This is for those who may have a recently bought a new iPhone 16P, and this probably applies to any AT&T-purchased/carrier-purchased phone.
To-do: Check your WiFi settings and look for “AT&T Wi-FI Passpoint” and “attwifi” networks in your WiFi saved networks. These are “managed”, so they can’t be removed. If you have them, disable “autojoin”. This may be complicated, if you have my experience (below).
Why it matters: Evidently these connect you to public WiFi networks that can be and are hosted by some stores, like Walmart in my case. These stores will use these networks to track you throughout the store.
My experience: I was walking in Walmart and discovered I was connected to the Walmart guest WiFi without my permission. I have never used box-store WiFi, as I’m aware of the tracking.
I went into iOS 18 WiFi settings (Settings >Wi-Fi>Edit) and found the two managed WiFi networks mentioned above from AT&T. Despite not being the same name as the store’s guest WiFi, the store’s WiFi was similarly named, so it was likely just a renamed SSID. However, when I went to turn off autojoin, the problem arose that the “Done” button remains grayed out, and going back into the settings showed the autojoin still turned on. It wasn’t a visual glitch, because the store WiFi would try to connect again after toggling WiFi.
In trying to troubleshoot, I turned airplane mode on and back off, and that seems to keep the autojoin toggle as “off”. After that, the store WiFi stopped trying to connect automatically. I power-cycled the phone to make sure this stuck, and it did. It’s probably just a bug on the iPhone, but it was a bug that was about to make me return the phone without hesitation.
The carriers do this primarily to offload traffic from their cellular networks in crowded areas. But yes, it’s a good idea to disable auto-join for privacy reasons.
Note that this happens not only on carrier phones but also on unlocked phones when you add an AT&T SIM (it’s done through carrier settings).
Passpoint isn’t just an Apple or AT&T thing, but it does require the company (Walmart in this case) to partner/integrate with each carrier, so I imagine some carriers support it more than others. An overview of Passpoint can be found here: Passpoint | Wi-Fi Alliance
Who’s buying a phone with a managed network they can’t remove on it? That’s messed up.
I’m glad the technology exists so an employer can manage their devices, but ain’t no way I’m buying and using a personal phone that’s managed or has any profiles on it.
they track you with bluetooth not wifi in stores. bluetooth tracking has been a thing on iphone in stores for years. first they tried it in apple stores. now you can find it like everywhere. i’m sure now that’s expanded to include android. not matter what carrier you have. they do this to map where people go in stores by pinging their phones to figure out how people shop. anyways this is like the old days when store managers can watch you from above behind two-way mirrored booths & then nowadays with cameras looking down on you throughout the store. so anyways you can turn off your bluetooth when in stores if this scares & tingles your spidey sense. me i’m okay with this because the store already knows what i buy when i pay with the applepay on my iphone.
the attwifi on your phone is a convenience if you have at&t on your phone. they do say it’s part of your plan & they say you can use that for “free” instead of using up your data. – or if the cell signal is weak inside the store. it’s a carrier thing not apple-specific thing. you have at&t you also get at&t wifi configured on your phone. that’s what i remember when i had at&t. you can use the at&t wifi they provide in many stores & gas stations & coffee cafe shops etc wherever. (but LOL nowadays they have to compete with cable internet who want to put their free public wifi in stores etc.) i even used attwifi when i was no longer on at&t but on a tmobile cheap mvno plan with limited amount of data – i would add attwifi to my phone to automatically use it wherever it was. but yeah i also use a vpn & turn that on when on public wifi. anyways you can always also be tracked when only on cellular data. so cannot get away from any tracking you’re scared of – but just turn on a vpn if you’re too concerned if you use attwifi or any public wifi.
At least on iPhone, the mac address for this wifi is set to dynamic and rotating by default, so I imagine the tracking capabilities for the store are quite limited, no? your carrier can completely track you anyways, with or without this. I don’t see too much harm in this.
airplane mode doesnt work the way it used to. fyi…
We’re fully connected all of the time now, even after device resetting, it cant ever be returned back to that initial state (if measured in cycles on, meaning first time used)
got no wifi? they got us covered using the neighbors wifi temporarily or some other restricted protocol (proprietaty or other), or even the wifi u used to be connected to will remember you.
finally this is rolling out to more ppl. i been thinkingbi am going absolutely nuts imaginining things and nobody complaining…
it’s coming from all directions. fucking xfinity uses customers as public hotspots, samsung is constantly trying to leghump every signal you walk by… the list goes on. it’s incredible demoralizing.
i reset my phone because i thought these were fake and it was compromised. it is ridiculous the carrier has this sort of control over your device but CANT STOP A MITM ATTACK VIA CELL SITE SIMULATORS. its incredible what these companies get away with.
the kicker is, because this functionality exists for carriers it exists for malicious actors that can exploit it.
iOS 18 is swiss cheese. they are not even able to deliver this AI bullshit nobody asked for and have everyone working on it. i am sure the small security team is ignored at every meeting. look at the ios 18 CVEs! to fix it they ‘added additional checks’ or verification to avoid addressing the fundamental design issue that allows data exfiltration from a locked device.
i dont even know what the alternative is. almost every tech service or product company is wide open to anyone with a kali usb. but they dont care, we all pay the price and nothing happens to them.
Just noticed this shit today. I run an automation that disables WiFi and sets to cellular when I leave my house. I have noticed cellular issues while driving which I now attribute to the att joining a random WiFi network.