Monday, October 1, 2012

At The End of Our Tether...

After around three weeks with her new Nexus 7 tablet, my fiancée was informed by T-Mobile that she had exceeded the amount of data that she's entitled to under her contract's Acceptable Usage Policy (AUP). Personally, I detest the "Acceptable Usage Policy" model that all ISPs/mobile operators seem to have adopted. I'd rather any limits be plainly stated in the contract; there's no need to shield me from the fact you want cap your customers' data consumption. However, I have never been in a situation before where I've been anywhere near my AUP limit, so I was actually very proud that my fiancée had actually surpassed my own mobile data consumption! The only problem was, she was now reduced to being only able to browse the web and receive email on her devices until the end of the month; simply unacceptable!

My initial reaction was to simply log into the "My T-Mobile" online portal and apply the "Unlimited Internet Booster" to the relevant account. However, this appeared to make no difference; YouTube and still wouldn't work. This meant the next step was to speak to somebody at T-Mobile to see what options I had available to me. After I explained the issue, I was informed the booster I applied was intended to provide "unlimited" data for use on your phone alone, i.e. not a tethered device. I specifically required the "Mobile Internet Booster" (which wasn't available in the online portal).

Once the booster had been applied to the account, I enquired about the new AUP data limits; there was now a 1GB limit for the phone and 1GB for tethered device(s). I had to seek clarification around this: was any crossover allowed between these two buckets? For example, could we use 1.5GB of data via a tethered device, as long as the total data consumed didn't exceed 2GB? "Not really" was the response; they are actually separate limits, but that sometimes they allow for some crossover.

I was perplexed by this and made this abundantly clear to tech-support, which can be summarised in two points/questions:

  • If neither of us had ever approached our AUP data limit when simply using our phones, then why only grant 1GB of a 2GB allowance to the tethered devices?
  • Secondly, how do you, T-Mobile, know when the data usage from a single mobile device originates from the device itself or one that's tethered?

Obviously, the tech-support agent was not able (or at liberty) to answer these questions; the best I got was in response to the second question: "the system is quite clever, it can distinguish between tethered devices and the phone". Not really an explanation, per-se, so I started doing some digging around myself, and I uncovered several suggestions:

Browser Identification

My first interesting search result was an "Ask LifeHacker" article, entitled "How Can I Tether Without My Carrier Finding Out". Unfortunately, while the article referenced apps that could enable tethering where necessary (devices with it disabled by carriers, for example), it didn't really go into any details on how carriers are able to detect tethered usage. However, I found somebody in the comments thread suggesting that modifying the user agent string for your browser would help hide your tethered usage.

While it's certainly possible for carriers to monitor this information, I don't feel this would provide reliable enough metrics for calculating usage; this would only provide a mechanism for tracking web browsing activity. Not to mention the difficulties of maintaining such a system; for example, just updating the software to cope with all possible permutations of user agents would be very time-consuming. However, I believe it would be plausible that a carrier would start recording this information for individuals they suspected of unauthorised tethering; using it to build up a profile of their usage.

IP Packet TTL

In the same comments thread, somebody responded to the above by stating that simply changing your user agent string wasn't enough to hide your tethered browsing unless you had also modified the default TTL value of outgoing IP packets generated by your tethered device.

In IP networks, the Time-To-Live (or TTL) value is used to prevent packets being routed indefinitely (due to mis-configured routers, for example). Each router on a packet's journey decreases it's TTL by 1 until the TTL reaches 0, then it's simply discarded. If a packet originating from your phone has a TTL value that's 1 less than expected, then this would indicate that it actually originated from a tethered device. There's also the possibility that the TTL is wildly different; it all depends on the source operating system.

While this method of packet analysis would work with all the data generated by a mobile device (i.e. it's not limited to certain protocols), I again feel that this isn't the primary means by which an operator would monitor tethered data usage. But, this could be used to flag potential unauthorised use and to build a profile of activity.

Tethered Device Use a Different APN

Not completely satisfied with the above two suggestions, I continued searching and happened across a forum thread where this exact topic was being discussed. One of the users participating in the thread posted a screen shot of a message he'd been sent by a friend:

It seems that carriers, or AT&T at least, simply have your mobile device route traffic from tethered devices using a different Access Point Name (APN) to that used for traffic originating from the phone itself. With new information to refine my search, I found an XDA Developers forum post confirming that tethering functionality could be enabled or disabled via the APN configuration on an Android device. The all important "APN Type" flag appears to be "dun" (an acronym for "Dial Up Networking"); having this flag present indicates to your mobile device that this APN should be used to route traffic from a tethered device.

After investigating this on my own phone (HTC Desire HD on T-Mobile), I was able to confirm that they do appear to be separating phone and tethered data using this method:

I installed the application APN Backup and Restore (note, this application can no longer restore APN settings since Android 4.0/Ice Cream Sandwich!), which allowed me to test how modifying the APN configuration affected connectivity:

  • Removing all but the "" APN did not prevent me from accessing the Internet from a tethered device, even though the APN type was not configured with the "dun" flag. It would appear that the device will route traffic through any available AP if needed.
  • No matter which APN you're connected through, traffic seems to originate from the same pools of IP addresses.

Given the above two observations, it is difficult to be 100% sure that traffic is being routed over a given APN, so I've been unable as yet to confirm or deny that the switching of the "dun" flag to a given APN is actually routing the tethered traffic accordingly. However, the simple fact that tethered traffic was routed over the only APN available, with or without the "dun" flag being present does indicate that the routing decisions are configurable on your mobile device and aren't enforced by the carriers themselves.

The next time either myself or my fiancée hit our data limit, I'll be sure to try manipulating the APN configurations to start using the rest of our allowance!

Further Reading

While researching this post, I found some useful web pages and PDFs that describe how GSM and GPRS work to provide mobile devices IP connectivity. Some are a little out of date, but if you're interested in finding out more about how mobile networks are implemented, they might be worth a read: