WiGLE WiFi for Android phone performance comparison

The gear needed for wardriving

16 posts • Page 1 of 2
I was interested in comparing the difference in performance with the Android WiGLE Wi-Fi application with the same settings, same drive and same time on different phones. I did several different runs in car, train and waling in different density Wi-Fi environments to see how they performed in each.

This should allow people to baseline the performance of other phones provided they have one of the three phones used here.

The 3 phones used were a Samsung S7, Cubot C8 (low cost with only 2GHz Wi-Fi) and LG G3.

In general, the number of detected access points is dependent on, acces points being present oviously, and the phone’s performance in:
  • 1. Sensitivity – ability to detect weak signals;
  • 2. Frequency range – not all phones cover all of the channels;
  • 3. Co-channel handling – Some phones are better at resolving signals in the presence of interferers / other signals on the same or adjacent channels;
  • 4. Scan speed – this seems to be crucial especially when moving at speed. How quickly can the device go through all the channels?
Related is the ability of the device to pick-up a GPS signal to correctly tag the correct location.

Image

Clearly the most expensive and most powerful phone out performed the others in all environments.

Although the C8 and L3 got less in all scenarios they did detect networks that the S7 did not, albeit this was low in the 10’s. I also conclude it is not simply the number of phones you have running in parallel but the performance of your best phone that is key.

How do your devices compare?
this is really interesting.

if I had all the time and phones in the world, I'd love to do comparisons across android releases as well as devices, since there are significant differences in background service and position handling that depend on OS version.

Thanks for a really cool post!
Just for reference, those were running on WiGLE v2.25 and the S7/C8 on Android 7.0 and LG G3 on 6.0.
another comparison, the Samsung S7 vs the Samsung S4 vs a RPI:

RPI: W: 4195 B: 1187 C: 0
S7: W: 2050 B: 537 C: 54
S4: W: 2146 B: 227 C: 5

W= Wifi, B = Bluetooth, C = Celltower

The S4 is running Lineage OS 14, the S7 Android 8.0, both with the WiGLE App 2.46

I assume the S7 is a little bit lower in Wifi here as the area had mostly 2,4Ghz where it "wasted" time scanning in the 5Ghz band.
awesome; which kismet version is that?
the rpi is running 2019-08-R1 kismet, exact setup: War-Pi
Its a bit a unfair device against smartphones in terms of performance, but also way more complicated to use.
It also matters whether your device is doing a passive scan or an active scan.

I also had vintage Android devices that were tiny, underpowered and slow, but in certain situations they could pick up way more networks than the active scanners. It could also receive access points from a magnificent distance after plotting them on a map, sometimes even 5km away. If you have a device that does monitor (promiscuous) mode, that also counts as passive in this sense (or active + passive if it can manage injection as well).

For active scanners (I think most everything today), it's also not just the RX that matters, but the TX as well - if the AP can't hear your probe request clearly enough (or the client sent it out when the channel was not idle enough), it can't send a response.
with a s20 now i am surprised by how much it finds, so i made a run with "all the gear" to compare it:

about 1 hour driving, all devices behind the windscreen:
S4 W: 5783 B: 711 C: 24
S7 W: 4897 B: 1890 C: 104
S20 W: 7420 B: 2684 C: 78
RPI W: 8809 B: 1352 C: 0

Samsung phones run Wigle 2.63
The RPI is this: https://www.designer2k2.at/de/mods/elek ... ving-setup

So yes, the S20 is quite a beast for wifi and even more on bluetooth. Celltowers it’s a bit lower than the S7.

Looking a bit deeper, how do the individual datasets match?
Found by all: 2995 (this wifi´s where in all 4 devices)
Found only by S4: 981
Found only by S7: 616
Found only by S20: 2195
Found only by RPI: 2662

The S20 is fetching quite a lot. So far the "best" wigle phone I’ve seen.
This insight is super-valuable!

Side-by-side comparisons are really expensive/hard to do (same time, same route, more than 2-3 devices), but it would be great to get a ranking of the "best" net detecting phones. (maybe at a conference or public event where we can get people to travel the same route together?)

We're careful not to embed any analytics/tracking stuff in the app so it would require community organization!
Did you use any USB wifi dongle with an external antenna on the Raspberry or only the internal one? I think you could find even more in monitor mode, not sure whether the linked OS image contains it:

https://github.com/seemoo-lab/nexmon
The RPI is this: https://www.designer2k2.at/de/mods/elek ... ving-setup
Found only by RPI: 2662
yes arkasha this is tricky to do, as the devices idealy are in the same place. Even when the phone is closer to the A pillar or centered in the windscreen it gets different results :roll:

kurz, the rpi(4) is running kali linux with kismet and 2 usb wifi dongles in monitoring mode (TP-Link Archer T9UH AC1900, ALFA AWUS036NEH).

Another comparison, all the RSSI values in a histogram:
rssi_histogram.png
rssi_histogram.png (33 KiB) Viewed 559 times
Both RPI wifi dongles can be seen with the 2 RSSI lines. And it gets the strongest signals by far.
The S4 seems to fetch most wifi´s with very low RSSI :?

The script i used to generate the data from above and the plot: https://gist.github.com/designer2k2/417 ... 9b0895e039
Very cool information. Is the S20 just a stock OS? I run an S7 Edge and an old Core Prime together all the time, and the stuff found by one but not the other is always an interesting thing.
Image
the S20 runs stock Android 11 (One-Ui 3.1) Just developer mode active to turn off the wifi scan throttling.
Only the S4 runs LineageOs to have a more current system on it
Can you post your devices' scan speeds for comparison? My S5/SM-G900T can do a scan in about 3.9s with throttle off. It runs LineageOS 18.1. Internet says its chipset is a Broadcom BCM4354.

I think I can explain some of OP's findings. Here are the wifi chipsets as far as I can research:
S4 BCM4335
LG G3 BCM4339
S7 Edge BCM4359

Each mfg. probably uses a different antenna setup but maybe you can assume the newer chipsets are better.

If you have root "iw" actually works on Android. You can use "iw list" to examine chipset capabilities.
"iw dev wlan0 get power_save" and "iw dev wlan0 set power_save off" worked on my device but didn't affect scanning speed. It probably only affects station mode.

The vendor's firmware files suggest my phone is meant to use country code "GB" ruleset. "iw reg get" shows "00" which usually means unset/most restrictive and I couldn't change it.
Image
i was looking at the Wigle app, and this scan time is jumping a bit around, so i took the data from above and looked into that:

As every scan result gets the same timestamp, i used now only the unique timestamps. That gives a timestamp for every finished scan.
And now plotting this unique timestamps:
count_vs_time.png
count_vs_time.png (47.28 KiB) Viewed 403 times
Basically, the higher the count, the more complete scans it made.

The RPI is a bit different, as it reports at the time when it finds something, therefore gets a lot more timestamps.

The chart above can also be shown as numbers:
total time: 5060s
unique S4 timestamps: 973, average intervall: 5.20s
unique S7 timestamps: 1319, average intervall: 3.84s
unique S20 timestamps: 1500, average intervall: 3.37s
unique RPI timestamps: 2313, average intervall: 2.19s

That fits quite well the numbers ive observed on the devices. but it does not directly match as the S4 is a bit slower than the S7, but still gets more wifi... :?

16 posts • Page 1 of 2

Return to “Net Hugging Hardware and Software”

Who is online

Users browsing this forum: No registered users and 4 guests