Tell HN: iOS lets carriers add WiFi networks that you can’t stop from joining

1025 points by newZWhoDis ↗ HN
Well this was a major surprise so I figured I’d share it here to get some eyeballs on it.

Essentially, the latest iOS (16.4 at post time) allows your cellular carrier (via eSIM) to add “managed networks” to your device.

These networks cannot be removed, they cannot have “automatically join” disabled, and they have equal priority with your real, personal networks.

So guess what happens when your neighbors get a wifi/modem combo that blasts a free hotspot SSID? Not only does it pollute the already crowded 2.4ghz band, your iPhone will often prefer this connection over your real /local wifi (despite said wifi being at 1 bar).

As of post-time, there is no way to remove these networks short of completely disabling cell service/removing the eSIM and resetting all network settings.

You can see this for yourself by going to WiFi/“edit” and scrolling down.

Edit: to clarify, I can disable “auto join”, but in 4-5 minutes all of my devices have auto-join turned back on. I’m guessing it re-syncs with the carrier profile. Also, this does not seem to be eSIM or SIM related it can happen on both.

401 comments

[ 2.5 ms ] story [ 278 ms ] thread
T-Mobile's you absolutely can disable, but I would have never ever thought to look there until I read this.

I switched off Auto-join on both "t-mobile" and "TMobileWingman", but I couldn't hit the "Done" text-but-its-really-a-button in the upper right until I made some change to the normal known networks list, so I deleted a couple that I didn't remember or recognize. YMMV.

It's gross either way. No way, no way in hell this is something that should be shadow dropped onto my phone.

Wait 5 minutes and check it again. “Auto join” will be turned on again
I have T-mobile but I haven't a clue what you are talking about. There are Wi-Fi networks called "t-mobile" and "TMobileWingman"? I just don't see them at all. Under what condition should I see them?
Settings/Wifi/edit/scroll down to “managed networks”

These are networks added by your carrier you can’t remove. They have equal priority to your real networks.

In my case, 2 neighbors have freebie wifi/modem combos blasting out 1-bar hotspots that match my carriers free hotspot SSIDs, so all my family’s personal devices constantly switch between my real home network and these “hot spots” with no way to stop it short of removing everyone’s SIMs

I am able to disable "Auto-join" on those, but I don't have these WiFi hotspots near me so I can't test if that Auto-join toggle actually works.
Wait 4-5 minutes and open the menu again.

In my case I disable auto join on all and they’re all back on in 4-5 minutes.

I was also able to verify this as the device will still really connect to the “disabled” hot spots, even after switching it off. Just took a while for the profile to resync.

Edit: only 5 of 9 re-enable auto join after I disable it.

It's been more than five minutes, I opened the menu again and it's still disabled. I'm on an iPhone 12 Pro Max on iOS 16.4, which is the latest iOS.

> even after switching it off

This might be your issue, because after a restart your iPhone no longer has access to your saved Wi-Fi credentials, but it can still use EAP-SIM to join T-Mobile's Wi-Fi network first. But I see your point that it does not respect the "Auto-join" toggle.

Sorry, to clarify my device will reconnect to a carrier-managed hotspot that has had auto-join manually disabled without a reboot within 4-5 minutes.
Yeah, that's probably a bug.

If this happens often enough to annoy you, you could file this bug with Apple by typing "applefeedback:///" into Safari. It could take some guesswork to figure out what component to file this against.

Does Apple ever respond to bug reports? I've only ever heard of them disappearing into the void. Beyond that though, users shouldn't have to file bugs against hostile features like this. Spreading the word as widely as possible about Apple's behavior here is likely to be far more effective.
Apparently they don't normally respond to them directly but they do look at/analyze them. Once in a blue moon you'll hear about someone getting contacted by an Apple engineer for more information.
looks like a few of mine resynced and toggled auto join. My iPad has none of these managed network entities at all, seems to be a phone thing only.

Looks like comcast xfinity type networks are being imposed too. The xfinity App may be toggling these XFI, Xfinity Mobile, xfinitywifi pieces your way too.

The Xfinity ones show up only after you install a profile from the Xfinity app or website, and manually enable it in Settings.

The Xfinity hotspot service typically has two SSIDs going: "xfinitywifi", which is unencrypted and has a captive portal to log in, and the "XFINITY" network, which the installing the profile enables access to and which is encrypted with 802.1X authentication.

For everyone except apparently the carriers, Apple is very strict about the opt in nature of managed WiFi networks.

I have devices with 0 Comcast apps and 0 profiles but they all have the Xfinity managed networks, the only thing they have in common is the cellular service.
I wonder if the xfinity mobile carrier is pushing this stuff.
Also if we eventually leave the carrier that imposed this stuff, do they remove them as we exit their networks?
I'm on 16.2 and this is an issue here too
Appalling.

You'd need an extremely strong reality distortion field to advocate for it. I can only guess it's a way for the telcos to offload 5g traffic.

In the Android world, if Samsung/Telstra introduced something similar in Australia that'd be enough for me to jump ship to another manufacturer that didn't. There's an auto-enabled "Hotspot 2.0" feature that I've turned off; it's not ideal that it's on by default but for people on lesser data plans it could be convenient. It's a simple toggle to turn off, nothing's forced.

How does this offload traffic? That wifi router is likely a 5G home internet router which is connecting to the same tower. So while connected clients would reduce, bandwidth usage would not as these devices are not powerful enough to run any meaningful caching services.
Fair question! My assumption was that the wifi access points would be connected to eg gigabit fttp, not wireless.
I could see a system where carriers partner with cities to install wifi at crowded locations, preset a carrier provided password and use that for better service than 5g.

But I am shocked that they would force connection to open ssids.

I’m not shocked the carrier would try, I’m shocked the OS lets the carrier dictate this with no user recourse.
I do not have that section under Settings/WiFi. Does that mean tht my carrier simply has not added any managed networks, or should this section always be there, even if it is empty? Or is this a US thing, as I am in Germany?
Its at the top right, where the "next" button normally is. Blue ink.

Probably not a US thing. Its an IOS thing as that is where you can delete/forget networks you have joined (that arent in range anymore)

Thanks, yes, I have it too. Must have had a brainfart yesterday.
I see it under Settings/WiFi/Edit, scroll to the bottom
This is insane. I have never heard of these and after checking I also have them on my iDevice. Tmobile should explain what wingman is and why it's on IOS devices.
Probably to force more traffic onto wifi to keep people off of their network whenever possible.
(comment deleted)
I don't understand why Apple allows carriers to do this. Apple id a well-respected brand by most of their customers while carriers are seen as an evil you cannot do without.
> a well-respected brand by most of their customers

Not surprising. I don’t respect or trust them, so I’m not one of their customers.

Not respecting or trusting Apple is a valid position to have. Not sure why people would down vote this.

It's clear that Apple uses the feelings of trust and respect in their marketing campaigns, but this is just a calculated strategy that works for them. As a company, they are like most companies - they desire to create and maximize revenue streams. To the extent that they value trust and respect they actually value customer perceived trust and respect as it relates to their marketing strategies.

Tl;Dr if they think they can get away with things that are customer hostile without tarnishing their marketing image they'll do it. They will take calculated risks here as well.

Examples:

Apple will hold a monopoly on iOS for books and this is fine: https://www.techemails.com/p/ibooks-is-going-to-be-the-only-...

Apple forces a 30% fees on subscriptions, negotiates with Uber (and presumably others) to pass this cost directly onto the user in cases where the margin is so low the 3rd party cannot economically eat the fee: https://www.techemails.com/p/lets-take-a-cut-of-membership-p...

iMessage is exclusive to iPhone because they fear that parents may buy Android for their children over iPhones if the app was available on both - which obviously indicates that the dark UX treatment of non iMessage sms (green bubbles) is an intentional segmentation of the messaging ecosystem designed to bring users to the iphone thru social effects. Any platitudes to security are purely marketing. https://www.techemails.com/p/imessage-for-android

Apple is a company, their users are revenue streams, trust and respect matter in terms perspective not in terms of meaningful action. They will do things that put their trust/respect at calculated risks to maximize revenue.

Folks thinking otherwise are pleasantly naive - it is totally reasonable to question Apple's actions and motivations.

Apple's priorities are, in order:

  Apple
  End Users
  Distribution partners
  Other companies
Once you realize that then their decisions make sense. And for me these priorities aren't the worst thing ever. Yes, Apple putting Apple first means I pay a premium.

(And BTW, to clarify: Apple has a book store monopoly on iOS, not "a monopoly on iOS for books". I can read my Kindle books perfectly fine)

You can read books from Amazon/Kindle on iOS because Apple lost an antitrust price fixing case in US federal court and paid nearly half a billion in damages.

Apple conspired with publishing houses to shut Amazon out of the market through leveraging it's huge device platform. Steve Jobs literally said: "The price will be the same... Publishers are actually withholding their books from Amazon because they are not happy."

If Apple had won their case it is a serious question if you would have Kindle books to read.

https://en.m.wikipedia.org/wiki/United_States_v._Apple_Inc.

All that said - this is reasonable rational behavior for a company. Which is why we also have antitrust laws. ;)

They make you successfully believe end users are that high on their priorities, which is different.
When was the last time you requested a feature in ASOP? Or tried to merge one in?
I don't really see any evidence the other way. Notably the examples higher in the thread all match this behavior.
I suppose "brand perception" loses to "we bought all the RF spectrum". If T-mobile, AT&T, and Verizon say "no iPhone", guess who is out of business? Not the spectrum owners.
> If T-mobile, AT&T, and Verizon say "no iPhone", guess who is out of business?

If Apple said, "no, you can't force users onto Wi-Fi networks without their consent," T-Mobile, AT&T, and Verizon would just say, "ok, it was worth a try," and carry on as if nothing happened. People will still want Apple products in sufficient numbers, and carriers will still want money from those people. But Apple isn't interested in what people want, Apple is interested in what they can convince people they want.

I mean I’m certainly not switching back to a dumb phone or android. And since iOS maintains 56% market share in the US Apple can easily force some hands.
Apple already fought and won that battle when they introduced the iPhone, when they had much less negotiating power than today.
If my cellular provider stopped supporting iPhones as a first class device I would switch providers by the end of the billing period, no question.

AT&T got my business by supporting the iPhone first. I assume if one major carrier drops the iPhone the other would recognize the opportunity and court users asap.

Because without the ability to join carriers' networks, Apple would be selling overpriced paperweights.

How can Apple be well-respected after wanting to scan your photos for CSAM is well beyond me, but I guess everyone is different.

Reality Distortion Field
BTW, every single cloud provider does CSAM scanning.
Yes they do, but they don’t using MY device (phone, tablet, PC) before it touches their infrastructure.
I count that as a plus. If the scanning is done on my device, they have zero reasons to scan the content in the cloud and thus can encrypt it at rest so nobody can access it even with a warrant.

But I've had this same argument a thousand times and it's like shouting at the tide and trying to stop it...

The reason you are likely wrong here is because it's an ownership boundary - the cloud service is understood to be renting, but you purchased the phone and own it.

What you are suggesting doesn't necessarily make zero sense to desire, but practically speaking I don't think it makes sense based on the transactions that have occurred in this scenario. They may have a right to do that stuff on the cloud, but they don't have a right to do it on your device. It has nothing to do with which is better.

...but they didn't scan anything unless you were uploading images to the cloud anyway.

Disable cloud upload -> no local scanning.

People were stumbling over each other in one of the biggest competitive misunderstanding contests of the 2020's and Apple backed down to shut people up just because nobody bothered to RTFM and just got angry based on random internet hot-takes that were based on incorrect assumptions.

Yes, they scan data that will be stored on their hardware.
As was Apple's idea.

Their plan was to scan stuff that would be sent to their hardware on your hardware so that they could encrypt it on their hardware without having the key themselves. And law enforcement wouldn't have had the "what about child pornography" -angle to force access to data, since everything would've been pre-scanned.

If no data would've been sent to their hardware, no scanning would've happened.

It wasn't a complex idea, but The Internet decided collectively to misunderstand it.

What's our better alternative, that will also permit us to easily communicate with non-techie friends and business associates?
"Apple id a well-respected brand". Less and less so. With stunts like this.
I had a chuckle too. Maybe it was, in 20th century.
Maybe Apple doesn't know carriers are doing this and the capability is an oversight? Verizon and AT&T seem to be respecting the user auto-join preference flag.

I'm thinking Apple didn't expect the carrier to do this.

T-mobile here as well, no wingman. This means you’ve used in flight wifi.
Thanks I just did this as well. I often defend Apple's decisions but this is downright ridiculous.
Make sure you check up on it later, in my case the carrier turns auto-join back on a few minutes later.
Thanks. Doesn't seem to have happened yet but I have no confidence it'll remain that way.
Wingman does not stay turned off for me, as op mentioned in his edit.
It doesn't stay off for me either, but after some digging on the internet, Wingman appears to be an in-flight wifi network on planes (which may not actually exist anymore and T-Mobile are in the process of removing from devices according to this recent comment by a stranger on an old Reddit thread[1]). While it's annoying that it doesn't stay off, it doesn't seem to be something that would cause problems in practice because flights typically only have one wifi network.

1: https://reddit.com/r/tmobile/comments/7u535i/_/jcl01il/?cont...

You can hit Cancel and it will still retain the auto-join setting (very counterintuitive).
Very bizarre: I unchecked the auto join settings and, as you said, the done button wasn't enabled. So I pressed cancel, and the changes persisted.
Is this based entirely on the SSID? In other words, could I force other people's phones to connect to my router by just changing the name of my Wifi network?

That seems like an obvious security vulnerability.

This is funny, because the very first iPhone did exactly this in the US for the SSID "AttWifi". Crazy that they brought it back 15 years later.
The SSID is the key. There is no other security as far as I understand it - you can test this by changing routers and naming the SSID and password the same. Devices will join this new network no questions asked.
That depends on the carrier. There is such a thing as SIM authenticated WiFi networks and they can use it.
> There is no other security as far as I understand it - you can test this by changing routers and naming the SSID and password the same. Devices will join this new network no questions asked.

AIUI this is a feature, not a bug. It allows devices to switch between different access points automatically.

For example, a large school will need to use many different access points in order to cover the entire building. Students will not want to manually switch between all of these access points, so the school gives each one an identical SSID and password. Devices will then switch automatically as needed.

I read this as cellular providers offloading traffic from their networks by making it so phones will piggyback on Wi-Fi networks. Maybe a symptom of increasing demand for more data but unwillingness to eat the cost or too many users. With Wi-Fi calling they’ve got that covered.
Hardly exotic these days. I have multiple APs at home, all sharing the same ssid with automatic handoff. Practically every ASUS router (at least) can do it, and it's only a few clicks to set up.
Every 802.12-compliant AP can do it. They can even be of different brands, since it’s just the Wi-Fi equivalent of plugging your computer into a different switch on the same (switched) subnet.
The Asus stuff is bit fancier than that, and will do stuff like optimize which AP each device connects to via signal strenth. It's true mesh networking.
> optimize which AP each device connects to via signal strenth

That's how most 802.11 STAs (clients) make a standalone roaming/handoff decision. But if the vendor supports it (and the APs can cooperate towards providing it, such as yours, probably), there's also 802.11v, which allows the APs/network to make the roaming decision based on their respective load, view of the client's signal strength (and not only the client's view of theirs) etc. It's nothing unique to Asus, though.

> It's true mesh networking.

Mesh networking is something else yet, as it concerns how the backing network of the APs is created and managed. You can have 802.11v with Ethernet-connected APs, or plain client-side roaming with meshed APs.

That is how pre-shared key (PSK) WiFi works, but it's not how WiFi that uses strong authentication (e.g. WPA2 Enterprise) works.

There may be bugs/vulnerabilities in the stronger authentication, of course.

Using PSK for untrusted clients is a bad practice, because everyone who knows the PSK can decrypt all of the wireless traffic even without setting up a malicious AP with the same SSID. If a phone carrier were forcing devices onto PSK networks, it would be an even bigger problem than the one discussed here.

Basically, this is a HUGE argument with several simple solutions, but it does BEG to be resolved promptly before the vulnerability (and the WTF) threshold go through the roof...
along with the fact that you can restrict some apps from using the internet via the cellular menu and never hook to a wifi that lets them connect.

But with this in place, you cannot restrict some apps from using the internet, the type and amount of data will be unrestricted.

can you elaborate on the workaround to remove the settings? after removing an eS and resetting all network settings, once the eSIM is active again, wouldn't the unwanted network settings be added back again?
There is no real workaround, it all comes back as soon as you add cellular service again.

You can only temporarily fix it by disabling the “Phone” part of iPhone

As another data point:

I'm on ios 16.4. I see I have "AT&T Wi-Fi Passpoint" and "attwifi" added to "Managed Networks" - but I am able to disable auto-join for them. I wonder if that can be controlled by the carrier?

Does anyone know if there is a specific term for networks added like this to look for more documentation?

Wait 5 minutes and check again, auto join will be on again
Mine have remained off for 30 minutes now. I'll try to check again tomorrow but if there's a reset time, it's more than 5 minutes.
So the good (?) news is this seems to be carrier dependent. In my case 5 of 9 carrier-managed networks will revert to auto join while with some carriers zero will.
Something about "carrier to have access to "append"(the word managed was subverted here) the list or something like that in the documentation/news article stuff... I guess they just stuck the word "manage(d)" on the end users to physically read, but were prevented from using it in documentation...crazy
the carrier does already control your phone’s selection of DNS server and on iOS you can’t set DNS when connected to cellular without using apple’s VPN API through an app
(comment deleted)
This is insane. Thanks for taking the time to share. Good reminder we don’t control our devices.
I noticed this a couple days back at Home Depot, of all places. Was looking up the locations of stuff I needed to pick up via their website while sitting out in the parking lot and my iPhone kept switching off 5g to hop on some single bar wifi that I couldn’t delete or deselect auto-join.

Eventually just turned off wifi and the problem was “solved” but man this is going to be annoying if it starts happening at the grocery store or something.

I noticed this because a condo has neighbors nearby with routers blasting said hotspot, so now you’re not even safe in your own home.
A condo-sized Faraday cage would solve that problem...
They have faraday paint if you’re so inclined.
Or you could coat all your walls in aluminum foil...
Oh god no. I live in one of those “techbaby’s first econobox” neighborhoods where you can shake hands with your neighbors if both of you lean out the window a smidge.

I have never had so much trouble with network radio interference as I do here, so I can only imagine the fresh hell when one of my neighbors lights up one of these things.

There’s already a “stop hitting yourself” scenario going on with a guy blasting multiple competing 160mhz width APs for some reason. Thank god for Wifi 6E

tinfoil hat but frys used to seem to fuck with competitor websites on their in building wifi. amazon would never work. At last 2 times I had to go outside to get cell coverage and then pull up the amazon price to show them to get a price match. nothing really stopping home depot or whomever from shoving a pi-hole in front of competitor sites either.
I‘m generally not a big fan of most consumer VPNs, but this is one scenario where they can really help.
> nothing really stopping home depot or whomever from shoving a pi-hole in front of competitor sites either.

And this is why people who say "DNS-over-HTTPS is bad since it bypasses Pi-hole!" are wrong.

I mean blocking 8.8.8.8 and 1.1.1.1 should be enough.
A pi-hole that null roots traffic? No, unfettered by TLS certificates and morals, the competitors site would show the item as being out of stock and drastically more expensive, and the store's closing early today.
I also think they adjusted prices to the stores list price not the on the web price for fry's but I only called them on it once. The other time it was in a TV and I just haggled and walked and they chased me down to the parking lot to say yes
I think the argument is about choice, not whether this tech should exist. When a device or app forces DNS-over-HTTPS it does so to take away my choice.
The owner of a device not being able to change whether or not it uses DoH is definitely bad. But a lot of people say DoH is bad even when the owner can easily turn it off.
On Android with tmo if I go near a home depot my phone will hop on their wiri and get a little R next to the wifi signal icon. This R doesn't go away even after I go home and get on my home wifi. Can only get rid of it by rebooting the phone.
If some carrier representatives reads this they may come to the conclusion that it is time disabling wifi switch off remotely too!
This has been around for a while now and is not some new eSIM thing. It's existed with physical SIMs too. It's Passpoint access authorized via your SIM. Your device won't just randomly connect to anything with the same SSID. It has to auth via the SIM and it's on secure networks that your carrier has agreements with. Same as the access you get over the LTE or 5G network.
This is wrong, the networks show up as “my networks” and a iPhone 14 Pro Max on 16.4 will 100% connect to that with the same priority as a real/my personal wifi network.

>and it’s on secure networks

No it’s not, my home networks are behind strong firewalls and things like pie hole. Do you not see the problem with all of my families devices “preferring” a neighbors network over mine?

>Do you not see the problem with all of my families devices “preferring” a neighbors network over mine?

I have T-Mobile. T-Mobile maintains agreements for Passpoint networks at random places like airports, T-Mobile stores, or (I recently found out) Home Depot. These networks are encrypted and authorized against a RADIUS server.

My SIM has them programmed into it. I can't just stand up the "t-mobile" or "Passpoint Secure" SSID from my home network and my phone automatically connects to it. That's not how it works.

Based on the fact that your devices are showing preference, I'm gonna take a wild guess and say you have Xfinity/Spectrum/Optimum Mobile. The cable co. MVNOs maintain their own WiFi networks which are (again) connected to via Passpoint and authorized using RADIUS. However, the cable company WiFi networks extend far into neighborhoods and are broadcast from CPEs. Your devices prefer them because that's part of the network you signed up for.

Just VPN back to your home network if you're not confident in their security.

> Just VPN back to your home network if you're not confident in their security.

I’m sorry but wtf?

You’re saying that, in my own home, I should just accept that my devices connect to an external wifi against my will and VPN back into my own home… while in my home?

Seriously?

(Gonna assume you have a cable MVNO still)

Yes. You signed up for a cable provider mobile service. A huge part of their whole value proposition for their service is "get access to millions of cable WiFi hotspots!" That's their product. They plaster it everywhere in all their ads.

Your situation with Pi-hole and firewalls etc. is a niche use case. Their service is made to appeal to people who are 1) cable company customers and 2) want cheaper service. The majority of people who fall into those categories have an Xfinity router at home that broadcasts the Passpoint SSID. The phones connect to that SSID and have service. Passpoint is going to be more secure than any WPA2/3 network anyway.

If you don't want that to happen, then get a different mobile provider. This one is not for you.

I signed up for cellphone service.

Absolutely no where did I consent to have my devices (yes, my owned devices not leased/payment planned) suddenly lock me out of basic networking settings.

This is almost as stupid as buying a Walmart keyboard and finding out plugging it in disables eth0 because you might load Amazon.

Xfinity hardware provides a separate SSID that uses WPA2/3 to secure your connection and a SSID for "Xfinity WIFI". On Android one can and should in fact select which nodes to connect to not merely whether to connect to all nodes but whether to connect to individual nodes. This is essential because in real world non test environments real customers using real networking hardware and phones do not handle adjacent networks well because signal strength varies wildly throughout their space resulting in devices roaming back and forth for no fucking good reason. This is especially true in dense environments like apartment buildings.

Xfinity customers using xfinity wifi on their android device NEVER experience conflict from dancing between AP with xfinitywifi in their home or from their neighbors unless they explicitly connect to adjacent networks and if they do so they can correct the issue by long pressing on the undesired AP name and selecting "forget".

Nobody cares what a company thinks they signed up for. They give essentially two shits. They pay tech companies to solve their problems and expect solutions that work. The situation as described doesn't work for normal network conditions and equipment. The fact that it also breaks niche stuff that techies like is just diarrhea icing on a shit cake.

WiFi isn’t just for accessing the Internet. It’s also for accessing other devices on your home network such as printers. This is a broken implementation with no room for argument.
You can restrict apps from using the internet in the cellular menu. But with wifi, they can communicate unrestricted.
That’s a very obvious omission in the iOS privacy/security settings I‘ve never understood.

Why can I grant fine-grained access to my photos, location etc., but not just outright denying network access to an app that works offline, which would make all of the other concerns mostly moot?

You explained why this might be happening technically but why are you acting like it's okay? "Just VPN home" is not a solution if the phone is preferring a terrible one bar connection over the home one. Imagine the quality of that vpn connection you're suggesting as a fix.
I invite the WiFi Alliance to participate more in 3GPP meetings and straighten out the standard for handover between LTE/5G and Passpoint WiFi networks then.
How gracious. In exchange, I invite all of the 3GPP stakeholders to respect people's technological autonomy and refrain from enabling solutions that force crap down their throats.
This isn't about technological autonomy. OP signed up for wireless service that is specifically sold as Hotspot WiFi-first. That's one of its main features. It's sold as that very, very clearly. If you don't want their WiFi, go get service from another provider!
(comment deleted)
Just because a service is marketed as having a feature doesn't mean they have an excuse to undo a user setting in their OS that explicitly says they don't want to use it. Maybe they do want to connect to the advertised network when traveling but auto connect shouldn't be forced on them. I don't understand why you are trying to defend this so adamantly.
> OP signed up for wireless service that is specifically sold as Hotspot WiFi-first

No I didn’t. I bought cell service, they advertise that they also offer hotspots but all the carriers do that.

Nowhere did I sign up for unauthorized modifications of my owned devices wifi stack.

If you have a better solution than the 3GPP and member parties i.e. carriers have come up with I invite you to build your own better network experience and handsets rather than just posting snark. Perhaps try mounting some hubcaps to trees.
I don’t think 3GPP is on trial here, seizing customer owned wifi radios is
> Just build your own network.

I did build my own network, and my ability to connect to it was forcibly overridden with no way to opt out.

That is entirely the point.

Edit: rulebreaking removed.

And I invite the 3GPP alliance and Apple to stay the hell out of my Wi-Fi preferences (or at least give me a clear option of opting out of autoconnecting).

Their job is to get my phone on a 3GPP network, and (already a stretch) to possibly offer a reasonable default of autoconnecting to secure Wi-Fi networks that can alleviate mobile network load in crowded locations, but never in preference over my home network, and never ever without a way to opt out of all of it.

This has nothing to do with your preferences. This is network management pure and simple. This is how you implement efficient infrastructure in congested locations like stadiums, airports, and large retail (where you may have no signal at all). Whether the cellular radio or wifi radio is used has nothing to do with you; you are paying for a connection and there are some very intelligent people tasked with figuring out the best way to solve that problem. Because if they didn't, your phone wouldn't have connectivity in those locations and you'd be on here complaining that their service sucks
Whatever strategy is implemented it absolutely should respect the user preference for which wifi network is preferred. How can you defend getting in the way of a user connecting to their home network when at home? Seriously, address that particular concern and maybe we can have a debate.
That’s all fine and even laudable if it works (and does not actually degrade quality more often than not), until it disrupts my ability to connect to my own network in any way (which has devices on it I can‘t reach from my mobile operator’s network).
This is bullshit apologetics. The WiFi radio is mine, not the carrier’s. This completely screws up connections to p2p WiFi stuff (odb reader, private camera network, etc).
Either the device serves me and follows my commands, or it's not my device anymore.

This bullshit is exactly why Stallman was right.

If I make a decision, the device should obey me and no one else.

You've got no consent whatsoever to overrule the user's decision.

> If I make a decision, the device should obey me and no one else.

There's obviously limits to this, and in fact network traffic management is commonly agreed to be one of them. You can't tell your iPhone to blast on the channel of an operator you have no contractual agreement with.

The same goes for Wi-Fi on 5 GHz: You get to use these frequencies, but by law, device manufacturers are required to implement an algorithm that gives the primary user (weather radars important to aviation safety) priority. Patching out that algorithm could actually cost lives.

Where exactly your freedom ends, and that of the general public begins, is a fascinating and important conversation: Should you be allowed to skew your 802.11 or TCP implementation's congestion management algorithms to get priority for the data you send, for example? (All it takes is changing the multiplicative decrease factor up, or the random waiting time after a collision down a bit!)

What's the boundary of where your device ends: The baseband? The 802.11 hardware radio? The kernel, running your 802.11 soft-PHY driver? Userspace? I don't think it's a purely technical question with an easy technical answer.

Personally, I'm fine with my phone coming with a default setup to trust my operator's Wi-Fi networks, but only if the device vendor can absolutely make sure that my home network will be preferred, and in any case with a clear opt-out switch.

> There's obviously limits to this, and in fact network traffic management is commonly agreed to be one of them. You can't tell your iPhone to blast on the channel of an operator you have no contractual agreement with.

Why shouldn't I?

Sure, if I do so, I'll end up with a massive fine from the BNetzA, FCC, or equivalent local authority, but that's still my problem. I agree that freedoms are limited, but you can't enforce social restrictions with technological solutions.

The device should obey me, nothing else. I'm not going to accept devices becoming ever more locked down.

And it's not like it helps, either – I can just as well take an SDR and do the very same myself without any restrictions.

> The baseband? The 802.11 hardware radio? The kernel, running your 802.11 soft-PHY driver? Userspace?

Kernel, drivers, userspace have to be 100% under control of the users. Ideally, hardware should also be entirely under control of the user.

It's already so much work to custom patch the firmware on my cameras to e.g. allow using certain file formats without requiring the storage medium to have been certified by the manufacturer.

I'm already transplanting ICs from the manufacturer's original toner cartridges for my printer to circumvent the shitty DRM brother now introduced as well.

I've already got to use custom devices to strip HDCP so I can watch movies on my PC. My secondary monitor is a really high quality one from 2004 which is still better than many today, if I was bound by some shitty limitations I'd have to turn this into e-waste.

I’m already building customized kernel drivers for some of my WiFi cards because the official ones apply US channel restrictions even outside of the US, which means I've got less spectrum available than I should have.

I want this to be reduced, not increased. I want to move into a future where I need to make less such changes and devices obey me without question.

Having multiple adjacent networks enabled is liable to cause customer devices to roam between access points on and off their LAN even when

- Remote access point doesn't provide access to desired resources

- Have acceptable performance

- Have acceptable security parameters according to users needs

Most users can't stand up a vpn inside their network and configure it to alleviate the self inflicted wound of having their phone decide that the user isn't qualified to select the wifi access points it prefers to connect to. You may as well ask them to grow wings and skip Delta. Instead they will be placing irate calls to their ISP about why their wifi sucks so much and I will be silently cursing Apple.

> Just VPN back to your home network if you're not confident in their security.

So you expect the average user to be able to set up a Zeroconf/mDNS-proxying VPN, since that’s the only type that will allow things like Google Cast or AirPrint to still work?

Home networks are not just about security or speed, some people have devices on them they can otherwise not reach.

Thank you for adding some technical context to this discussion. There's a lot of (sadly) uninformed people in this thread spitting mad prophesying about a topic they clearly do not understand with any technical depth. If only the retail stores replaced their enterprise gear for EAP with a "pi hole". P.S. nice username
> a iPhone 14 Pro Max on 16.4 will 100% connect to that with the same priority as a real/my personal wifi network.

That isn't what Apple says - https://support.apple.com/en-us/HT202831

At least according to the support doc, the most preferred network should be joined first, other private networks are the next priority, and public networks (including EAP-SIM, the subject of this thread) are the lowest priority.

These hotspot networks show up under “My Networks” on iOS 16.4 FWIW.

They can say what they want about “being given the lowest priority”, but but they clearly are competing with my home network and winning some fraction of the time.

Yeah, that doesn't match their spec. Unless your home network goes down momentarily and the iPhone immediately switches to the other wi-fi network. You could maybe check the iPhone logs (or the router logs!) to see if this happens, but this is going to be a pain to figure out what is happening and when.
I suspect this has to do with beaconing and once you force it to join your wifi it will stop until you leave your wifi coverage.

If you are walking towards your house and it sees one of these 'sponsored networks' it will autojoin it, when you walk into your house it won't switch. It saw the 'sponsored networks' beacon first.

Which is fine for a house, but imagine a (wifi) crowded condo/apartment. You could be in bed but opposite your neighbors closet so physically closer to their WiFi thus “louder”.
it's not about louder, it's about who it sees first. Once you manually override it should be good unless your wifi drops out for some reason.
People buy the cheapest shit cable modem/router they can buy and use it until it physically dies or rent a very basic unit for a large space. Because they are unwilling to buy or rent sufficient hardware there is going to be spaces in the house where a temporary drop or dip that is going to turn into a roam on an adjacent network.
Fortunately my carrier doesn’t do this, but having to manually select my own Wi-Fi every time I come home (so that I can reach local devices) sounds extremely annoying.

I‘d hope that the iPhone would at least periodically rescan for higher priority networks.

>I suspect this has to do with beaconing and once you force it to join your wifi it will stop until you leave your wifi coverage.

Great point. Wouldn't that mean it "beacons" to your neighbor when you drive home? Then stays connected as you go inside?

Wifi is tricky, if a momentary loss of your main SSID results in your device hopping to the next-available SSID your phone is basically always at risk of jumping LANs

> "No it’s not, my home networks "

When your phone is on 5g it is not behind a strong firewall, or any firewall at all. It's sitting directly on the internet. I can run a webserver on my phone and you can browse it.

> Do you not see the problem with all of my families devices “preferring” a neighbors network over mine?

If you've been laboring under the misconception that your phone is safe on your home network then perhaps this is a shock. But having your phone connected to a carrier means the carrier is responsible for providing a network.

Normally your phone is connected both to the carrier network and to whatever wifi network the user prefers, if wifi is available.

It seems like the major usability problem here is that instead of connecting to both networks, the carrier network supplants the user's network -- which breaks expectations when near user-run wifi.

> When your phone is on 5g it is not behind a strong firewall, or any firewall at all.

I‘d be surprised if that’s true for most operators.

And even if there really is no stateful firewall: On IPv4 you’ll be behind carrier-grade NAT (so no inbound connections), and on IPv6 (including NAT64/DNS64), successfully guessing somebody‘s IP address seems extremely unlikely. (A server that you’ve visited might "dial you back", though.)

And for most users, the most visible effect will probably be that they can’t connect to their Chromecast, smart speakers, AirPrint etc, not decreased security.

> I‘d be surprised if that’s true for most operators.

It's true for the operators I've tested so far

> On IPv4 you’ll be behind carrier-grade NAT (so no inbound connections)

Sometimes, but often still not the case.

> on IPv6 (including NAT64/DNS64), successfully guessing somebody‘s IP address seems extremely unlikely

Guessing a specific person's ip is a very different threat model from being hit by a random scan.

I remember something like this happening nearly a decade ago with an iPhone 5S. I was at a large mall I visited often and saw I was connected to a WiFi network I hadn't used before.

The mall had WiFi but there was a portal which required SMS authentication and was time limited (the same as every other hotspot, it was rules of the country), so I didn't bother using it on my phone. Plus the carrier had a modern LTE deployement, where I'd often get over 50mbit download speeds - which was faster than my home internet. The network was named something like "<carrier> offload" so I assumed they had a kind of WiFi deployment to limit cell tower load, and it was added by the carrier settings profile.

I can't remember if I was able to disable or delete the network (it worked, so I didn't care). I'm wondering if this feature has been there for a while, but OPs ISP has only just decided to use it (I imagine some exec had an OKR to increase adoption of their public WiFi hotspots).

Except it’s shit. I constantly have to disable WiFi to get 5g again in the airport if I want something that actually works. Verizon with passpoint is absolutely trash and has nearly driven me to cancel my Verizon service because it can’t be removed.
Being around unknowingly for a while does not make a thing good!
Yeah I don't get this angle, I've seen a bunch of people here act like it's no big deal because carriers "could" have done this a long time ago.

Well, we know NOW and it's not ok.

> they cannot have “automatically join” disabled

They can on my AT&T iOS 16.4 device. I was able to disable auto-join on the two AT&T ones. I didn't need to delete a network to enable the "done" button from the edit screen - the state I toggled for auto-joining the managed networks persisted even if I hit cancel on the edit screen.

I don't like that they're there and auto-join is on by default, but it does appear that can be turned off.

Check again in 4-5 minutes, it will be on again. I can disable it too, but it just switches back.
It’s been 30 minutes and they’re still off for me. I’ll check again later.
Are all of them off? Sorry to ask, because I have 9 “managed networks” and it seems like now that some turn back on immediately and some stay off.

Of course the ones physically nearby all switch back on…

Yes. I have just 2 of these managed networks : AT&T Wi-Fi Passpoint and attwifi. It could be that they’ll switch auto join back on if I move somewhere that they’re visible. Edit: just out of curiosity I rebooted to see if that would toggle auto-join back on, but it did not.
Happened to me in LAX international terminal. I’m with Verizon. So annoying. I was trying to figure out how I get connected to the crappy WiFi for an hour. Removed all the profiles and what not.

Very disappointed by Apple on this one.

I think finally we will applause people who actively find a method to jail break iOS devices.
Just don't

Use a different sort of device

When company A installs spyware on billions of smartphones, and conspires with B and C who provide a network of fake wifi endpoints to steal user data, that's organized crime and FBI gets very interested, but when A is Apple and the B and C are ATT and Verizon, the organized crime becomes above the law and FBI looks the other way.
I was able to disable auto-join and after 10 minutes it's not re-enabled. As a precaution I also set manually IP/Gateway/DNS to 127.0.0.1 for the "AT&T Wifi Passport" and "attwifi" networks and those settings also seem to persist. I'll check it again in 24 hours or so.
Thanks for checking, in my case ~5 of the 9 (!) managed networks switch back on within 4-5 minutes. The rest seem to stay off.
I noticed this type of thing a LONG time ago (years) when my browser session was hijacked by some starbucks terms of service popup. my phone had auto joined an at&t wireless hotspot at a nearby starbucks.

I could disable auto-join at that time and it didn't happen again.

Also as a general precaution I turned off wifi except at home.

However, if it cannot be disabled, I find it troubling.

In my particular case it’s happening in my condo and all of my families devices routinely switch between my real network and the 1-bar hotspots several floors away.

It’s impossible for me to disable and breaks all local connections to things like PLEX, as well as kid safety/adult content filtering.

Killing local network access is an actual bug.

related - I wonder if this is specific to esim or if this would happen with a regular sim too?

and can you just call your carrier?

I had a comcast business router and it started broadcasting an open comcast wifi access point (for comcast customers). I called and asked them to turn it off and they did.

I just checked my phone, There were 3 verizon networks in there I don't recognize. I'm using a regular SIM.
The carrier told me to contact apple.

And in my case, I can’t exactly harass all my neighbors to disable their “free hotspot”. I should be able to control my own phone and dictate what it does/does not connect to.

> I should be able to control my own phone

That battle was lost a long time ago. I should be able to restrict (or know) what the apps do. I should be able to firewall my phone. I should be able to access the files on it.

But in the end, only apple decides this, and their decisions are self-serving.

Sheesh, a linux phone can't come fast enough.
What do you mean?

Sent from my Librem 5.

morally you cant but actually you can, go to a few thift shops, get enough routers to cover all channels, create many screaming imposter networks portal eachone to something not pretty, soon[day or 2] you will see the original network gone.

beware of FCC.

This is perfectly legal, FCC will not care.

But it will not work.

saturating the air with [SSID] at high dB across all channels absolutely will work, it compels the operator of [SSID] to turn it off and buy another router.

the high dB signal is where the FCC Will care.

There is no way ATT is going to abandon the attwifi SSID.

You did not mention exceeding Part 15 emitter limits in your previous post.

screaming was mentioned, and im not talking about making ATT abandon the attwifi SSID im talking about the end user abandoning the onsite equipment.
That’s not how 802.11 works. If your device can’t connect to a given BSSID that’s broadcasting an SSID it wants, it will put that BSSID on an ignore list and try the next one, whatever the received signal strength.

You can of course saturate the entire spectrum, but that breaks every network, not just the SSIDs you’re "waging war" against, and will probably get you a visit by the FCC sooner or later.

Maybe you could broadcast thousands of spoofed BSSIDs; I have no idea about the legality of that, and the legitimate operator of the SSID might not find that too funny and take legal action against you as well, as that would be pretty transparent denial of service on a public band.

yes you have it right. this has been done in the past, and can still be done.

legally, you dont want to do it. i have had experiences with seeing my SSID coming from a router that is not mine, and the nieghbor basically said effoff ill do what i want. in that case i did what i want as well.

What’s the problem with your neighbor using "your" SSID?

It’s not like anybody can "own" an SSID name, and if you’re using WPA, the only effect would be a few milliseconds longer of initial connection time per device.

Actively running a DoS against your neighbor might or might not be legal, but it sure is petty (and given the above, unnecessary).

> Killing local network access is an actual bug.

Yeah in additional to any local servers you have it would break continuity (handoff etc), it would break casting. Sounds very poorly thought through.

It amazes me how features like this make it through to release and seemingly nobody considered this very basic experience of your home being hijacked
This is beyond baffling. Does nobody in the approval chain for this even use a home network? This would immediately break half a dozen things for me. Local game streaming. Network share access. Local wireless backups. Local Plex access. Screen mirroring to my television.
Wow. Why is this a thing?! I didn't even know where to look for this if it wasn't for the comments here for T-mobile
If this bothers you (and it bothers me!), you can write a personal automation Shortcut like: “When my iPhone joins the Wi-Fi network named … turn off wifi”. It won’t stop you joining in the first place, but can at least keep your phone from spending time on the unwelcome network.
This doesn't help if the hotspot is in your normal home range.
You could make the shortcut arbitrarily sophisticated.

Oh, and if it wasn’t clear, I don’t mean this as approving the design flaw. It’s not “look how easy it is to work around!”, but “well, here’s something you can do while we’re stuck with this terrible idea”.

Awful workaround: Any of the various ESP8266 deauthers, set to target only your specific MAC address.

Or, if the phone insists on randomizing MACs, just have it listen for packets above a certain RSSI and keep it very near your phone, and deauth the loud one.

This is a very US centric way of looking at this. Currently sitting in a packed subway carriage in Busan, South Korea. There are carrier WIFI APs installed in every carriage. Their network is literally built to offload people onto wifi where possible, I presume to reduce congestion on not much or very directional spectrum in the tunnels. In this case, it makes perfect sense to push people onto their wifi. Not connecting to your own networks preferentially is a pita though. Seems like a really neat solution imo
Sort of. I can understand offloading to WiFi. I cannot understand preferring carrier WiFi hotspots over my own.
Fair criticism. But can you defend blocking the user from manually disabling these networks?

I’d understand if I got a pop up saying “add these networks for the best experience”, I accepted them, etc.

I would have (upon detecting this problem) just removed them and gone about my day.

The problem here is that you are forced to use them with no opt-in and no way to disable it.

I think most Americans on here are concerned that if they're at home, and their neighbor has a carrier sponsored wifi hotspot, then their phone may prefer the neighbors hotspot to their own home network. Things like this could disrupt talking to local devices (airplay, homeassistant, etc).
I wish they’d install this in elevators here, too.
My office building‘s elevators have 5G signal, which makes much more sense as it avoids a hard handover between SSIDs/networks (or Wi-Fi and mobile data), which in turn has a much higher chance of not dropping calls.
I’d accept either, relative to what I have today, which is nothing.
If apple wants to add a second wifi radio to handle carrier offloading, and having it treat this second wifi radio as a cellular radio by another medium, sure.

but I should have fullllllllllllllllll fucking control over what wifi network my device connects to.

The fact it can connect to mobile data is only 10% of the device, and i don't see why connecting to a carriers mobile network should grant that carrier the ability to edit user settings like what wifi networks its allowed to connect to.

I live in Japan and first noticed this "feature" when I'd lose connection as every time I'd walk past a FamilyMart convenience store (which you can find every 3 blocks or so) it would connect to "0000docomo" and then immediately lose connection as I kept walking. Although in my case, disabling auto-join works fine.

Why would they install WiFi repeaters and not just 4G/5G microcells on the trains?

Cost seems like the most likely answer
I suspect cell site density and that Wi-Fi infra doesn’t require the same regulatory permissions as a microcell. Wi-Fi is unlicensed.
Yeah I guess there may not be a regulatory framework for ambulatory cells
Why can't I remove the network from my phone then?

Makes "perfect" sense.

I can see how it can be a very useful feature – but why not let users decide if they want to keep enjoying it, or opt out of it for whatever reason? I can think of many valid ones.
I think that might be specific to your carrier, forcing these network to be automatically joined despite your preference. I'm not seeing the same behavior with Verizon, where I get the managed networks but auto-join happily stays off.

I'm guessing MVNOs like Comcast would rather force you on their wifi if they can because this way they avoid having to pay the underlying MNO for traffic. Which might explain why they would force enable auto-join.

I'd vote with my dollars and pick a different carrier that doesn't have such user hostile wifi policies.

I’d understand if this was a flip phone, but why should iOS lock the user out of wifi control?
This goes to show that the real way to succeed in life isn’t to go about wearing a tin foil hat, but rather to enclose your neighbours house in one.
Apple Configurator (self-hosted local MDM, free macOS app in store) has an option for "supervised" iOS devices so that Wi-Fi connections are limited to SSIDs which are pre-defined in the MDM profile. It's intended for enterprise usage. Worth testing to see how MDM policy interacts with carrier-managed Passpoint networks.

Note: you can't supervise an existing device without wiping it, so this is an experiment to conduct with a spare phone, or one already managed by Configurator/MDM.

Apple Configurator training: https://it-training.apple.com/tutorials/deployment/dm095

Wi-Fi payload: https://developer.apple.com/documentation/devicemanagement/w...

Another option is using Apple's MDM for small business to define a list of approved SSIDs, https://www.apple.com/business/essentials/

Edit: is there an option to "Remove Profile" in Settings?

  General -> VPN & Device Management -> Configuration Profiles
Edit2: workaround by null routing the carrier's Wi-Fi SSID? https://www.reddit.com/r/tmobile/comments/vvt6dd/comment/iyr...

  Change IP address to manual and 127.0.0.1
  Change subnet mask to 255.255.255.0
  Change DNS to manual and 251.252.253.254
The "Remove Profile" option in Settings might be helpful if it's available, but it seems like it could be carrier-dependent, and not all users may have this option.

The null routing workaround seems interesting and could potentially help in avoiding unwanted connections to the carrier's Wi-Fi SSID. However, this method might require some technical knowledge and might not be ideal for less tech-savvy users.

I do not have any profiles installed, and none of my devices are managed.

I’m aware this could potentially be fixed by enrolling all my family’s devices in an MDM.

But I mean come on, wipe everyone’s phone to enroll in MDM? Seems pretty crazy when the phone should just let you control what it does/does not join.

Edit: I misread your post, I see now it was more suggesting a test. My bad.

If Carrier MDM policy can override Configurator/Enterprise MDM policy, then corporate security admins will likely be unhappy about their lack of control over enterprise device networking.

Has the industry forgotten the pre-iPhone disaster of telco-controlled devices? https://www.quora.com/Why-was-the-iPhone-initially-exclusive...

> The landscape of the cell phone market was very different pre-2007. Most notably, the carriers had complete control over what phones were allowed on their network. A carrier could nix a feature that had been in R&D for years and suddenly you couldn’t sell your new phone with this amazing feature. They were especially protective of data and overloading their networks, which led to browsers on phones being stripped down and limited. The whole “full web” was not a technical impossibility, it was just that carriers wouldn’t allow phones on the network that had a full browser.

https://archive.is/4ZCH5

> Apple bucked the rules of the cellphone industry by wresting control away from the normally powerful wireless carriers ... Mr. Jobs once referred to telecom operators as "orifices" that other companies, including phone makers, must go through to reach consumers.

Since when did you have to wipe your phone to enroll it in MDM? You don’t even have to wipe it if you unenroll, and that would certainly be more important since the phone could have downloaded sensitive content in that time.
Don't know since when, but definitely for a few years. To fully unenroll too. The reason is because in order to fully manage the device it needs to reset and restart in a managed mode.
This isn't true. You can enroll and unenroll without wiping. You can't _supervise_ without wiping. These are two seperate (commonly confused) things.
You don't have to wipe to enrol, only to supervise a device. Supervision enables a lot of features that would be considered user hostile in a different context - it's definitely not something you want being enabled without you knowing.
Thank you for that first link. I stumbled across Apple Configurator when I was trying to lock down an old phone, to have at home as a pseudo-landline (but which I can take with me on trips) that is safe to leave accessible to kids. I got it working by muddling through, and that link would have at least let me situate myself in the space of "what does this thing do?" better.
What settings did you use to lock down your phone?
More or less:

  - prevent removal of profiles:
    general -> security -> "with authorization", and added a password
  - prevent total phone wipe:
    general -> functionality -> [ ] allow Erase All Content and Settings (supervised only)
  
  - only allow a few apps to run:
    restrictions -> apps -> restrict app usage -> only allow some apps
    phone, messages, facetime, settings
  - disallow installing new apps:
    restrictions -> functionality -> [ ] allow installing apps (supervised only)
  
  - content filter -> filter type -> limit adult content
    I'm not really sure what this does but makes sense to enable it
  
  - wi-fi -> configure one payload,
    for my home guest network
  - google account -> configure one payload,
    for a phone@vanitydomain.com google account
I have a copy of the resulting .mobileconfig file that also allows safari, but I only enable that when I'm e.g. taking a flight on Southwest and want to be able to use that phone as another screen for passing time in the plane
This seems like a heavy handed solution to a simple problem, which isn’t necessarily bad. Why did you not get a number forwarding service to forward to your primary cell phone instead of carrying 2 devices?
Is there an SMS forwarding service that works for 2FA?
This is a phone I let my kids use; it's a landline "house phone" replacement, that I can take with me on vacation. It wouldn't make sense for it to forward to my primary phone.

I want a POTS landline (guess I'm stuck in my late 90s "it's more reliable than the internet connection, since the power comes over the copper" attitude), but I can't even get POTS installed here.

I was all prepared to be very irritated. Especially if I could not disable them.

But disabling does work for me. And according to the documentation[0] these networks wouldn't get selected in preference to my home network anyway. My blood pressure is dropping a bit.

Assuming these are actually authenticated networks as described, then I don't know if this is any worse than allowing the phone to use the cellular signal. Same provider.

If your phone is hopping onto one of these while at home, I guess check your home wifi signal strength because it's probably dropping out?

[0] https://support.apple.com/en-us/HT202831

On my device these hotspots show up under “My Networks”

Disabling (switching auto-join to off) also does not work, most of them switch back on a few minutes later. This seems to be carrier-dependent from the comments thus far.

I disagree based on my reading of the documentation, these are treated as identical to your other networks. The only benefit is my home network is usually louder, but that’s the rub it doesn’t always work and devices routinely switch.

In my case I noticed this in a condo, so the physical distances are less

I can understand the frustration this issue might cause, especially if your device keeps switching to these managed networks despite having a stable home Wi-Fi connection. It seems like there might be a difference in behavior based on the carrier, which complicates the situation further.
I strongly believe these carrier networks should only be added to “my networks” as a permission-gated prompt, and also be deletable.

Would solve this whole thing I think

If I make a new SSID with the name of an xfinity/att/Verizon hotspot would that means every up to date iPhone user would automatically connect to it?
No, unless you have found an exploit for EAP-SIM, Passpoint, etc.
i didn’t think ios had the capability to enforce any specific auth method for any specific SSID. you’re saying it does?
Yes. These managed networks require EAP-SIM (or something similar).
You can use an MDM solution/Apple Configurator.

I do this so (among other things) my iPhone connects to my home network and won't connect to my young friend's wifi "pineapple" or even suggest it's an option when he thinks I haven't turned peoples internets upside down over twenty years ago...

For a managed network? Absolutely.
Yes.
No. That’s not how it works. These managed networks require a specific secure authentication from the carrier itself.
If we trust the providers and manufacturers and we know that they are careful and with the best intentions then there may be no problem, but hey, they force things, they do secretive things, some even mislead and scam us, they eroded the trust in them themselves collectively!

I do not feel comfortable not knowing what wifi network my device will connect to the next minute along some opaque incentives of an organization I have no control or insights about. What if I have resources or devices in a specific wifi network that I rely upon and they hop over to something else because they want to? I have serious doubts about this move. To me even the hidden direct wifi communication switched on silently allowing two Apple devices communicate each other in the vicinity was a drastic move. We watched some movie on Apple TV and suddenly interrupted with the message and confirmation code display that my second neighbours MacBook Air wants to connect to my Apple TV. "How did he connect to my network?!", came the panic. I have important and confidential data available on my local network (with passwords, but still, one barricade was broken already!). Luckily the guy was aware of this new ""feature"" (more like a nuisance) and so now it is turned off on my Apple TV.

The trust is eroded a lot.

It's "Passpoint" and uses certificate based 802.11x auth, there's really nothing to worry about except calls dropping due to Wifi switchover. Whitepaper from Aruba here: Solving the Indoor Wireless Coverage Problem: Passpoint and Wi-Fi Calling https://www.arubanetworks.com/assets/wp/WP_Passpoint_Wi-Fi.p...
That's nice but when carriers abuse shitty home routers for these WiFi APs the networks are absolutely not to be trusted.
> there's really nothing to worry about except calls dropping due to Wifi switchover

When this happens: (my = family)

1) my devices are no longer behind my firewall or pihole

2) my devices can no longer access PLEX

3) my devices can no longer access my security system, cameras, etc

4) airdrop will fail

My network is my network, when I’m at home I want my devices to be on my network, not randomly dropping out and connecting to random hotspots multiple floors/houses away

> What analytics can a network extracxt [sic] from Passpoint traffic?

> Generally speaking, the local network will have visibility of the same client traffic it would see on any guest network, but it will not have visibility of the subscriber identity or any persistent identifiers other than the associated device’s MAC address

> From an analytics perspective, the major benefits of Passpoint are that it creates a much larger and more complete picture of visitor activity. Since a much higher percentage of visitors will be automatically associated with the network and their behavior and traffic will be visible to the local network, the value of any location, business, and security analytics in use will be improved.

... so the temporary host can theoretically MITM the connection and that's a feature? They don't just VPN everything from the phone to the ISP? :/

Sure, most traffic should be encrypted, but your neighbour could still see (and block) e.g. traditional DNS requests. Are DoH or DoTLS enabled by default yet under iOS?

Not great, IMO. :/

I'm pretty sure this kills all the MAC address randomisation and anonymized WiFi scanning features built into iOS when walking across a covered area. They've put all this effort in not being able to trace single phones through buildings and squares with randomised identifiers and then decided to automatically associate with magical networks, solidifying the MAC address for an extended period of time, bringing back the real-time tracking of unsuspecting people. Quite disappointing, in my opinion.