Aug 7, 2017

How to turn off Android's WiFi Assistant/Google's VPN

7:00 AM Paul B

You might be asking yourself, why would you want to do this. I mean there are countless technology blogs out there sucking on Google's teat claiming this feature is the best thing since sliced bread!

If you are unfamiliar with WiFi Assistant, the idea is that it will automatically connect you to known un-secure public WiFi networks when you are in range, which will lower your cell phone data usage. At the same time, all of your traffic is routed through Google's private VPN network so your internet browsing is secure. How cool is that?

Well, if you look back in time to Snowden's PRISM leak, you might recall that Google is not to be trusted. With this feature, pretty much anytime you are near a public network, Google will now proxy your data through their network and can now snoop on all of your traffic!

I began getting suspicious when I was browsing to sites like Start Page from my Google Pixel, and the HTTPS icon in the browser was turned red. When I inspected the certificate, it was coming up as a Google issued certificate, but it didn't match the site I was going to. That seems to be working the same way a Fortigate firewall handles DLP, by acting as a man-in-the-middle and presenting it's own SSL certificate so it can decrypt the traffic, inspect it, and send it back on it's way.

That tells me, that Google is not really protecting your traffic, they are snooping on it. If the deal the NSA/CIA had with Google for PRISM are still active, then by proxy the NSA/CIA are probably snooping on your encrypted traffic as well.

To turn this feature off on your phone, at least on the Google Pixel do the following:

  • Go to Settings > Google > Networking
  • Disable WiFi Assistant

Maybe I'm just paranoid, but I really think you would be better off just not connecting to random open hotspots, and if you do, make sure the sites you visit are using SSL/TLS correctly. If you are browsing to a site that has a good implementation of SSL/TLS, then you don't need Google's bullshit CIA/NSA front VPN to make sure that traffic is secure.

You can check how well a site has TLS implemented by using SSL Labs.

If you are still worried about surfing anonymously on your phone using public WiFi, then you should probably use a VPN service like Torrent Privacy or even use Orbot (Tor for Android). Whatever you do, just don't trust Google...

What do you think about this? Let us know in the comments!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam