iOS lets carriers add WiFi networks that you can’t remove or stop from joining

Whenever someone sadly hits their personal "last straw" threshold for iPhone, one option to consider is the privacy&security-focused GrapheneOS variant of Android.

https://grapheneos.org/features

You can run GrapheneOS on recent models of Pixel hardware. (It usually has to be a unit purchased from Google, or that otherwise hasn't had OEM-unlocking disabled by the carrier that sold it.)

https://grapheneos.org/faq#device-support

https://grapheneos.org/install/web#enabling-oem-unlocking

You might also try minimizing the apps that you depend upon, though GrapheneOS has put work into supporting apps in a bit more private&secure way. There's also the option of the F-Droid app store, if you want to try to avoid commercial apps altogether, but still need things like an OpenStreetMap app.

There were a lot of things I liked about iPhone, but I overall feel more respected by GrapheneOS.

If you end up liking GrapheneOS, and have the means, there's an optional Donate page on their Web site.

As someone who reluctantly moved to iOS from Android and reluctantly stays on iOS there really is no other option for "normal" ("regular"?) users who don't want the Google crap all over their existence.

Graphene, Lineage etc are all excellent solutions for people who want to ( or "can") get their hands dirty and can live without normal functions of "commercial" apps, for everyone else as of today there is just two option - Apple's iOS or Google blessed Android. I am not even talking about warranty and bricking woes.

This is a duopoly as clear as day. We can keep telling ourselves that we have options, we don't. It's settled, at least that is how it is right now (again, maybe except for "tinkers" which I guess even I was until around a decade ago).

This! I'm very impressed with how well it works and the continued anti-consumer steps iOS and Android make are only driving Graphene's development!

Apple Configurator (self-hosted local MDM, free macOS app in store) has an option for "supervised" iOS devices so that Wi-Fi connections are limited to SSIDs which are pre-defined in the MDM profile. It's intended for enterprise usage. Worth testing to see how MDM policy interacts with carrier-managed Passpoint networks.

Note: you can't supervise an existing device without wiping it, so this is an experiment to conduct with a spare phone, or one already managed by Configurator/MDM.

Apple Configurator training: https://it-training.apple.com/tutorials/deployment/dm095

Wi-Fi payload: https://developer.apple.com/documentation/devicemanagement/w...

Another option is using Apple's MDM for small business to define a list of approved SSIDs, https://www.apple.com/business/essentials/

Edit: is there an option to "Remove Profile" in Settings?

  General -> VPN & Device Management -> Configuration Profiles

Edit2: workaround by null routing the carrier's Wi-Fi SSID? https://www.reddit.com/r/tmobile/comments/vvt6dd/comment/iyr...

  Change IP address to manual and 127.0.0.1
  Change subnet mask to 255.255.255.0
  Change DNS to manual and 251.252.253.254

Thank you for that first link. I stumbled across Apple Configurator when I was trying to lock down an old phone, to have at home as a pseudo-landline (but which I can take with me on trips) that is safe to leave accessible to kids. I got it working by muddling through, and that link would have at least let me situate myself in the space of "what does this thing do?" better.

What settings did you use to lock down your phone?

The "Remove Profile" option in Settings might be helpful if it's available, but it seems like it could be carrier-dependent, and not all users may have this option.

The null routing workaround seems interesting and could potentially help in avoiding unwanted connections to the carrier's Wi-Fi SSID. However, this method might require some technical knowledge and might not be ideal for less tech-savvy users.

I do not have any profiles installed, and none of my devices are managed.

I’m aware this could potentially be fixed by enrolling all my family’s devices in an MDM.

But I mean come on, wipe everyone’s phone to enroll in MDM? Seems pretty crazy when the phone should just let you control what it does/does not join.

Edit: I misread your post, I see now it was more suggesting a test. My bad.

If Carrier MDM policy can override Configurator/Enterprise MDM policy, then corporate security admins will likely be unhappy about their lack of control over enterprise device networking.

Has the industry forgotten the pre-iPhone disaster of telco-controlled devices? https://www.quora.com/Why-was-the-iPhone-initially-exclusive...

> The landscape of the cell phone market was very different pre-2007. Most notably, the carriers had complete control over what phones were allowed on their network. A carrier could nix a feature that had been in R&D for years and suddenly you couldn’t sell your new phone with this amazing feature. They were especially protective of data and overloading their networks, which led to browsers on phones being stripped down and limited. The whole “full web” was not a technical impossibility, it was just that carriers wouldn’t allow phones on the network that had a full browser.

https://archive.is/4ZCH5

> Apple bucked the rules of the cellphone industry by wresting control away from the normally powerful wireless carriers ... Mr. Jobs once referred to telecom operators as "orifices" that other companies, including phone makers, must go through to reach consumers.

T-Mobile's you absolutely can disable, but I would have never ever thought to look there until I read this.

I switched off Auto-join on both "t-mobile" and "TMobileWingman", but I couldn't hit the "Done" text-but-its-really-a-button in the upper right until I made some change to the normal known networks list, so I deleted a couple that I didn't remember or recognize. YMMV.

It's gross either way. No way, no way in hell this is something that should be shadow dropped onto my phone.

This is insane. I have never heard of these and after checking I also have them on my iDevice. Tmobile should explain what wingman is and why it's on IOS devices.

I don't understand why Apple allows carriers to do this. Apple id a well-respected brand by most of their customers while carriers are seen as an evil you cannot do without.

> a well-respected brand by most of their customers

Not surprising. I don’t respect or trust them, so I’m not one of their customers.

Probably to force more traffic onto wifi to keep people off of their network whenever possible.

I have T-mobile but I haven't a clue what you are talking about. There are Wi-Fi networks called "t-mobile" and "TMobileWingman"? I just don't see them at all. Under what condition should I see them?

Settings/Wifi/edit/scroll down to “managed networks”

These are networks added by your carrier you can’t remove. They have equal priority to your real networks.

In my case, 2 neighbors have freebie wifi/modem combos blasting out 1-bar hotspots that match my carriers free hotspot SSIDs, so all my family’s personal devices constantly switch between my real home network and these “hot spots” with no way to stop it short of removing everyone’s SIMs

Appalling.

You'd need an extremely strong reality distortion field to advocate for it. I can only guess it's a way for the telcos to offload 5g traffic.

In the Android world, if Samsung/Telstra introduced something similar in Australia that'd be enough for me to jump ship to another manufacturer that didn't. There's an auto-enabled "Hotspot 2.0" feature that I've turned off; it's not ideal that it's on by default but for people on lesser data plans it could be convenient. It's a simple toggle to turn off, nothing's forced.

I am able to disable "Auto-join" on those, but I don't have these WiFi hotspots near me so I can't test if that Auto-join toggle actually works.

Wait 4-5 minutes and open the menu again.

In my case I disable auto join on all and they’re all back on in 4-5 minutes.

I was also able to verify this as the device will still really connect to the “disabled” hot spots, even after switching it off. Just took a while for the profile to resync.

Edit: only 5 of 9 re-enable auto join after I disable it.

It's been more than five minutes, I opened the menu again and it's still disabled. I'm on an iPhone 12 Pro Max on iOS 16.4, which is the latest iOS.

> even after switching it off

This might be your issue, because after a restart your iPhone no longer has access to your saved Wi-Fi credentials, but it can still use EAP-SIM to join T-Mobile's Wi-Fi network first. But I see your point that it does not respect the "Auto-join" toggle.

Sorry, to clarify my device will reconnect to a carrier-managed hotspot that has had auto-join manually disabled without a reboot within 4-5 minutes.

Yeah, that's probably a bug.

If this happens often enough to annoy you, you could file this bug with Apple by typing "applefeedback:///" into Safari. It could take some guesswork to figure out what component to file this against.

Does Apple ever respond to bug reports? I've only ever heard of them disappearing into the void. Beyond that though, users shouldn't have to file bugs against hostile features like this. Spreading the word as widely as possible about Apple's behavior here is likely to be far more effective.

looks like a few of mine resynced and toggled auto join. My iPad has none of these managed network entities at all, seems to be a phone thing only.

Looks like comcast xfinity type networks are being imposed too. The xfinity App may be toggling these XFI, Xfinity Mobile, xfinitywifi pieces your way too.

I could see a system where carriers partner with cities to install wifi at crowded locations, preset a carrier provided password and use that for better service than 5g.

But I am shocked that they would force connection to open ssids.

I’m not shocked the carrier would try, I’m shocked the OS lets the carrier dictate this with no user recourse.

Wingman does not stay turned off for me, as op mentioned in his edit.

It doesn't stay off for me either, but after some digging on the internet, Wingman appears to be an in-flight wifi network on planes (which may not actually exist anymore and T-Mobile are in the process of removing from devices according to this recent comment by a stranger on an old Reddit thread[1]). While it's annoying that it doesn't stay off, it doesn't seem to be something that would cause problems in practice because flights typically only have one wifi network.

1: https://reddit.com/r/tmobile/comments/7u535i/_/jcl01il/?cont...

What happens if someone spoofs the SSID though?

You can hit Cancel and it will still retain the auto-join setting (very counterintuitive).

Thanks I just did this as well. I often defend Apple's decisions but this is downright ridiculous.

Make sure you check up on it later, in my case the carrier turns auto-join back on a few minutes later.

Thanks. Doesn't seem to have happened yet but I have no confidence it'll remain that way.

Wait 5 minutes and check it again. “Auto join” will be turned on again

I was all prepared to be very irritated. Especially if I could not disable them.

But disabling does work for me. And according to the documentation[0] these networks wouldn't get selected in preference to my home network anyway. My blood pressure is dropping a bit.

Assuming these are actually authenticated networks as described, then I don't know if this is any worse than allowing the phone to use the cellular signal. Same provider.

If your phone is hopping onto one of these while at home, I guess check your home wifi signal strength because it's probably dropping out?

[0] https://support.apple.com/en-us/HT202831

If I make a new SSID with the name of an xfinity/att/Verizon hotspot would that means every up to date iPhone user would automatically connect to it?

No, unless you have found an exploit for EAP-SIM, Passpoint, etc.

i didn’t think ios had the capability to enforce any specific auth method for any specific SSID. you’re saying it does?

On my device these hotspots show up under “My Networks”

Disabling (switching auto-join to off) also does not work, most of them switch back on a few minutes later. This seems to be carrier-dependent from the comments thus far.

I disagree based on my reading of the documentation, these are treated as identical to your other networks. The only benefit is my home network is usually louder, but that’s the rub it doesn’t always work and devices routinely switch.

In my case I noticed this in a condo, so the physical distances are less

I can understand the frustration this issue might cause, especially if your device keeps switching to these managed networks despite having a stable home Wi-Fi connection. It seems like there might be a difference in behavior based on the carrier, which complicates the situation further.

I strongly believe these carrier networks should only be added to “my networks” as a permission-gated prompt, and also be deletable.

Would solve this whole thing I think

I noticed this a couple days back at Home Depot, of all places. Was looking up the locations of stuff I needed to pick up via their website while sitting out in the parking lot and my iPhone kept switching off 5g to hop on some single bar wifi that I couldn’t delete or deselect auto-join.

Eventually just turned off wifi and the problem was “solved” but man this is going to be annoying if it starts happening at the grocery store or something.

tinfoil hat but frys used to seem to fuck with competitor websites on their in building wifi. amazon would never work. At last 2 times I had to go outside to get cell coverage and then pull up the amazon price to show them to get a price match. nothing really stopping home depot or whomever from shoving a pi-hole in front of competitor sites either.

> nothing really stopping home depot or whomever from shoving a pi-hole in front of competitor sites either.

And this is why people who say "DNS-over-HTTPS is bad since it bypasses Pi-hole!" are wrong.

I‘m generally not a big fan of most consumer VPNs, but this is one scenario where they can really help.

On Android with tmo if I go near a home depot my phone will hop on their wiri and get a little R next to the wifi signal icon. This R doesn't go away even after I go home and get on my home wifi. Can only get rid of it by rebooting the phone.

I noticed this because a condo has neighbors nearby with routers blasting said hotspot, so now you’re not even safe in your own home.

Oh god no. I live in one of those “techbaby’s first econobox” neighborhoods where you can shake hands with your neighbors if both of you lean out the window a smidge.

I have never had so much trouble with network radio interference as I do here, so I can only imagine the fresh hell when one of my neighbors lights up one of these things.

There’s already a “stop hitting yourself” scenario going on with a guy blasting multiple competing 160mhz width APs for some reason. Thank god for Wifi 6E

A condo-sized Faraday cage would solve that problem...

It gets more sickening every day. I own every Apple device there is. But there has never been a company more anti-Steve-Jobs-vision than Apple.

The seamless experience has turned into a my fight against Apple's hatred of their customer.

> I own every Apple device there is.

I'm not sure anyone really ever "owned" an apple device, at least since the first iPhone or so, it seems to me we kind of redefined what ownership means. Apple owns every device they make, you are allowed to pay for limited and revokable usage rights. You have very limited knowledge or control over most of its proprietary hardware and software. Apple, the phone carrier, the apps you install, all have more, varying control over your device. The kind of freedom Stallman talked about for example has been lost for a very long time.

Maybe? I certainly still have more control than on windows.

They're instruments of social control and behavioral management. People will get upset and this comment will probably even get removed (censored), but this is the truth with closed source software from for-profit corporations.

Steve used to care about things like this. And even if he didn’t once it has his attention you know something will be done or at least looked into with a reasonable eye. Now it is nothing.

This has been around for a while now and is not some new eSIM thing. It's existed with physical SIMs too. It's Passpoint access authorized via your SIM. Your device won't just randomly connect to anything with the same SSID. It has to auth via the SIM and it's on secure networks that your carrier has agreements with. Same as the access you get over the LTE or 5G network.

Except it’s shit. I constantly have to disable WiFi to get 5g again in the airport if I want something that actually works. Verizon with passpoint is absolutely trash and has nearly driven me to cancel my Verizon service because it can’t be removed.

I remember something like this happening nearly a decade ago with an iPhone 5S. I was at a large mall I visited often and saw I was connected to a WiFi network I hadn't used before.

The mall had WiFi but there was a portal which required SMS authentication and was time limited (the same as every other hotspot, it was rules of the country), so I didn't bother using it on my phone. Plus the carrier had a modern LTE deployement, where I'd often get over 50mbit download speeds - which was faster than my home internet. The network was named something like "<carrier> offload" so I assumed they had a kind of WiFi deployment to limit cell tower load, and it was added by the carrier settings profile.

I can't remember if I was able to disable or delete the network (it worked, so I didn't care). I'm wondering if this feature has been there for a while, but OPs ISP has only just decided to use it (I imagine some exec had an OKR to increase adoption of their public WiFi hotspots).

This is wrong, the networks show up as “my networks” and a iPhone 14 Pro Max on 16.4 will 100% connect to that with the same priority as a real/my personal wifi network.

>and it’s on secure networks

No it’s not, my home networks are behind strong firewalls and things like pie hole. Do you not see the problem with all of my families devices “preferring” a neighbors network over mine?

> a iPhone 14 Pro Max on 16.4 will 100% connect to that with the same priority as a real/my personal wifi network.

That isn't what Apple says - https://support.apple.com/en-us/HT202831

At least according to the support doc, the most preferred network should be joined first, other private networks are the next priority, and public networks (including EAP-SIM, the subject of this thread) are the lowest priority.

These hotspot networks show up under “My Networks” on iOS 16.4 FWIW.

They can say what they want about “being given the lowest priority”, but but they clearly are competing with my home network and winning some fraction of the time.

I suspect this has to do with beaconing and once you force it to join your wifi it will stop until you leave your wifi coverage.

If you are walking towards your house and it sees one of these 'sponsored networks' it will autojoin it, when you walk into your house it won't switch. It saw the 'sponsored networks' beacon first.

Which is fine for a house, but imagine a (wifi) crowded condo/apartment. You could be in bed but opposite your neighbors closet so physically closer to their WiFi thus “louder”.

it's not about louder, it's about who it sees first. Once you manually override it should be good unless your wifi drops out for some reason.

Fortunately my carrier doesn’t do this, but having to manually select my own Wi-Fi every time I come home (so that I can reach local devices) sounds extremely annoying.

I‘d hope that the iPhone would at least periodically rescan for higher priority networks.

People buy the cheapest shit cable modem/router they can buy and use it until it physically dies or rent a very basic unit for a large space. Because they are unwilling to buy or rent sufficient hardware there is going to be spaces in the house where a temporary drop or dip that is going to turn into a roam on an adjacent network.

Yeah, that doesn't match their spec. Unless your home network goes down momentarily and the iPhone immediately switches to the other wi-fi network. You could maybe check the iPhone logs (or the router logs!) to see if this happens, but this is going to be a pain to figure out what is happening and when.

> "No it’s not, my home networks "

When your phone is on 5g it is not behind a strong firewall, or any firewall at all. It's sitting directly on the internet. I can run a webserver on my phone and you can browse it.

> Do you not see the problem with all of my families devices “preferring” a neighbors network over mine?

If you've been laboring under the misconception that your phone is safe on your home network then perhaps this is a shock. But having your phone connected to a carrier means the carrier is responsible for providing a network.

Normally your phone is connected both to the carrier network and to whatever wifi network the user prefers, if wifi is available.

It seems like the major usability problem here is that instead of connecting to both networks, the carrier network supplants the user's network -- which breaks expectations when near user-run wifi.

> When your phone is on 5g it is not behind a strong firewall, or any firewall at all.

I‘d be surprised if that’s true for most operators.

And even if there really is no stateful firewall: On IPv4 you’ll be behind carrier-grade NAT (so no inbound connections), and on IPv6 (including NAT64/DNS64), successfully guessing somebody‘s IP address seems extremely unlikely. (A server that you’ve visited might "dial you back", though.)

And for most users, the most visible effect will probably be that they can’t connect to their Chromecast, smart speakers, AirPrint etc, not decreased security.

>Do you not see the problem with all of my families devices “preferring” a neighbors network over mine?

I have T-Mobile. T-Mobile maintains agreements for Passpoint networks at random places like airports, T-Mobile stores, or (I recently found out) Home Depot. These networks are encrypted and authorized against a RADIUS server.

My SIM has them programmed into it. I can't just stand up the "t-mobile" or "Passpoint Secure" SSID from my home network and my phone automatically connects to it. That's not how it works.

Based on the fact that your devices are showing preference, I'm gonna take a wild guess and say you have Xfinity/Spectrum/Optimum Mobile. The cable co. MVNOs maintain their own WiFi networks which are (again) connected to via Passpoint and authorized using RADIUS. However, the cable company WiFi networks extend far into neighborhoods and are broadcast from CPEs. Your devices prefer them because that's part of the network you signed up for.

Just VPN back to your home network if you're not confident in their security.

You explained why this might be happening technically but why are you acting like it's okay? "Just VPN home" is not a solution if the phone is preferring a terrible one bar connection over the home one. Imagine the quality of that vpn connection you're suggesting as a fix.

I invite the WiFi Alliance to participate more in 3GPP meetings and straighten out the standard for handover between LTE/5G and Passpoint WiFi networks then.

And I invite the 3GPP alliance and Apple to stay the hell out of my Wi-Fi preferences (or at least give me a clear option of opting out of autoconnecting).

Their job is to get my phone on a 3GPP network, and (already a stretch) to possibly offer a reasonable default of autoconnecting to secure Wi-Fi networks that can alleviate mobile network load in crowded locations, but never in preference over my home network, and never ever without a way to opt out of all of it.

This has nothing to do with your preferences. This is network management pure and simple. This is how you implement efficient infrastructure in congested locations like stadiums, airports, and large retail (where you may have no signal at all). Whether the cellular radio or wifi radio is used has nothing to do with you; you are paying for a connection and there are some very intelligent people tasked with figuring out the best way to solve that problem. Because if they didn't, your phone wouldn't have connectivity in those locations and you'd be on here complaining that their service sucks

Whatever strategy is implemented it absolutely should respect the user preference for which wifi network is preferred. How can you defend getting in the way of a user connecting to their home network when at home? Seriously, address that particular concern and maybe we can have a debate.

That’s all fine, until it disrupts my ability to connect to my own network in any way (which has devices on it I can‘t reach from my mobile operator’s network).

How gracious. In exchange, I invite all of the 3GPP stakeholders to respect people's technological autonomy and refrain from enabling solutions that force crap down their throats.

If you have a better solution than the 3GPP and member parties i.e. carriers have come up with I invite you to build your own better network experience and handsets rather than just posting snark. Perhaps try mounting some hubcaps to trees.

This isn't about technological autonomy. OP signed up for wireless service that is specifically sold as Hotspot WiFi-first. That's one of its main features. It's sold as that very, very clearly. If you don't want their WiFi, go get service from another provider!

Just because a service is marketed as having a feature doesn't mean they have an excuse to undo a user setting in their OS that explicitly says they don't want to use it. Maybe they do want to connect to the advertised network when traveling but auto connect shouldn't be forced on them. I don't understand why you are trying to defend this so adamantly.

> Just VPN back to your home network if you're not confident in their security.

So you expect the average user to be able to set up a Zeroconf/mDNS-proxying VPN, since that’s the only type that will allow things like Google Cast or AirPrint to still work?

Home networks are not just about security or speed, some people have devices on them they can otherwise not reach.

You can restrict apps from using the internet in the cellular menu. But with wifi, they can communicate unrestricted.

That’s a very obvious omission in the iOS privacy/security settings I‘ve never understood.

Why can I grant fine-grained access to my photos, location etc., but not just outright denying network access to an app that works offline, which would make all of the other concerns mostly moot?

Thank you for adding some technical context to this discussion. There's a lot of (sadly) uninformed people in this thread spitting mad prophesying about a topic they clearly do not understand with any technical depth. If only the retail stores replaced their enterprise gear for EAP with a "pi hole". P.S. nice username

> Just VPN back to your home network if you're not confident in their security.

I’m sorry but wtf?

You’re saying that, in my own home, I should just accept that my devices connect to an external wifi against my will and VPN back into my own home… while in my home?

Seriously?

(Gonna assume you have a cable MVNO still)

Yes. You signed up for a cable provider mobile service. A huge part of their whole value proposition for their service is "get access to millions of cable WiFi hotspots!" That's their product. They plaster it everywhere in all their ads.

Your situation with Pi-hole and firewalls etc. is a niche use case. Their service is made to appeal to people who are 1) cable company customers and 2) want cheaper service. The majority of people who fall into those categories have an Xfinity router at home that broadcasts the Passpoint SSID. The phones connect to that SSID and have service. Passpoint is going to be more secure than any WPA2/3 network anyway.

If you don't want that to happen, then get a different mobile provider. This one is not for you.

WiFi isn’t just for accessing the Internet. It’s also for accessing other devices on your home network such as printers. This is a broken implementation with no room for argument.

I signed up for cellphone service.

Absolutely no where did I consent to have my devices (yes, my owned devices not leased/payment planned) suddenly lock me out of basic networking settings.

This is almost as stupid as buying a Walmart keyboard and finding out plugging it in disables eth0 because you might load Amazon.

Xfinity hardware provides a separate SSID that uses WPA2/3 to secure your connection and a SSID for "Xfinity WIFI". On Android one can and should in fact select which nodes to connect to not merely whether to connect to all nodes but whether to connect to individual nodes. This is essential because in real world non test environments real customers using real networking hardware and phones do not handle adjacent networks well because signal strength varies wildly throughout their space resulting in devices roaming back and forth for no fucking good reason. This is especially true in dense environments like apartment buildings.

Xfinity customers using xfinity wifi on their android device NEVER experience conflict from dancing between AP with xfinitywifi in their home or from their neighbors unless they explicitly connect to adjacent networks and if they do so they can correct the issue by long pressing on the undesired AP name and selecting "forget".

Nobody cares what a company thinks they signed up for. They give essentially two shits. They pay tech companies to solve their problems and expect solutions that work. The situation as described doesn't work for normal network conditions and equipment. The fact that it also breaks niche stuff that techies like is just diarrhea icing on a shit cake.

Having multiple adjacent networks enabled is liable to cause customer devices to roam between access points on and off their LAN even when

- Remote access point doesn't provide access to desired resources

- Have acceptable performance

- Have acceptable security parameters according to users needs

Most users can't stand up a vpn inside their network and configure it to alleviate the self inflicted wound of having their phone decide that the user isn't qualified to select the wifi access points it prefers to connect to. You may as well ask them to grow wings and skip Delta. Instead they will be placing irate calls to their ISP about why their wifi sucks so much and I will be silently cursing Apple.

I'm on a prepaid MVNO carrier that does this and iOS has been allowing this for years now. The only difference is that now iOS lets you VIEW what's going on.

I noticed this type of thing a LONG time ago (years) when my browser session was hijacked by some starbucks terms of service popup. my phone had auto joined an at&t wireless hotspot at a nearby starbucks.

I could disable auto-join at that time and it didn't happen again.

Also as a general precaution I turned off wifi except at home.

However, if it cannot be disabled, I find it troubling.

In my particular case it’s happening in my condo and all of my families devices routinely switch between my real network and the 1-bar hotspots several floors away.

It’s impossible for me to disable and breaks all local connections to things like PLEX, as well as kid safety/adult content filtering.

Killing local network access is an actual bug.

related - I wonder if this is specific to esim or if this would happen with a regular sim too?

and can you just call your carrier?

I had a comcast business router and it started broadcasting an open comcast wifi access point (for comcast customers). I called and asked them to turn it off and they did.

I just checked my phone, There were 3 verizon networks in there I don't recognize. I'm using a regular SIM.

> Killing local network access is an actual bug.

Yeah in additional to any local servers you have it would break continuity (handoff etc), it would break casting. Sounds very poorly thought through.

The carrier told me to contact apple.

And in my case, I can’t exactly harass all my neighbors to disable their “free hotspot”. I should be able to control my own phone and dictate what it does/does not connect to.

> I should be able to control my own phone

That battle was lost a long time ago. I should be able to restrict (or know) what the apps do. I should be able to firewall my phone. I should be able to access the files on it.

But in the end, only apple decides this, and their decisions are self-serving.

morally you cant but actually you can, go to a few thift shops, get enough routers to cover all channels, create many screaming imposter networks portal eachone to something not pretty, soon[day or 2] you will see the original network gone.

beware of FCC.

This is perfectly legal, FCC will not care.

But it will not work.

saturating the air with [SSID] at high dB across all channels absolutely will work, it compels the operator of [SSID] to turn it off and buy another router.

the high dB signal is where the FCC Will care.

That’s not how 802.11 works. If your device can’t connect to a given BSSID that’s broadcasting an SSID it wants, it will put that BSSID on an ignore list and try the next one, whatever the received signal strength.

You can of course saturate the entire spectrum, but that breaks every network, not just the SSIDs you’re "waging war" against, and will probably get you a visit by the FCC sooner or later.

Maybe you could broadcast thousands of spoofed BSSIDs; I have no idea about the legality of that, and the legitimate operator of the SSID might not find that too funny and take legal action against you as well, as that would be pretty transparent denial of service on a public band.

yes you have it right. this has been done in the past, and can still be done.

legally, you dont want to do it. i have had experiences with seeing my SSID coming from a router that is not mine, and the nieghbor basically said effoff ill do what i want. in that case i did what i want as well.

What’s the problem with your neighbor using "your" SSID?

It’s not like anybody can "own" an SSID name, and if you’re using WPA, the only effect would be a few milliseconds longer of initial connection time per device.

Actively running a DoS against your neighbor might or might not be legal, but it sure is petty (and given the above, unnecessary).

There is no way ATT is going to abandon the attwifi SSID.

You did not mention exceeding Part 15 emitter limits in your previous post.

screaming was mentioned, and im not talking about making ATT abandon the attwifi SSID im talking about the end user abandoning the onsite equipment.

It amazes me how features like this make it through to release and seemingly nobody considered this very basic experience of your home being hijacked

I’ve tested this on iPhone 14 Pro Max, 13 Pro Max, and 12 Pro Max. Using iOS 16.4 and 16.5 beta, I’m unable to replicate this.

AT&T 54.0.1

Managed Networks: AT&T Wi-Fi Passpoint, attwifi

Verizon 54.0.1

Managed Networks: PrivateMobileWifi, VerizonWifi, VerizonWifiAccess

T-Mobile 54.1.0

Managed Networks: t-mobile

I’ve tested the following scenarios

- confirm auto-join disabled, wait 10min, recheck and still disabled.

— confirm auto-join disabled, reboot, recheck and still disabled.

- confirm auto-join disabled, enable airplane mode, recheck and still disabled.

- confirm auto-join disabled, disable wifi, re-enable wifi, recheck and confirm still not auto-join enabled.

- confirm auto-join disabled, switch cellular data to alternate esim, switch back, confirm still not auto-join enabled.

At this point I feel there must be something different about your setup that’s non-standard in some way.

It’s slimey as hell that they get added automatically, but still very much possible to disable at least it seems.

Edit: “Wingman” and related variations never appear on either of my T-mobile devices.

Wow, thank you for your detailed post.

I have multiple iPhone 14 Pro Max, all 16.4

All on Xfinity Mobile 54.0.1

Yes, I know Comcast sucks but they are the only provider in my area for gigabit and they whitelabel Verizon mmWave 5G for a serious discount if you bundle with their internet (which I’m basically forced to use)

In my case, I disable auto join on all 9 managed networks and 5 of them are back to enabled before I’m done checking the list.

If you don't want the service, why did you buy it, even if the discount was 100%?

“The service” was cellphone service, there is no logical reason my phone OS should arbitrarily lock me out of wifi settings due to my cellular carrier.

This is a security non-starter. Why would Apple do this? These are not approved networks for most company usage.

Apple needs to start being a LOT more protective of their product’s privacy features, as it’s a major reason people stick with them and one of their core brand points.

Is this based entirely on the SSID? In other words, could I force other people's phones to connect to my router by just changing the name of my Wifi network?

That seems like an obvious security vulnerability.

This is funny, because the very first iPhone did exactly this in the US for the SSID "AttWifi". Crazy that they brought it back 15 years later.

The SSID is the key. There is no other security as far as I understand it - you can test this by changing routers and naming the SSID and password the same. Devices will join this new network no questions asked.

That depends on the carrier. There is such a thing as SIM authenticated WiFi networks and they can use it.

> There is no other security as far as I understand it

https://news.ycombinator.com/item?id=35447903 says it uses RADIUS authentication and “I can't just stand up [spoof] the ‘t-mobile’ or ‘Passpoint Secure’ SSID”.

> There is no other security as far as I understand it - you can test this by changing routers and naming the SSID and password the same. Devices will join this new network no questions asked.

AIUI this is a feature, not a bug. It allows devices to switch between different access points automatically.

For example, a large school will need to use many different access points in order to cover the entire building. Students will not want to manually switch between all of these access points, so the school gives each one an identical SSID and password. Devices will then switch automatically as needed.

Hardly exotic these days. I have multiple APs at home, all sharing the same ssid with automatic handoff. Practically every ASUS router (at least) can do it, and it's only a few clicks to set up.

Every 802.12-compliant AP can do it. They can even be of different brands, since it’s just the Wi-Fi equivalent of plugging your computer into a different switch on the same (switched) subnet.

I read this as cellular providers offloading traffic from their networks by making it so phones will piggyback on Wi-Fi networks. Maybe a symptom of increasing demand for more data but unwillingness to eat the cost or too many users. With Wi-Fi calling they’ve got that covered.

along with the fact that you can restrict some apps from using the internet via the cellular menu and never hook to a wifi that lets them connect.

But with this in place, you cannot restrict some apps from using the internet, the type and amount of data will be unrestricted.

Basically, this is a HUGE argument with several simple solutions, but it does BEG to be resolved promptly before the vulnerability (and the WTF) threshold go through the roof...

I have a vague memory of this being a story many years ago, where iPhone's were connecting automatically to the Disney resort WiFi and someone realized if you set your hotspot to use the same name all iPhones in the vicinity would auto connect.

Can't find anything online any more though, does anyone remember anything similar?

Yes, there is a not very widely used API for this that allows apps to hook mobile hotspot logins and (I believe) also mark them for auto-connections.

It worked horribly. Not sure if it’s still around.

This is a very US centric way of looking at this. Currently sitting in a packed subway carriage in Busan, South Korea. There are carrier WIFI APs installed in every carriage. Their network is literally built to offload people onto wifi where possible, I presume to reduce congestion on not much or very directional spectrum in the tunnels. In this case, it makes perfect sense to push people onto their wifi. Not connecting to your own networks preferentially is a pita though. Seems like a really neat solution imo

Sort of. I can understand offloading to WiFi. I cannot understand preferring carrier WiFi hotspots over my own.

I think most Americans on here are concerned that if they're at home, and their neighbor has a carrier sponsored wifi hotspot, then their phone may prefer the neighbors hotspot to their own home network. Things like this could disrupt talking to local devices (airplay, homeassistant, etc).

I live in Japan and first noticed this "feature" when I'd lose connection as every time I'd walk past a FamilyMart convenience store (which you can find every 3 blocks or so) it would connect to "0000docomo" and then immediately lose connection as I kept walking. Although in my case, disabling auto-join works fine.

Why would they install WiFi repeaters and not just 4G/5G microcells on the trains?

I can see how it can be a very useful feature – but why not let users decide if they want to keep enjoying it, or opt out of it for whatever reason? I can think of many valid ones.

Why can't I remove the network from my phone then?

Makes "perfect" sense.

I wish they’d install this in elevators here, too.

My office building‘s elevators have 5G signal, which makes much more sense as it avoids a hard handover between SSIDs/networks (or Wi-Fi and mobile data), which in turn has a much higher chance of not dropping calls.

Fair criticism. But can you defend blocking the user from manually disabling these networks?

I’d understand if I got a pop up saying “add these networks for the best experience”, I accepted them, etc.

I would have (upon detecting this problem) just removed them and gone about my day.

The problem here is that you are forced to use them with no opt-in and no way to disable it.

If apple wants to add a second wifi radio to handle carrier offloading, and having it treat this second wifi radio as a cellular radio by another medium, sure.

but I should have fullllllllllllllllll fucking control over what wifi network my device connects to.

The fact it can connect to mobile data is only 10% of the device, and i don't see why connecting to a carriers mobile network should grant that carrier the ability to edit user settings like what wifi networks its allowed to connect to.

> they cannot have “automatically join” disabled

They can on my AT&T iOS 16.4 device. I was able to disable auto-join on the two AT&T ones. I didn't need to delete a network to enable the "done" button from the edit screen - the state I toggled for auto-joining the managed networks persisted even if I hit cancel on the edit screen.

I don't like that they're there and auto-join is on by default, but it does appear that can be turned off.

Check again in 4-5 minutes, it will be on again. I can disable it too, but it just switches back.

It’s been 30 minutes and they’re still off for me. I’ll check again later.

Are all of them off? Sorry to ask, because I have 9 “managed networks” and it seems like now that some turn back on immediately and some stay off.

Of course the ones physically nearby all switch back on…

Yes. I have just 2 of these managed networks : AT&T Wi-Fi Passpoint and attwifi. It could be that they’ll switch auto join back on if I move somewhere that they’re visible. Edit: just out of curiosity I rebooted to see if that would toggle auto-join back on, but it did not.

I am pretty sure apps can do this as well. Have noticed hotel apps doing it in Las Vegas and elsewhere. Adding in a Wi-Fi network that is to aid in connecting. Threw me for a loop when I was there last.

There is indeed such an API, and frustratingly there does not seem to be a way of preventing apps from doing it.

My contact with this was via "iPass", which was a Wi-Fi subscription that also included many in-flight network providers.

I was not really interested in connecting to thousands (in my city alone!) of horribly slow, insecure networks on the ground, but it was all or nothing, and required reinstalling the app every time.

This goes to show that the real way to succeed in life isn’t to go about wearing a tin foil hat, but rather to enclose your neighbours house in one.

Is it possible to change the configuration for those networks. Or maybe it gets re-synced after 4-5min. Give them a static IP address, i.e., disable DHCP, or router address that will definitely not work. Auto-join should fail.

Well that’s objectively terrible.

Question about security ramifications: aren’t APs without x509 set up trivially spoofable anyways? Or is that fixed? I have not paid attention to wifi security in a minute.

WPA3 has PAKE-based mutual authentication, so with a reasonably hard to guess passphrase, you should be mostly safe.

That said, these auto-connect carrier networks mostly use EAP-SIM, which does mutual authentication using the keys on your SIM card anyway.

Are you using the t-mobile app? Maybe uninstall it, if so. Next, on your home network you can block the HTTPS requests that your phone makes to check for profile updates. I don’t recall that domain name (it has to be a domain name and not an IP due to the use of HTTPS for those checks, which Apple requires) but you can probably figure it out from your pihole. You’ll still get updates over cellular.

I agree 100% that it should be opt-out (if not opt-in). I suspect however that the problem with overwriting your settings is as likely a bug as intentional. This area of software is buggy as heck.

Only my phone has any carrier apps installed but the behavior is global, so the only common factor is the cellular provider.

I could block it perhaps, but it will just sync up again next time the kids leave for school.

Brand trust can be liquidated or purchased in various amounts just like any other corporate asset.

In this case Apple decided to sell some to the carriers. Given the % of users who will ever have their purchase decisions affected by this it was probably a highly profitable move.

Thanks for this. I was able to disable auto join. It sucks that they pull this shit with out telling us.

As another data point:

I'm on ios 16.4. I see I have "AT&T Wi-Fi Passpoint" and "attwifi" added to "Managed Networks" - but I am able to disable auto-join for them. I wonder if that can be controlled by the carrier?

Does anyone know if there is a specific term for networks added like this to look for more documentation?

Something about "carrier to have access to "append"(the word managed was subverted here) the list or something like that in the documentation/news article stuff... I guess they just stuck the word "manage(d)" on the end users to physically read, but were prevented from using it in documentation...crazy

the carrier does already control your phone’s selection of DNS server and on iOS you can’t set DNS when connected to cellular without using apple’s VPN API through an app

Wait 5 minutes and check again, auto join will be on again

Mine have remained off for 30 minutes now. I'll try to check again tomorrow but if there's a reset time, it's more than 5 minutes.

So the good (?) news is this seems to be carrier dependent. In my case 5 of 9 carrier-managed networks will revert to auto join while with some carriers zero will.

I have an iPhone 12 mini. I bought mine directly from Apple, and use it on the T-Mobile network.

I see “t-mobile” and “TMobileWingman” under managed networks. I disabled the auto join and it has not been switched back on after about an hour.

what are the security requirements put forth by the carriers? is the backhaul encrypted in any way? are the devices tamper resistant? on one hand this seems similar to 5G stations where third parties have physical access but on the other this seems easier to pwn

I was able to disable auto-join and after 10 minutes it's not re-enabled. As a precaution I also set manually IP/Gateway/DNS to 127.0.0.1 for the "AT&T Wifi Passport" and "attwifi" networks and those settings also seem to persist. I'll check it again in 24 hours or so.

Thanks for checking, in my case ~5 of the 9 (!) managed networks switch back on within 4-5 minutes. The rest seem to stay off.

Awful workaround: Any of the various ESP8266 deauthers, set to target only your specific MAC address.

Or, if the phone insists on randomizing MACs, just have it listen for packets above a certain RSSI and keep it very near your phone, and deauth the loud one.

It's "Passpoint" and uses certificate based 802.11x auth, there's really nothing to worry about except calls dropping due to Wifi switchover. Whitepaper from Aruba here: Solving the Indoor Wireless Coverage Problem: Passpoint and Wi-Fi Calling https://www.arubanetworks.com/assets/wp/WP_Passpoint_Wi-Fi.p...

That's nice but when carriers abuse shitty home routers for these WiFi APs the networks are absolutely not to be trusted.

> there's really nothing to worry about except calls dropping due to Wifi switchover

When this happens: (my = family)

1) my devices are no longer behind my firewall or pihole

2) my devices can no longer access PLEX

3) my devices can no longer access my security system, cameras, etc

4) airdrop will fail

My network is my network, when I’m at home I want my devices to be on my network, not randomly dropping out and connecting to random hotspots multiple floors/houses away

This is insane. Thanks for taking the time to share. Good reminder we don’t control our devices.

If this bothers you (and it bothers me!), you can write a personal automation Shortcut like: “When my iPhone joins the Wi-Fi network named … turn off wifi”. It won’t stop you joining in the first place, but can at least keep your phone from spending time on the unwelcome network.

This doesn't help if the hotspot is in your normal home range.

You could make the shortcut arbitrarily sophisticated.

Oh, and if it wasn’t clear, I don’t mean this as approving the design flaw. It’s not “look how easy it is to work around!”, but “well, here’s something you can do while we’re stuck with this terrible idea”.

With iOS the new UX seems a little bad. I have AT&T. If I go to the Wifi settings and tap "Edit", and then go to the AT&T Passpoint managed network, tap the "i" button, and disable auto-join, then back out of the detail view, the save button is still disabled. However, if I just tap the back button out of the managed view, it still saves.

So, anyway, at least for AT&T you can definitely disable the auto-join at least.

Do you want to re-check if that setting has been retained? It sounds like there may be a re-sync but with the carrier.

It's been about a half hour and so far so good.

Interesting. On an AT&T system, with 2 Passpoints listed. I can turn one off and it stays off; the other neither offers the option to save after the change nor retains the change.

I think that might be specific to your carrier, forcing these network to be automatically joined despite your preference. I'm not seeing the same behavior with Verizon, where I get the managed networks but auto-join happily stays off.

I'm guessing MVNOs like Comcast would rather force you on their wifi if they can because this way they avoid having to pay the underlying MNO for traffic. Which might explain why they would force enable auto-join.

I'd vote with my dollars and pick a different carrier that doesn't have such user hostile wifi policies.

I’d understand if this was a flip phone, but why should iOS lock the user out of wifi control?

SIM cards include a lot of capabilities. For example, a SIM card can contain multiple embedded applications, which can communicate with the outside (push and pull), without involving the phone's OS.

The secret life of SIM cards (2013) (simhacks.github.io)

225 points by cthackers on Aug 16, 2014 | 43 comments

Wow. Why is this a thing?! I didn't even know where to look for this if it wasn't for the comments here for T-mobile

I'm seeing this behavior on 16.3 as well.

It's amazing how many people already forgot/ignore Snowden revelations. iOS and the rest of the complicit Apple walled garden is literal spyware for the masses. But with enough of a marketing budget, it's easy to convince people of anything, even when it is against their interests.

... iOS is the spyware for the masses? I have a background in security and I prefer iOS devices over android devices because the latter is an absolute wild west in comparison.

The most relevant bit I recall from the Snowden revelations is that NSA was treating big-4 tech companies as adversaries and splicing into their fiber networks. How would android be any better at protecting against that than apple/ios?

Let's see, a literal fourteen year old found a bug in iOS that let him remotely listen to the microphone on any iPhone with only a phone number. Now imagine what a three letter agency is capable of, or is responsible for.

> How would android be any better at protecting against that than apple/ios?

The AOSP is much easier to hold accountable than the iOS codebase. Apple has a convincing security model if you take their whitepapers at face value, but between the PRISM revelations and Apple's own Transparency page[0] it's hard to claim that they won't let anyone access your data.

[0] https://www.apple.com/legal/transparency/

Similarities between AOSP and any Android device build are unclear at best.

Re: Transparency, Apple is obligated to cooperate with governments when presented with legally-valid warrants. This is not so much iOS as iCloud services though, and it applies to every service provider in the world.

I think your memory of the Prism program is inaccurate.

> With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

https://www.theguardian.com/world/2013/jun/06/us-tech-giants...

You're welcome to dispute these facts based on technical merit or other qualifying evidence, keeping in mind the obvious advancements in technology over the past decade, as well as societies' increased reliance on the proliferated devices.

Apple was not a participant in Prism. Neither was Google.

Consequently they are not complicit.

Smartphones concentrate so much personal data in a single inadequately-protected device. The severity of vulnerabilities is greatly magnified, and they are "juicy targets", as we say in the industry, for attackers of all kinds.

If that's your argument, then you're on solid ground.

If you believe that your phone is a tool of the NSA, then you're just hypothesizing a worst case scenario, unsupported by evidence.

I think finally we will applause people who actively find a method to jail break iOS devices.

Just don't

Use a different sort of device

You mean not a mobile phone? Because it's not just iPhones with this feature.

When company A installs spyware on billions of smartphones, and conspires with B and C who provide a network of fake wifi endpoints to steal user data, that's organized crime and FBI gets very interested, but when A is Apple and the B and C are ATT and Verizon, the organized crime becomes above the law and FBI looks the other way.

can you elaborate on the workaround to remove the settings? after removing an eS and resetting all network settings, once the eSIM is active again, wouldn't the unwanted network settings be added back again?

There is no real workaround, it all comes back as soon as you add cellular service again.

You can only temporarily fix it by disabling the “Phone” part of iPhone

Happened to me in LAX international terminal. I’m with Verizon. So annoying. I was trying to figure out how I get connected to the crappy WiFi for an hour. Removed all the profiles and what not.

Very disappointed by Apple on this one.

This is beyond baffling. Does nobody in the approval chain for this even use a home network? This would immediately break half a dozen things for me. Local game streaming. Network share access. Local wireless backups. Local Plex access. Screen mirroring to my television.