NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Important Warning Regarding T-Mobile Android Caller-ID Blocking (and a Fix)

  Important Warning Regarding T-Mobile Android Caller-ID Blocking (and a Fix)


Many people routinely block their outgoing Caller-ID 
(Calling Number ID - CNID) for privacy and security reasons.  
Persons who choose to do this depend on the blocking to work reliably.

Unlike conventional landline carriers, mobile carriers do not
necessarily offer the ability for subscribers to order their lines
permanently set by default to block CNID on outgoing calls.  T-Mobile
in particular only provides the ability for subscribers to ask for
CNID to include their number and names, or only their numbers.  They
will not provide "complete" blocking via your account.

Instead, to completely block CNID (including the number), T-Mobile
depends on the integral GSM cellular commands that control these
functions.  (Please note that everything in this discussion refers
specifically to T-Mobile USA.  I am not asserting that the same
situation necessarily exists for AT&T or other carriers, but concerned
subscribers may wish to test their configurations regardless of their

On Android phones running on T-Mobile (I do not have relevant data
regarding non-Android phones), the commands to control CNID are
typically within the (Call Settings->Additional Settings) menu (along
with the Call Waiting setting).

There are usually three settings possible for CNID, which are supposed
to take effect until changed by the user: Network (Operator) Default
(for T-Mobile, this is send CNID), Hide number (CNID blocked), and
Show number (CNID enabled).  These are completely separate from "per
call" (three character) codes that can control CNID on a one time
basis for a single call.

These settings (along with the Call Waiting setting) are actually
stored on the cellular network.  When you go to the relevant settings
page, you can often see the brief delay as the phone interrogates the
network for the associated settings data.

Unfortunately, my testing has revealed that the "Hide number" setting
to block CNID may under various circumstances revert without warning
to sending CNID (Network/Operator Default).

Despite a battery of my own tests and reports from other helpful
parties, I am unable to pin down the precise combination of
circumstances that result in this situation.  Clearly the HTC Vision
(T-Mobile G2) running Android 2.3.4 is vulnerable, but I have reports
of other phones and other system levels exhibiting similar behavior

In some cases, it appears that use of T-Mobile's (otherwise excellent)
Wi-Fi (UMA) calling feature results in the CNID setting reverting
unexpectedly from blocked to unblocked even when Wi-Fi calling is
later disabled, but there are other situations, sometimes apparently
related to booting in low signal areas (among other factors), that
seem to be involved.

There are so many possible combinations that it isn't even clear that
Android itself is really a factor per se, and we may be looking at a
more fundamental issue related to T-Mobile's infrastructure.

In any case, regardless of your phone type, it's better to be safe
than sorry when blocking CNID.  T-Mobile outright refuses to block
CNID at the account/line level to fix this problem.

But happily, Android's flexibility and a wonderful free Android app
called "Prefixer" provide an excellent workaround
( Prefixer: http://bit.ly/uwO2vZ [Android Market] )

Prefixer implements a highly flexible rule-based system (with "regular
expression" pattern matching - how cool!) for altering dialed numbers
on the fly based on a range of criteria, changing how they are logged,
and so on.  This turns out to provide everything we need to feel
secure that CNID is working as we expect.  In fact, we can even
improve on "normal CNID behavior" via the use of Prefixer.

For now, I've created a Prefixer rule set with the following

1) All ordinary calls are automatically prefixed with the per-call
CNID blocking code.

2) Calls starting with the CNID unblocking code are left alone, but an
extra confirmation is required to complete the call

3) Special numbers staring with '*' and '#" are left alone

4) Regular numbers prefixed specifically with "###" are rewritten as
the regular numbers prefixed with the CNID unblocking code, and
require extra confirmation.

So, you can feel comfortable that all ordinary calls have CNID blocked
regardless of the GSM "Call Settings" CNID status, plus you get the
extra confirmation if you decide to unblock CNID for a specific call
(either via *82 or ###).

You can install Prefixer from the Android Market link above.  The
ruleset described is located at:


After installing Prefixer, you may be able to browse to this URL from
your phone and have the ruleset drop automatically into the app, or
you can download the file from the "myruleset.pfx" file directly from
the URL above, place it on your phone's SD card, and import via
Prefixer's (More->Import rules) command.

Then check the other Prefixer options as desired, make sure to set the
app to its "ON" (green) state, and you should be good to go.  You can
look over the rules in the app, and once everything is working you can
uncheck (Preferences->Show triggered rule) so you don't see the number
rewriting information each time you dial.

Again, this all applies specifically to T-Mobile USA.  But subscribers
on other carriers may also desire to verify whether or not CNID
blocking is actually working correctly in all circumstances.

Please let me know if you have any questions or comments, or if you
need further information regarding "Prefixer" usage.

Take care, all.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com 
Google+: http://vortex.com/g+lauren 
Twitter: https://twitter.com/laurenweinstein 
Tel: +1 (818) 225-2800 / Skype: vortex.com