Captive Portal parameters

Question

There are several captive portal parameters one could apply to an Android device via settings put global â€“ the most famous probably being

settings put global captive_portal_detection_enabled 0

to completely turn off captive portal check (for Android < 8). Can someone explain how to use the others â€“ e.g. to define a "custom captive portal server for tin-foils"? For example, one cannot simply do a

settings put global captive_portal_server example.com

as that would, in most cases, cause captive portal check to permanently fail (background: doing so, portal check would construct an URL http://example.com/generate_204 and check against that, expecting a specific response).

So apart from simply deactivating captive portal check altogether (which might, as I've read, lead to other issues like not being redirected to the correct portal in some cases), what else can one do to enhance privacy in this context?

Examples (if I got them right):

captive_portal_mode (Android 8+?):
- 0: Don't attempt to detect captive portals
- 1: Prompt the user to sign in
- 2: Immediately disconnect from the network and do not reconnect to that network in the future

captive_portal_detection_enabled (Android <8?):
- 0: Completely disable captive portal checks
- 1: Enable it (default)

While these examples are pretty much straight-forward: How to use the other parameters?

— Izzy | Sources

Answer

Configuring captive portal behaviour

captive_portal_detection_enabled (<= Android 7.1.1)
- works as described in question body

captive_portal_mode (>= Android 7.1.2)
- works as described in question body

Setting captive portal URL(s)

captive_portal_server (<= Android 6.0.1)
- The server that holds a generate_204 page, used to internally craft a URL for captive portal detection (new URL("http", mServer, "/generate_204"); â€“ obsolete as of Android 7.0, see below)

captive_portal_use_https (>= Android 7.0)
- 0: Don't use HTTPS for network validation
- 1: Use HTTPS (default)

captive_portal_http_url (>= Android 7.0)
- The URL used for HTTP captive portal detection - use in pair with captive_portal_use_https (set to 0)
- >= Android 7.1.1: OS no longer appends generate_204 to URL automatically, giving input URL some flexibility

captive_portal_https_url (>= Android 7.0)
- The URL used for HTTPS captive portal detection - use in pair with captive_portal_use_https (set to 1)
- >= Android 7.1.1: OS no longer appends generate_204 to URL automatically

Requirement for the URL to be used

A HTTP 204 response code ("no content") from the server is used for validation, no extra content needed: take the default detection URL for example, curl clients3.google.com/generate_204 returns empty, and inspecting HTTP response by adding --write-out %{ http_code } returns 204.'

A small list of usable captive portal server URLs in mainland China (personally tested)

https://captive.v2ex.co/generate_204 (hosted by v2ex.com)

https://connect.rom.miui.com/generate_204 (hosted by Xiaomi, used by default on MIUI)

https://noisyfox.cn/generate_204 (hosted by noisyfox.cn)

https://www.google.cn/generate_204 & https://developers.google.cn/generate_204 (hosted by Google)

https://www.qualcomm.cn/generate_204 (hosted by Qualcomm)

Further notes

The source also mentions parameters captive_portal_user_agent, captive_portal_fallback_url and captive_portal_other_fallback_urls:

captive_portal_fallback_url (>= Android 7.1.1) obviously is supposed to hold a single URL, while

captive_portal_other_fallback_urls holds multiple further URLs (comma separated list, so the URLs might not contain any comma).

But I personally conducted tests on Android 8.0.0, and both fallback parameters don't work. Assuming they're declarations without an implementation for now.

Some examples of captive portal settings of Android in China show the use of some of the above settings:



adb shell settings put global captive_portal_http_url http://www.google.cn/generate_204

adb shell settings put global captive_portal_https_url https://www.google.cn/generate_204

adb shell settings put global captive_portal_fallback_url http://www.google.cn/generate_204

adb shell settings put global captive_portal_other_fallback_urls http://www.qualcomm.cn/generate_204

Knowing that, "tin foils" even could set up their own verification service. With Apache:



RewriteEngine On

RewriteCond %{
REQUEST_URI
}
 /generate_204$

RewriteRule $ / [R=204,L]

or with Nginx:

location / generate_204 {
 return 204 ; 
}

References

1, 2 (Chinese), 3 (Chinese)

— Andy Yan | Sources

Topics