I don’t know if turning off Bluetooth protects against flipper attacks, but unless something has changed, it (sadly) doesn’t preserve your privacy.
It’s not really documented, as far as I can tell, but Bluetooth low energy stays on, even when you toggle Bluetooth off for both iOS and Android. As of iOS 15, even turning off iPhones means the phone is still trackable. (Unsure about Android on that front.) Apple’s ‘Find my’ network uses Bluetooth low energy, same as Bluetooth beacons.
I mean, it sucks for everyone that can’t or don’t want to run homebrew OS’s.
The “One” link I shared above indicates the behavior became standard in Android 8 and iOS 11. They were released in August and September 2017, respectively.
Modern operating systems have mitigations for this built in, using random MAC addresses for most scanning and connectivity…
…until you connect it to something, then it switches to a permanent MAC address. All of those privacy features disappear when you hook up a smart watch or headphones.
So you can keep your Bluetooth and WiFi on just fine, as long as you don’t connect them to anything while you’re on the move. For WiFi you can even enable random MAC addresses for specific WiFi networks to keep tracking jn public down.
Where I live, this type of tracking is simply illegal (long live the GDPR!) and that stops most tracking in practice. The only tracking I’ve come across were for a university research project and a city project that was shot down and turned into a big fine.
You should probably keep your wifi and bluetooth set to switch off automatically anyway, what with how much they’re used for tracking.
I don’t know if turning off Bluetooth protects against flipper attacks, but unless something has changed, it (sadly) doesn’t preserve your privacy.
It’s not really documented, as far as I can tell, but Bluetooth low energy stays on, even when you toggle Bluetooth off for both iOS and Android. As of iOS 15, even turning off iPhones means the phone is still trackable. (Unsure about Android on that front.) Apple’s ‘Find my’ network uses Bluetooth low energy, same as Bluetooth beacons.
Confused developers: one, two, three.
That sounds like disabling Bluetooth on iphones doesn’t disable Bluetooth LE. Sucks for iPhone users.
I mean, it sucks for everyone that can’t or don’t want to run homebrew OS’s.
The “One” link I shared above indicates the behavior became standard in Android 8 and iOS 11. They were released in August and September 2017, respectively.
Yeah I’d like to think AOSP doesn’t have that flaw.
Modern operating systems have mitigations for this built in, using random MAC addresses for most scanning and connectivity…
…until you connect it to something, then it switches to a permanent MAC address. All of those privacy features disappear when you hook up a smart watch or headphones.
So you can keep your Bluetooth and WiFi on just fine, as long as you don’t connect them to anything while you’re on the move. For WiFi you can even enable random MAC addresses for specific WiFi networks to keep tracking jn public down.
Where I live, this type of tracking is simply illegal (long live the GDPR!) and that stops most tracking in practice. The only tracking I’ve come across were for a university research project and a city project that was shot down and turned into a big fine.
Tracking my HR and steps via smartwatch!