Cell phone question

Factual Questions
1

So I’m new to this whole owning a cell phone thing. I recently got one mostly to play Pokemon Go with. I don’t understand wifi. I know what it stands for, but I don’t get why its so undependable.

For example, while walking, I get messages about the wifi not connecting, or wifi switching from one to another. I don’t get this. If I walk and talk on the phone, there’s no interruption. I can talk on a phone in a place with bad wifi or restricted access wifi, but I can’t play games or go to Google? How’s wifi different from regular cell coverage? I thought they were the same thing

Before I got a phone, I simply thought wherever you can get a phone signal and talk on the phone, you have full access online. I was worried that in some places, like restaurants, you have to ask for a wifi password if you’re a customer, and you can’t make calls, but then I realized that was stupid, its never happened before, people can make calls anywhere there is cell coverage. You don’t have to do that if you want to call someone, so you can have some type of radio waves or whatever access, but you can’t go online. What’s the difference? Are they using different wires or frequencies or something? Why isn’t my wifi always on, always connected like my phone? Why does it even need to switch around?

2

Think of cellular telephony as broadcast TV. If you have a portable TV, you can watch TV anywhere you’re close enough to a tower. But there a lot of towers and the communication is two way. Also, it’s pay TV, you have to subscribe.

Think of WiFi like air conditioning. You can find it in a lot of places, some public, some private. But you have to be allowed in to any such places. Some places are okay with you coming in. But you can’t just wander into a private place to chill.

WiFi extends a bit outside of a building, unlike AC.

WiFi routers generally connect to wired Internet which is cheap and has good bandwidth. OTOH, cell phone towers cost real money, have limited bandwidth, etc.

WiFi uses radio bands that are open to all comers. So, no cost to use them but there are limits on how far the signal goes and if there are a lot of WiFi routers around, you have a problem.

Cell phone companies use bands they bought at auction for lots of bucks. Only the winner and its customers can use those bands.

So one is cheap and is sometimes freely available the other is expensive on a per/byte basis.

3

WiFi is very limited in range, typically 300 feet line of sight from an access point. It is meant for very local networks.

Cellular data, on the other hand, (2g, 3g, 4g, LTE etc) is handled from the cell towers themselves, so has basically the same range as cellular voice calls.

You are probably just walking past shops and such that, as a courtesy, to their patrons often have a free (but usually bandwidth limited) hotspot available.

4

Most phones have a setting to NOT try to automatically connect to any wifi that it happens to notice, but only connect to wifi networks that you’ve previously connected to manually. You probably want to set you phone that way.

–Mark

5

ETA: I thought this would be the first response, so I made it rather complete. Everybody ahead of me has dealt with some of the story.

You (OP) are mixing up two utterly separate systems.

Your phone has continuous internet connectivity over (simplifying here) the mobile phone system. This is automatic and seamless and just works pretty much wherever you go. This is the data that you pay $X for Y gigabytes per month.

As a completely separate and unrelated matter there’s wifi.

The wifi universe was designed for things like houses or hotels or businesses. Where a premises owner would put up a “hotspot” that reached out a hundred feet or so and authorized people could connect to it instead of needing to lug around a network wire & plug into a wall socket at your house or at the Starbucks or wherever.

What happened next is that some businesses realized that offering free wifi was a way to attract customers. Some businesses let anyone connect. Others require you to get a password from the clerk / cashier.

Next some companies realized they could make money by installing wifi in, say, every Starbucks and selling subscriptions for $10 a month allowing use in every Starbucks nationwide. And giving Starbucks HQ a cut of the money. To connect to those you need an account and a password.

Then the cable TV/Internet companies got in on the act and many places that are wired for internet via their cable company are also broadcasting wifi signals that anyone who’s a subscriber to that cable company can connect to. I have Comcast at home and so I can connect to wifi spots all over the country coming out of people’s houses and businesses.

But all wifi is ultimately local. The phone needs to actively do stuff to connect to any given hotspot. If that one fades away the phone has to do a whole rigamarole to connect to another. It was never designed for connecting moving things.

Pretty much all wifi services offer unlimited (or nearly so) data. Though they may limit speed.
So pretty quickly phones gained the ability to connect to wifi as well as connect to the traditional mobile system. There’s a setting in the phone menu to turn wifi on or off. People who use lots of data like to use wifi as much as possible since they’re not paying for it. Instead they’re piggybacking off somebody else’s. With their implicit or explicit permission.

If your phone’s wifi is turned on, as you walk around a retail environment or downtown your phone will be “hearing” dozens of signals from dozens of shops and businesses. And promiscuously trying to connect to each of them, regardless of whether the wifi owner wants outsiders on its network or not.

That’s what your phone is doing. And often failing to connect for lack of a password. So it bugs you for one, or announces that it tried and failed to connect to network “abc123”.
So that’s what’s happening. What to do about it?
Me, I leave wifi off unless I’m at home or in specific familiar locations. I’m happy to save my metered mobile data when I’m at home by using my own unlimited wifi, but I don’t want my phone sticking its wifi connector into any old network it hears out in public. Who knows what’s behind it? I think of snagging random public wifi signals about like I do of picking up food off the sidewalk. Yes, it’s free food. But at what risk?

6

Bottom line is: if you are just wandering around outside it is best to turn off wifi and turn on mobile data. Especially if you want to play a game like Pokemon Go.

7

Previous posts are pretty comprehensive, but perhaps (or not) I can add something. As mentioned, wifi and mobile data are two different systems. If you turn wifi off on your phone, you can still make calls, receive and send texts, and connect to the internet so long as you have a cell signal from your carrier. Your contract stipulates how many minutes of phone calls, how many texts and how much data you can use every month. You certainly need to understand each of these. If you never connect to wifi, you will be using your monthly data when you download emails, pull up a map, watch a video, search google, etc… You can use many GB of data fairly easily if you never use wifi.

Now, turn on wifi, and you can connect to a wifi network, at home, at work, in a hotel or in some stores. You will probably need a password. There are at least a couple of reasons why you want to do this. First, anytime you are using a wifi signal to connect to the internet, you are not using any of your monthly data. Watching videos uses up a lot of data. I have no idea about Pokemon Go. Second, wifi tends to be quite a bit faster than cellular data. You can surf the web much faster on wifi compared to mobile data.

Walking around, your phone is identifying all of the nearby wifi networks, most of which are useless to you because they are password protected, and you don’t have the passwords. The exceptions, as indicated above, are at stores and restaurants that want to accommodate customers by having a no-password connection, or by providing the password to customers.

8

I’m not crazy about the advice to turn off your wifi when you’re out of the house. The danger is if you forget to turn it back on, and you end up using the cellular network for all your internet traffic at home, which can end up costing money. I think it’s better to just configure your phone to not automatically connect to unknown wifi networks.

–Mark

9

The problem with that advice is that “known” vs “unknown” comes down to SSID.

How certain are you that the SSID of “attwifi” is really the one you know and trust? Answer: you absolutely positively don’t have the slightest clue. Your phone or tablet blithely assumes the SSID is a universally trustworthy and universally unique identifier. While in reality it’s most assuredly neither.

10

That’s what I do.

11

I’m with Markn+. I only connect to known WiFi access points. Generally, these are home, work and a few friends when I go to their homes.

This is not my SSID. Someone could follow me home, learn my SSID when my router broadcasts it, and then try to spoof my router somewhere else but I don’t think that my phone would connect because the spoofed router wouldn’t use the right encryption password. Am I missing something here? If so, it wouldn’t be my first time.

12

What are the dangers in connecting to unknown or questionable networks? Entering an ID and Password on a website? If you don’t do that, what are the dangers? I connected to an ATTwifi network the other day, but made sure I didn’t go to any websites where I had to enter a password or any account numbers or the like.

13

Someone setting up a fake ATT/Comcast/whatever router can do a lot of damage to you.

First, they will steal your login credentials when you log into the network. So they have your ATT/Comcast/whatever user name and password. That’s bad. What someone can do with access to your email is unbelievable nowadays. Sending out reset password requests to your banks, etc. is a start.

Secondly, they can capture your traffic. Way too much stuff on the Internet is sent unencrypted, including sites that should know better.

Thirdly, even for the encrypted stuff, they might be able to perform a man-in-the-middle attack and also read traffic.

Think of all the sites you might visit and what someone could do if they have login/password info, transactions, etc.

Not sure about ATT but Comcast has an app that (I think) can be used to find and connect to only verified Comcast WiFi hotspots.

(I am always astonished by questions about computer security of the form “What’s the harm of … ?” What’s the harm? Think big. Then think bigger. It’s far worse than that.)

14

No. You can stop right there. The password is not sent in the clear. WPA2 uses a four-way handshake that allows authentication of both sides, without either side disclosing the password. The only way you can even connect to a rogue AP is if it has the same SSID and the same password as your expected AP.

–Mark

15

As to your home wifi you’re fine. You’re not missing a thing. Likewise friends or work whose network has WPA and a password to connect. It’d be implausibly difficult for a bad guy to fake that unless you work for the CIA and already have the Chinese snooping around your stuff.

The much more typical, and IMO dangerous, setup is where folks just let their phone, tablet, or laptop just connect to anything that’ll let them connect to it. Anyone who travels much has probably connected to a Hilton or Marriot wifi setup. Many folks have connected to their local city or park or library setup. So those SSIDs are both known to their devices and known to local bad guys. As are the nationally standardized SSIDs for the various cable networks like xfinitywifi, attwifi, etc.

So the next time your device sees a familiar SSID like that it silently hooks up.

That’s certainly better than immediately logging into your brokerage account and displaying all your personal data.

If you (T and C or Orwell) do connect to an evil router that’s essentially equivalent to browsing to the evilest most hacker-infested website you can imagine, followed by clicking every link you see. Darn near anything could try to be downloaded onto your device. The only protections you have are whatever firewalling, security, etc., the device has. Maybe that’s good enough and maybe it isn’t.

Now that even phones can be wifi hotspots the obstacles to bad guys setting up mobile evil hotspots and trolling for rubes is really easy and really cheap.

Maybe I’m excessively paranoid, but I want some level of deliberate control over which networks (I think) my device is connecting to and when and where it does so. YMMV.

16

We, or at least I, am discussing the many hotspots that don’t use WPA passwords. Instead it’s all in the clear and you might go through some webform authentication at the router to finish connecting out to the internet at large.

17

Thanks LSLGuy. So I’ll stick with my phone settings connecting only to known wifi networks and I won’t bother switching wifi off every time I leave the house. Then I get the benefit of automatically connecting at home and work (saving mobile data) and automatically switching to the cellular network outside work (which is convenient and safe enough for me).

18

Your home AP is configured to use WPA2, right? (If it’s not, stop reading this right now and fix it. You have bigger problems than what’s being discussed here.) A correctly implemented client won’t connect to an AP that uses a different authentication method than what was used when it was first connected. So if a rogue AP is pretending to be your AP, it will have to use the same WPA2 authentication that your home AP uses, and no passwords will be sent in the clear. Furthermore, a correctly implemented client will check the MAC address as well as the SSID, so the fake AP will need to know the MAC address of your home AP and spoof that as well.

On the other hand, I agree that it’s not a good idea to connect to a public AP without WPA2, even if you trust the provider of that AP.

–Mark

19

Thanks for the concern, but I’m set up right. Been in the business off and on since the 10BASE5 “garden hose” days. More off than on in the last 5 years, but one or another flavor of WPA2 is still the hot setup for home wifi. I live in a mid-rise condo building and I just checked; I have 20 usable wifi signals here in my living room. Some of which are open. :eek: Getting security right is doubly important in an environment like this.

The OP’s concern was observing his phone trying to connect promiscuously to every AP in range and him having zero idea what was happening or why or what it all meant. Hence my taking a strong line with him against letting it do that. At least until he became more educated about the risks and rewards.

20

One other thing I’d like to point out is that often your GPS system can piggyback off of the WiFi system to get a stronger signal and to be more accurate. Often if you turn off WiFi (depending on what phone you have) you’ll see a warning that the GPS signal is improved by having WiFi turned on.

I mention this because the OP stated that the primary reason for having the phone is to play Pokémon Go. That app requires a functioning GPS signal before you can play it. So I think this is an important consideration in this situation.