| ... | ... | @@ -447,10 +447,43 @@ We tested several devices to see whether the Wi-Fi Aware API was supported: |
|
|
|
|
|
|
|
These results suggest that Wi-Fi Aware is not useful for creating smartphone-based mesh networks at present, due to the small number of devices implementing the standard. It may become suitable in future if widely implemented in smartphones.
|
|
|
|
|
|
|
|
The following list of Wi-Fi Aware certified devices may be useful for determining whether the standard is becoming widely implemented:
|
|
|
|
The following list of Wi-Fi Aware certified devices may be useful for determining whether this is happening:
|
|
|
|
|
|
|
|
https://www.wi-fi.org/product-finder-results?sort_by=certified&sort_order=desc&certifications=757
|
|
|
|
|
|
|
|
## Other Android APIs
|
|
|
|
|
|
|
|
### Companion Device Pairing
|
|
|
|
|
|
|
|
Android versions 8 and later (API level 26) provide a high-level API for discovering nearby Bluetooth and Wi-Fi devices without the application needing to hold the various permissions that are required for using the Bluetooth and Wi-Fi APIs directly.
|
|
|
|
|
|
|
|
https://developer.android.com/guide/topics/connectivity/companion-device-pairing
|
|
|
|
|
|
|
|
The API presents a list of devices to the user, who can choose a device. Information about the chosen device is then given to the application, which can interact with the chosen device again in future.
|
|
|
|
|
|
|
|
This API is unlikely to be useful for creating mesh networks in which nearby devices automatically discover and connect to each other, but it could be useful for bootstrapping a device's first connection to such a network, or for creating mesh networks in which users are actively involved in choosing which devices to connect to.
|
|
|
|
|
|
|
|
### Google Nearby
|
|
|
|
|
|
|
|
Google Nearby is a closed source library that uses Bluetooth and Wi-Fi to make connections between nearby devices.
|
|
|
|
|
|
|
|
* https://developers.google.com/nearby/
|
|
|
|
* https://github.com/francozappa/REarby
|
|
|
|
|
|
|
|
Most of our information about Nearby comes from the paper [Nearby Threats: Reversing, Analyzing, and Attacking Google’s ‘Nearby Connections’ on Android](https://francozappa.github.io/publication/rearby/) by Daniele Antonioli and colleagues.
|
|
|
|
|
|
|
|
To make a connection between two devices using Nearby, one device takes the advertiser role while the other takes the discoverer role.
|
|
|
|
|
|
|
|
Connections are always made via Bluetooth RFCOMM initially. The advertiser encodes some information in its Bluetooth device name and makes the device discoverable. The discoverer performs Bluetooth classic discovery, uses the special device name to spot the relevant device, and makes an RFCOMM connection.
|
|
|
|
|
|
|
|
The advertiser may then tell the discoverer to switch from Bluetooth to Wi-Fi. Wi-Fi connections may use an existing access point if both devices are connected to the same access point. If not, Wi-Fi connections may use Wi-Fi Direct (legacy mode) or `hostapd`. The advertiser creates an access point via Wi-Fi Direct or `hostapd` and sends the access point's network name and password to the discoverer via the Bluetooth connection. The discoverer disconnects from its existing access point, if any, and connects to the access point specified by the advertiser.
|
|
|
|
|
|
|
|
#### Soft AP attack
|
|
|
|
|
|
|
|
The researchers identified several attacks against Nearby, including the "soft AP attack", in which a malicious advertiser instructs the discoverer to switch to an access point that has internet access. This unexpectedly causes the discoverer's device to route all its traffic through that access point.
|
|
|
|
|
|
|
|
Due to this attack, it is not safe to use the Wi-Fi client (WifiManager) API for connecting to a Wi-Fi Direct legacy mode access point provided by another device. However, it appears to be safe to use the Wi-Fi Direct (WifiP2pManager) API for connecting to a legacy mode access point, as in this case the client will not route all its traffic through the access point even if the access point unexpectedly provides internet access.
|
|
|
|
|
|
|
|
## Alternative Transports
|
|
|
|
|
|
|
|
### OuiSync
|
| ... | ... | |
