I’ve been digging into the way GrapheneOS handles Wi‑Fi scanning, and I have a feature request and discussion point I’d love some feedback on from both fellow users and developers.
My Situation and Use Case:
I’m particularly focused on maximizing my device’s privacy. Even though I have “Wi‑Fi scanning for location” disabled via Settings → Location → Wi‑Fi scanning, I’m still concerned about the background Wi‑Fi scanning that occurs when I’m connected to my preferred network already. I understand that these scans are integral to connectivity features—like roaming, signal strength monitoring, and captive portal detection—but from my perspective, they still broadcast probe requests that, despite being MAC randomized, might allow an observer to infer patterns of my device’s behavior. Such as entities that use Wi-Fi locator devices, much like using a rogue cellular tower, albeit not connecting to the network but simply leaving a trail of location indicators. Cops and major corporations use these devices and have them stationed throughout the city for automatic detection and monitoring much like surveillance cameras dispersed throughout every intersection to monitor traffic and movement.
Basically once being connected to the my Wi-Fi network, I don't want any other Wi-Fi networks to even show up, I have no need to know all my neighbors networks in the area once I'm connected to mine and I don't need to show up on their radar either..
While I appreciate GrapheneOS’s strong privacy defaults (including per-connection randomized MAC addresses), I’m curious whether it’s feasible to implement an option to entirely disable these background scans once a stable connection has been established. My thought is that if the device is currently connected to a known network (and assuming I manually re-enable Wi‑Fi when needed), there might be room for an additional user-controlled toggle or developer option that “turns off Wi‑Fi scanning” even while Wi‑Fi remains enabled.
The Feature Idea:
A setting (perhaps accessible via developer options or even a dedicated privacy menu) that, when activated, stops the periodic scanning by the underlying Wi‑Fi management services (e.g. the processes similar to wificond or within ConnectivityService).
This would ideally not interfere with the basic functionality of maintaining a connection on the current network, but would reduce the outgoing probe requests that potentially could be tracked.
Questions and Discussion Points:
From a technical standpoint, is it feasible to “freeze” or disable the background scanning functions without compromising critical features like roaming, captive portal detection, or network handoff?
Would a modification along these lines be something the GrapheneOS team might consider integrating (perhaps as an optional setting for advanced users) without impacting overall network performance?
Are there any known security or usability trade-offs that I might not have considered, especially in scenarios where a sudden drop in Wi‑Fi connectivity requires immediate network scanning to re-establish connectivity?
Has anyone already explored or experimented with adjusting settings like wifi_scan_always_enabled (or similar properties) to achieve a state where scanning is minimized even when connected?
I understand that completely disabling background scans might require modifications to lower-level networking components or even the firmware, but I’m hopeful that if we had a well-scoped use case, it might open the door to further experimentation. Ideally, I’d like to test whether such an option could enhance privacy without significantly affecting connectivity.
Thanks in advance for your thoughts and insights. I’m keen to hear from developers or advanced users on whether this is something that could potentially be developed or if it’s fundamentally tied to the required connection maintenance functions.