vertigo220
commented
1 year ago This article shows that newer versions have improved a lot, but I'm still not clear on just how much, since it seems to indicate even the newer ones still leak some info, and I'm not sure what a lot of the stuff in the table means and therefore which version would be the minimum for accomplishing what Privacy Police did, though it looks like 8+.
I don't understand why it's even necessary for phones to send out probes. They should just listen and, when they see a network they know, which they should verify by SSID name as well as some other info, only then should they transmit anything in order to initiate a connection. The whole way Wi-Fi works in this regard just seems ridiculous.
I'm also not sure how an evil twin attack could happen, since just setting up the same SSID shouldn't be enough. If somebody sets up an AP with the same SSID as my home one, when the phone attempts to connect, part of that being a security handshake with e.g. WPA2, it should realize the malicious AP isn't the correct one since it the security doesn't match, i.e. the password doesn't work.
It would be nice if someone with more networking knowledge could chime in. I know this app is discontinued, but I'd assume @BramBonne, having developed it, has knowledge about this stuff and could hopefully offer some insight.
raboof
The README lists as one of the reasons to use this app:
However, AFAICS this no longer appears to be the case even without this app installed: I haven't been able to reproduce this issue with my Android 9 device. Do we know until what Android version this was a problem?