XPost: comp.mobile.android, alt.comp.os.windows-10   
   From: spam@nospam.com   
      
   Andy Burnelli wrote:   
      
   >  e. Enhanced Wi-Fi MAC randomization (turn on for privacy per AP)   
   >     [Note you've also set MAC Address type = Randomized MAC in settings]   
      
   Clarification of MAC randomization switches & broadcast _nomap SSID issues.   
   Below are the gory details that you only need if you desire basic privacy.   
      
   Here's what I recommend others set for privacy & functionality:   
   (again, listed in the order they appear in the developer options)   
    a. Quick settings developer tiles, Wireless debugging (turn on)   
       [Interestingly its position in the Android tile remains valid!]   
        Tile position returns!   
    b. USB Debugging (turn on to allow adb connections over USB or Wi-Fi)   
    c. Wireless debugging (turn on to allow adb connections over Wi-Fi)   
    d. Disable adb authorization timeout (turn on but it won't matter much)   
    e. Enhanced Wi-Fi MAC randomization (turn on for privacy per AP)   
       [Note you've also set MAC Address type = Randomized MAC in settings]   
    f. Mobile data always active (turn on for faster Wi-Fi:data switching)   
    g. Default USB configuration (mine is set to "Transferring files")   
       [Most phones have the default set to "No data transfer" instead.]   
    h. Select mock location app (turn on & set to your fake GPS app)   
      
   As of Android 10+ there's also a new "Wi-Fi scan throttling" option, which   
   is on by default so that it reproduces Android 9 Wi-Fi scan throttling of   
   i. Each foreground app can scan four times in a 2-minute period.   
      (note that this default allows for a burst of scans in a short time)   
   ii. All background apps combined can scan one time in a 30-minute period.   
       
       
      
   As always, if you know more than I do about this, please add technical   
   value, clarify existing value, and correct any mistakes I may have made.   
      
   Bear in mind everything works together... just as we do on this newsgroup!   
      
   The first thing we need to do is clarify what these _two_ switches above do   
   in the later Android versions to allow for MAC randomization not only per   
   AP but also per connection. And I should probably touch on what "static ip"   
   means too.   
      
   Note these switches are in my Android 12 but the first one came in Android   
   10 (as I recall) while the other was added around Android 11 (as I recall).   
      
   Note that the very useful "Wireless debugging" tile came only in Android   
   12, my point being not all these options will be on any older phone.   
      
   CAVEAT: For convenience when using adb to connect a Windows (or macOS or   
   Linux) desktop to Android, you often set the IP address to "static", which   
   you can no longer do as easily today from a home router as you used to be   
   able to do whenever you use random MAC addresses! (Ask me how I know this.)   
      
   Most people have their home router set to serve addresses out of a block.   
    [x] Use Router as DHCP Server   
    [_] Set Address Reservation per device (see below why this is set to off)   
    [_] Broadcast SSID (this should always be off for privacy reasons)   
      
   Note you can no longer "easily" use "Address Reservation" on a typical   
   home router because it usually requires locking to a specific MAC address.   
      
   What you do nowadays, instead, is set a "static" IP address on Android:   
    Android12: Settings > Connections > {longpress on} Wi-Fi >   
    {Press on the gear icon for _each_ access point in your settings}   
    Auto reconnect = off (this should _always_ be "off" for privacy reasons)   
    View more > IP settings = static   
                IP address = 192.168.1.4 (set to whatever address you want)   
                MAC address type = Randomized MAC   
      
   Note this last setting randomizes the MAC address *per connection*.   
   That is, every time you connect to that SSID, it will have the same   
   (randomized) MAC address. If this is all you set, then you _can_ use   
   Address Reservation in your router; but there's _another_ MAC randomizer!   
      
   As per this thread, there is another MAC randomizer for _each_ connection!   
    *Do you turn USB Debugging on the instant you get a new phone?*   
       
      
   When you turn "Developer options" and "USB debugging" as of Android 11+,   
   you also get the option to set the MAC randomization for _each_ connection!   
    Android Settings > Developer options > Enhanced Wi-Fi MAC randomization   
    "Change this phone's MAC address each time it connects to a network   
     that has MAC randomization turned on."   
      
   Note you need _both_ MAC-randomization settings in order to accomplish this   
   (and it's suggested you also end your SSID with "_nomap" to complete the   
   privacy steps - which of course, requires you to not broadcast the SSID).   
      
   My point in bringing this up to Android, Windows, and wireless newsgroups   
   is to communicate these wonderfully new privacy-based options which never   
   existed before, and which therefore require understanding of what they do.   
      
   Note: I'm fully aware that hiding the SSID broadcast is not for _security_   
   reasons, but many people do not realize hiding it is for _privacy_ reasons!   
      
   Specifically, most Android phones driving by your home will upload your GPS   
   location and your unique router BSSID even if you have "_nomap" appended to   
   the SSID (unique because you want your unique-as-possible SSID to stay out   
   of voluminous Internet butterfly/hash tables but that's a separate thing).   
      
   Even if Google/Mozilla respect the _nomap on the server side... notice that   
   distinction because it's the whole point that it's _already_ uploaded even   
   if you have "_nomap" appended (where we can forget nowadays about   
   _optout_)... there's no guarantee that the others (e.g., Kismet, Wiggle,   
   etc.) will respect the _nomap optout request).   
      
   The solution is to prevent "most" Android phones from even seeing your   
   SSID, which can only be done by hiding the broadcast - where - if someone   
   knows what they're doing, of course _they_ will see your (hidden) SSID -   
   but "most" phones will not _upload_ a hidden ID to the Internet servers,   
   and that's why you hide it.   
      
   Of course, once you hide it, then you have to worry about your phone   
   constantly trying to _reconnect_ to it (which shouts out your supposedly   
   unique SSID everywhere you go), so you also need to turn off the   
   auto-reconnection option in Android - which is very easily done.   
      
   Here are some representative screenshots illustrating some of the above:   
     adb + *sndcpy* example   
     adb + *scrcpy* example   
     adb + *vysor* example   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)