PDAnet+ Foxfi and ATT, clues as how its detected

[ducky8888]

So a few weeks ago I got the dreaded letter and text from ATT about forcing me over to a tethering plan because they had detected tethering on my account.

Admittedly, I do have PDAnet and foxfi installed, but I rarely use it, not enough to warrant them sending the threatening letter. I have been doing a lot of streaming (netflix, iheartradio, etc.) all day long, while at work. I usually get the data usage warning about halfway through my month.

A few things have happened recently that lead me to believe they cant actually detect the tethering, but suspect it. I got the S4 on the day of release. I had the apps installed on both my Xperia play and my S3 previously, but on the S4 I get a warning on the phone that ATT wants me to have a tethering plan. If I hit OK on the warning then wifi tethering is disabled, but wired or bluetooth work (sadly my laptop does not have built-in bluetooth, but my tablet works).

My original S4 had a few issues with it telling me the SIM card was removed randomly, then one day it just died and wouldnt come back on. I had the phone replaced and reinstalled all of my apps. I have not used pdanet since getting the new phone, but i got the letter anyway.

This leads me to believe a few things are what triggers the letter. It appears to me that the downloading of the app sent up a red flag, then they looked at my data usage which is extremely high (8-10gb a month).

I called ATT and the rep verified they knew I had downloaded a tethering app, and that they looked at my account and could see a device with a "hardware number" not matching my phone was using data. I believe this to mean they are doing MAC address monitoring. It is the only address that could be transmitted that would identify network traffic belonging to a different device.

My speculation is this: ATT has variables that trigger further investigation, once triggered they send a letter and look for more proof. In my case the combo of downloading pdanet and high data usage were the triggers, then they looked through my data history and saw another device requesting data.

I dont remember what the setting I had on PDA net for hiding, but if I remember right it was pretty high (1 or 2). I have contacted them to find out more. If they dont do some kind of MAC spoofing or stripping then I suspect this is one thing that can be done to further secure from getting these warnings from ATT. I will put MAC spoofing software on my laptop and just use my phone's MAC.

A look through hundreds of previous posts on various forums seems to support my theory of these triggers. I have read many posts where the user had recently downloaded or changed their tethering software and then got the warning. many of the users claim very little usage. Seems to me maybe its just as simple as "we saw you download this software, therefore you are tethering"

I made the mistake of downloading the software through the play store. What i am not sure of is this:

Can ATT track what you download from the play store? I would think that the deal with the play store is between me and google, but I also know that ATT has the authority to limit what apps I can see and download, similar to what China does for its residents.

Can ATT track what is installed on our phones? I.E. if I download an APK from the internet onto my computer and transfer it to my phone and install it while in airplane mode (if possible), will ATT be able to see what I have?

 

[jhawkkw]

If you download the app over their network, no matter it's origin, they have the evidence. As for monitoring your device for installed items, it seems unlikely but wouldn't be surprising after the CarrierIQ fiasco. Most carriers have many different methods for detecting tethering from packet inspections, mac address monitoring and user agent monitoring are the most popular. But often they don't bother looking unless you give them a reason. Even though 8-10 GB doesn't seem like a lot to you, percentage wise you are a heavy user and would easily put you in the top 5% of users and probably higher still. That was probably enough to put you on their radar.

 

[Petrah]

I would think any carrier can watch and look at whatever they want since it is their network you're using.

The same situation applied to my web hosting clients when I owned a web hosting company. If they used my mail server to send or receive warez on their hosting email accounts, I had every right to shut off their account without notice and without any refunds. I also had the right to monitor for large files incoming or outgoing. Funny to get angry emails from people who had their accounts deleted because they were sending illegal copyrighted material through my servers.

My point is; use their network within the boundaries they set for you. If they do not allow tethering without paying for it, then it's best to abide by their rules as they can see what you're doing any time they want. They may or may not be able to see what you have on your phone, but they can most assuredly see what you are downloading through their network. IMHO it's simply not worth the risk of losing your account.

 

[ducky8888]

@Petrah - While I usually dont have an issue paying for services that I use, I do have a problem with paying for tethering for a few reasons.

1. I began my unlimited data plan with ATT BEFORE the was ATT in my area. I have been a customer with unlimited data since Pac Bell was bought out by SBC, and then subsequently acquired by ATT. Back then I was tethering my laptop through my windows phone and the service provider had no clue and didnt care, I asked. The word tethering wasnt even in their vocabulary. Here we are a few years () later and now they get to change the rules? They see something being done and get to modify their contracts to make money off of it?

2. they dont offer a tethering plan for unlimited data users. I would have to opt out of my grandfathered data plan, losing it forever, so that I could get onto a tethering plan. I am getting the hint they dont like those of us that took advantage when we did...

3. I dont use tethering enough to warrant another $15/month addition to my bill. They are really only after me because of my data usage, any excuse to drop me from the unlimited

My real problem is their ability to change the rules anytime they want, and if i could prove that "back when" they told me that tethering wasnt a concern of theirs and they had no problems with me doing it, then that too would be a "grandfathered" usage, just like the unlimited data. that would be like the place I have a contract with to do my oil changes sending me a bill that included "checking tire pressure" as a billable item, and then when I complain they say "well, it was a free service, but it wasnt in any contract verbage and we saw how much money we were losing by doing it free, so we added it along with a service fee."

 

[Petrah]

I can understand that, and I can see things from your point of vew (how you feel is important). However, those are the rules that AT&T set forth. When you signed up with them to use their service you agreed to their terms of service, acceptable use policies, and end user agreement whether you agreed with them, read them, or not. It's a legally binding contract.

They do have the right to change their policies any time they wish, without notice. Being able to do this protects them as a company. They're in the business to make money, so they can by all rights set any limitations for specific plans that they deem are within the best interest of the company. The main thing here is that they do offer you a choice. It may not be exactly what you want, but it is there.

I think of tethering without paying for it similar to my neighbor sneaking into my open window during the summer and connecting their television to my cable without my knowledge or consent.

 

[scorched]

I'm inadvertenly testing your theory. I wanted to set up my kid's nexus 7s and use my galaxy as a hotspot. After trying different apps and researching I found out att doesn't like this. Didn't find an app that even worked until I came across foxfi. I checked for signal on the nexus and got one, but never actually used it and deleted foxfi. I also get the data usage warning about 1/2 way through the month. If simply downloading the app and having high data usage gets me the warning then I'll let you know.

 

[Mr. Lucky]

I have a feeling this is being detected by Carrier IQ. Back when this was discovered in 2011, most carriers backed away from it. Well guess what? AT&T didn't. It is (or was) running on my AT&T S4 4.3! Since my phone is rooted, I disabled it with the Disable Service app. Below is a screenshot from the app, showing it now disabled. It's hidden in "Android System" as a running service (blue means "Running"; "red means "Disabled").

 

[Czjon]

Awesome Mr lucky. Do I have to root my phone to run the disable service? I got upset because tonight I went on Google play and tried to download pdanet and it told me that I was not able to download that application on my cellular provider (which is att)

 

[dibblebill]

Yep, disabling requires root... And the firmware might run deeper than that (didn't it have kernel-level hooks in devices?)

As for carriers and changing whims, remember, the towers and hardware you are using are THEIR corporate property to do with as THEY please. The fees we pay are basically renting (at exorbitant rates) their property so we must do so on their terms, even if they're asshats about it.

Personally, when I got AT&T last month, I didn't even bother logging into my phone until I'd gone home, removed Android 4.1.2/Sense, and installed a custom ROM that I'd built from source so I knew what was in it.

 

[RazzMaTazz]

From what I read before, the carriers (like AT&T) detect if the web traffic is requested by a mobile browser or a full browser. When you visit a website from a mobile browser, the mobile browser lets the website know that it's a mobile browser so that the website can serve you content formatted for mobile browsers (if that website has such capability). From what I understand, some carriers have software that alerts when web page request headers are NOT coming from a mobile browser AND the customer is NOT subscribed to a hotspot service. My guess is that it triggers an automatic letter to the customer. I highly doubt that there's any human snooping or checking what you've done.

It's possible that they detect the MAC but I don't think that's it. Too easy to spoof a MAC. I also doubt it's a CarrierIQ type program which is really more diagnostic. And I'm almost certain that they don't know what you've installed. I don't think Google (Play Store) shares that info and I think customers would be way to creeped out if the carriers were violating privacy by actually snooping to see what their customers have downloaded. If they sent letters based on apps detected, then you'd have received the letter as soon as the app was installed.

If you run a VPN/proxy like the free Ultrasurf app on your PC when tethering, it should encrypt & conceal your web page requests. It was invented by Chinese citizens who wanted to be able to get around the Chinese government's Internet-router clamps which restrict people from visiting websites that are critical of China, etc. My kids used Ultrasurf to get around the website restrictions that I placed on my WiFi router on school nights-- until I caught them! It's a tiny executable (therefore no installation) that you can run just before web surfing.

 

[Mr. Lucky]

From what I read before, the carriers (like AT&T) detect if the web traffic is requested by a mobile browser or a full browser. When you visit a website from a mobile browser, the mobile browser lets the website know that it's a mobile browser so that the website can serve you content formatted for mobile browsers (if that website has such capability). From what I understand, some carriers have software that alerts when web page request headers are NOT coming from a mobile browser AND the customer is NOT subscribed to a hotspot service. My guess is that it triggers an automatic letter to the customer. I highly doubt that there's any human snooping or checking what you've done.

They may very well have that capability, but it is most definitely not how they are detecting usage

 

[artbytes]

They may very well have that capability, but I t is most definitely not how they are detecting usage

 

[artbytes]

PS - I'm on AT&T also. I have a grandfathered unlimited plan. I now also have a Mifi hotspot for travel. It works really well. Would be happy if I didn't have to pay for it, but it's come in really handy.

 

[funkylogik]

Bit off topic but going back to part of the OP.. is it possible that a carrier can know what apps you install?
I already find it disgusting that some US carriers block their customers from downloading certain apps but if theyre actively watching what you install on your phone, thats disgraceful. Can they technically do that?

 

[mikedt]

So I understand correctly, we talking truly unlimited data, i.e. the carrier doesn't care how much data you use, or unlimited subject to fair usage, or bandwidth throttling say for >3GB used. Something like "unlimited*" ....read the small print.

AFAIK it does make a difference if you're tethering or not, and whether it's the carrier's business.

 

[BaronMarshal]

I can understand that, and I can see things from your point of vew (how you feel is important). However, those are the rules that AT&T set forth. When you signed up with them to use their service you agreed to their terms of service, acceptable use policies, and end user agreement whether you agreed with them, read them, or not. It's a legally binding contract.

They do have the right to change their policies any time they wish, without notice. Being able to do this protects them as a company. They're in the business to make money.

This kind of thinking is destructive. Any contract that can change, at will, by only one party, is no longer binding as there is no informed consent. Any one remember the contracts with native Americans?
If they can change the policy, then so can we. They just have more power to enforce their will. Meaning we'll get the short end of the stick 99 out of 100.
My biggest question is, why is it OK for a company with billions of dollars protect its money, but we're an asshole (or criminal) for protecting our own money?
In my opinion, if a company advertised unlimited data, then that's what you are entitled to.
Of course, the current networks can't handle everyone on unlimited, but we'll get there.
Until then, my only suggestion is to limit your number of customers on unlimited plans and not limit their 'unlimited' usage.