makes you lose interest. That was however not the point about low interest.
You tried it, found it lacking, and ditched it - but you're already in the group who was interested. What I was saying is that the number of people who even downloaded and tried (which includes you) was exceptionally low, especially compared to how much publicity it got at release.
What that tells me is that the average (root!) user just really doesn't care about this stuff much, awesome as it may be (when it works)...
Well, it's a shame about the lack of interest in Pry-Fi. I did try it out but quickly disabled when it seemed I couldn't connect to my home network any more... I don't think it does much for security but I like the idea of kicking the overwatch in the shins.
Oh, some people have fiddled with this sort of thing before but by using command line scripts. Basically calling ip or ifconfig, I forget which.
Well when finding out about the app I downloaded it right away and used it actifly inside AH and Mediamarkt .. totally loved the idea of your app
I've had it installed on my N4 since you released it. It appeared to be working but now I'm not so sure.
Anyway thanks for all your work for the Android community. Keep coming with the innovative ideas, even though not all may pan out.
+Chainfire +Michael Bürschgens I have been using pry-fi since it was debuted and I know that I lost my password. But if you reboot your device its all fine as explained by +Chainfire or you can toggle on-off in wifi setting. I love this app becz of freedom to be safe on public network.
This is the first I have heard of it! Although I have tried to get nearly all Chainfire's apps, somehow I missed this one. Anyway I've just installed it on my S4 and it works just fine, so I've gone Pro on it by way of support. My office router throws me off though, since only registered MAC addresses are allowed by it (for security of course!).
A couple of comments:
A) This is an essential program. One could argue with the
usefulness, but improving security and reducing exposure
are important.
B) Android is not "Open Source". It is "Source Available
Sometimes". The moving target described here is the
proof.
C) The app installs on my Nexus 7-2013, Android 4.4.3 but
causes system reset (panic?) Within minutes of booting.
D) +Chainfire; you are a fine programmer
good job
So... what is the current status of this MAGGOTRY???
pre-coffee anything is rather impressive :)
btw great read, thanks
I'd pay for it again if you continued development. I wish more people understood how important masking WiFi is for privacy concerns.
+André Brock +Kahn Knight well there might be some good news in the pipeline, stay tuned
Hi, I have an HTC one M7 with CM11 M7, supersu 2.0, and pryfi 1.20, and it don't really work, I always have to reboot the phone with pryfi disabled, and after that I can enable pryfi, but sometimes after a sleep state wi-fi don't work no more and I have to reboot again
You got namechecked by the +Electronic Frontier Foundation today that might renew interest.
I really just want to thank you for everything you've done. Just the ideologically behind Pry-Fi and your efforts to keep others privacy maintained. I could go on and on to the many awesome apps I use that you've created. CF-auto root, 500 firepaper, superSU, mobile Odin. Don't mean to get off base. I was very impressed by your vision with Pry-Fi and android security. That alone is remarkable. Keep up the good work! AND ANYONE, with a Samsung device, do yourself a favour and check out the many useful tools and applications offered by Chainfire
using the oneplus one but device cant find any network...pry fi 1.20; cyanogenmod 11.0-XNPH33R, Android 4.4.4
~~with~~
I would love to see an update for PryFi for Android L. I am running the latest preview and I get the message: "Could not gain WRITE_SECURE_SETTINGS permission, we need that!" I am fully rooted and other root apps work. Thanks!
I think the concept of PryFi is outstanding. I also think the lack of community demand is a reflection of how poorly most people value their privacy. At the end of the day, I thank +Chainfire for showing us what is possible (if difficult) and I concur with his decision not to waste energy developing something that's technically complex and yet of apparently little public interest.
Thanks for what you do for the Android community sir.
I'm registering my interest here & I shall 'follow' the XDA thread.
I'm not installing yet because I haven't yet made sense of the faults that users are posting & my phone has fragile WiFi. It's looking like it could be user error, but I'm not sure & I can't afford to lose WiFi.
I have Star N9599T (MediaTek MT6589T chipset), stock ROM, rooted with SuperSU
I love the concept, but this app made my wifi connections unstable. It might be worth using once or twice for specific locations, but I would not leave it permanently on.
Just wanted to let you know that there are still many people (in my circle at least) that would appreciate some love for this app. Just replaced my N5 (R.I.P. D': ) with a Moto G and it's not functioning.. It's actually impacted my day to day life significantly, as well as a few others I know that recently had similar situations. As always, the hard work is much appreciated!!
WHAT A JOKE! WHY POST A PROJECT ONLINE WITHOUT ANY WARNINGS?
YOU ARE DESTROYING PEOPLE'S PHONE'S AND YOU SIMPLY DON'T CARE!
YOU ARE EITHER SELFISH OR HAVE YOUR HEAD UP YOUR ARSE! NOT IMPRESSED TOO LEAVE PEOPLE STRANDED!
I WILL PAY $100 SO I CAN GET MY DEVICE WORKING, BUT YOU ARE HOLDING PEOPLE AT RANSOM BY OFFERING NO SOLUTION TO *REVERT TO DEFAULT*!!!!
THIS IS COMPLETE LUNACY!
Can you help me??
My wifi and tehering can't turn on after using pry-fi
This destroyed my wifi. Please help me get it back on