The Apple device tries to connect to networks in this order:

1. The user’s “most preferred” network
   Known networks are scored based on the user’s actions. If the user manually switches to a network, its score increases. If the user manually disconnects from a network, its score decreases. The “most preferred” network is the one with the highest score.
2. A private network
   Private networks are those set up in homes and offices and can include the Personal Hotspot on the user’s iOS or iPadOS device. Devices with macOS, iOS, or iPadOS reconnect to known private networks in order of most recently joined.
3. A public network
   Public networks are designed for general access in public places like hotels, airports, and coffee shops. Other examples include Passpoint (Hotspot 2.0) and EAP-SIM/AKA/AKA′ in Wi-Fi connections provided by cellular carriers and network access providers.
   

Android and other devices use similar algorithms to ensure a great user experience. While it’s natural for mobile operators to initially feel concerned about not having control over Wi-Fi network selection, is “the device is king” necessarily a negative development?

From a Wi-Fi offloading and happy user standpoint, prioritizing the user’s preferred Wi-Fi network makes sense, followed by their home or workplace network, and last in priority, the public service provider networks. Furthermore, modern mobile devices use sophisticated algorithms to select the Wi-Fi network that offers the best user experience when multiple networks are available at the same location. For further details, refer to the Wi-Fi network selection section.

In other words, leave the Wi-Fi network selection decision to the device!

Mobile operators often seek greater control over the decision to remain on the cellular network or switch to Wi-Fi. Enea, positioned at the intersection of the 3GPP ecosystem and Wi-Fi technology, is uniquely suited to develop a solution for this challenge. In an upcoming post More Intelligent Network Selection, we will share our vision on this topic.

Wi-Fi Connection Profiles

Wi-Fi connection profiles are collections of settings that allow devices to identify and connect to specific wireless networks. They are supported across various platforms, including iOS/iPadOS, Android, Windows, and macOS. Each platform (OS) may have specific features or limitations regarding Wi-Fi profile management.

Wi-Fi connection profiles contain essential information needed to connect to a Wi-Fi network. The information varies depending on the connection type but can include:

• SSID (network name).
• Network Access Identifier (NAI) Realm, used for user authentication.
• Fully Qualified Domain Name (FQDN), which is used to specify the hostname of the authentication server.
• Security type (e.g. WPA2-Personal, WPA2/WPA3-Enterprise).
• Encryption method.
• Settings for SIM authentication, such as the International mobile subscriber identity (IMSI).
• Trust certificate for EAP-TTLS and EAP-TLS.
• Username/Password for EAP-TTLS.
• Digital device certificate and security key for EAP-TLS.
• Passpoint-specific settings such as Roaming Consortium Organization Identifiers (RCOIs). More about this is below.
• Authentication settings, including the EAP method.
• Connection preferences.

These profiles can allow devices to automatically connect to known networks without requiring users to manually enter credentials each time. A typical example is SIM authentication for automatic authentication of users.

To support Wi-Fi offloading, the Wi-Fi connection profile can be provisioned from the factory or added over the air through Apple’s carrier settings and similar mechanisms for Android phones.

For other types of devices and Wi-Fi-only devices, the Wi-Fi connection profile can be provisioned through an app. The recommended approach is to integrate a Software Development Kit (SDK) into existing applications, such as a service provider’s loyalty app, to implement this provisioning mechanism effectively.

Settings for Wi-Fi Offloading

Wi-Fi offloading using SIM authentication has always been secure, and the user’s automatic connection to the Wi-Fi network is seamless. To support this, there are some important settings in the Wi-Fi connection profile related to Wi-Fi offloading.

IMSI

The International Mobile Subscriber Identity (IMSI) is a numeric value composed of two parts <PLMN Id><MSIN>:

1. Public Land Mobile Network Identifier (PLMN ID): Uniquely identifies the individual mobile operator by their Mobile Network Code (MNC) and Mobile Country Code (MCC). The PLMN ID is of the format <MCC><MNC>; for instance, the PLMN ID for Swisscom with MNC 001 and MCC 228 is 228001.
2. Mobile Subscription Identification Number (MSIN): A unique identifier for the subscriber, such as 123123123.

The subscriber’s IMSI in the above example would then be 228001123123123. Mobile operators normally use wild cards in the Wi-Fi connection profile, such as 228001*, because it is enough to identify the PLMN ID in the Wi-Fi network selection process.

Realm

An NAI realm is the domain portion of a Network Access Identifier (NAI), which follows the standard syntax of “user@realm.” The realm specifies the domain or organization to which the user belongs, for instance, “enea.com.” The NAI realm is normally the same as FQDN and is used to find the authentication server.

The NAI realm field, when used for Wi-Fi offloading, has a specific format for 3GPP interworking. In this case, mobile operators use NAI realms that end with 3gppnetwork.org. For the interworking with Wi-Fi networks and the use of EAP-SIM/AKA/AKA’ and 5G-AKA authentication methods, the (NAI) realm field is of the format:

wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org

The individual mobile operator is uniquely identified by their Mobile Network Code (MNC) and Mobile Country Code (MCC). For instance, the NAI realm for Swisscom with MNC 001 and MCC 228 is:

wlan.mnc001.mcc228.3gppnetwork.org

For Wi-Fi offloading on their own Wi-Fi network, which does not require interworking with others, the operator may use another NAI realm format with a domain name they own.

SIM

This field is required for SIM based authentication (EAP-SIM/AKA/AKA′). The EAPType field must be set to the appropriate EAP type.

Settings for Passpoint

There might be some confusion about the terms Wi-Fi connection profile and Passpoint profile, but they are closely related. A Passpoint profile is the wire format of the device-specific Wi-Fi connection profile. When a Passpoint profile is received by a device, it is turned into a Wi-Fi connection profile specific to that device. Wi-Fi connection profiles can also be created through other means, for example manually configured or deployed using an app installed on the device. While Passpoint Release 1 defines the content of the profile, Passpoint Release 2 also standardizes the formatting of the profile with the intention to ensure interoperability across different devices and networks. Devices only supporting Release 1 have the same functionality, but uses a vendor-specific format.

Passpoint enables seamless and secure connectivity, just as SIM authentication does, and SIM authentication can also be used with Passpoint. Further more, Passpoint also enables seamless roaming as the device connects to a Wi-Fi service rather than a specific Wi-Fi SSID. Learn more in the upcoming post about Passpoint.

In a Passpoint profile, there are other parameters than SSID in play for the device to automatically identify and select the Passpoint-enabled Wi-Fi network. Once a device tries to connect, the NAI realm is used for finding the authentication server. As discussed, the NAI realm for Wi-Fi offloading is normally in the format wlan. mnc<MNC>.mcc<MCC>.3gppnetwork.org, especially for 3GPP interworking.

Network Selection for Wi-Fi Offloading in a Non-Roaming Scenario

• For SIM-based devices using EAP-SIM, EAP-AKA, or EAP-AKA′, the primary identifier is the IMSI. To streamline network identification, mobile operators often use a wildcard IMSI, such as 228001* for Swisscom, which denotes the operator’s unique identifier (PLMN ID) without including the full subscriber-specific IMSI. During network selection, the device compares the PLMN IDs provided by the Wi-Fi access point via the Access Network Query Protocol (ANQP) with its stored wildcard IMSI (PLMN ID) associated with its SIM/USIM credentials. If a match is identified, the device proceeds with SIM-based authentication to establish a secure connection.
• For non-SIM devices using EAP-TLS or EAP-TTLS, the Fully Qualified Domain Name (FQDN) serves as the primary identifier for specific networks or service providers. To determine whether to connect, the device compares the FQDN stored in its Passpoint profile with the domain name list provided by the Passpoint Wi-Fi access point through the Access Network Query Protocol (ANQP). Service providers may advertise multiple domain names; for instance, a single provider might use names such as wlan.mnc410. mcc310.3gppnetwork.org, att.com, and attwireless.com. In addition to FQDNs, the device can utilize other identifiers, such as the NAI Realm or Roaming Consortium Organization Identifier (RCOI), to ensure accurate network matching.

Network Selection for Wi-Fi Offloading in a Roaming Scenario

The Roaming Consortium Organization Identifiers (RCOIs) in the Passpoint profile are used for devices to recognize and automatically connect to compatible networks for roaming.

One of the key advantages of Passpoint is that it doesn’t require all connectivity parameters to be embedded directly in the Wi-Fi access point beacon. Instead, the Access Network Query Protocol (ANQP) operates in the background, enabling devices to silently communicate and negotiate network details. For example, the shorter 24-bit base RCOI can be included in the beacon frames, allowing devices to quickly assess potential network compatibility before proceeding with a more detailed ANQP query that includes the full 36-bit RCOI list. Additionally, information like the Venue Info URL introduced in Passpoint R3 is also exchanged via ANQP, enhancing the user experience without overwhelming the beacon frames.

Another important Passpoint-specific parameter, introduced in Passpoint R1, is the Operator Friendly Name. It provides a human-readable name for the service provider, which helps users identify the network they are connecting to.

Wi-Fi Offloading Settings for OpenRoaming

With the OpenRoaming Passpoint service, identity providers (IdP) can roam with any access network provider (ANP) in the OpenRoaming federation.

An “OpenRoaming profile” is just a Wi-Fi connection profile with Passpoint and OpenRoaming settings.

Since OpenRoaming is a Passpoint service, all that is needed from a profile point of view is to add the required Roaming Consortium Organization Identifiers (RCOIs) for OpenRoaming to an existing Wi-Fi connection profile which has been adapted for Passpoint.

In the case of Wi-Fi Offloading with OpenRoaming Access Network Providers (ANP), must make some more adaptations outside the scope of the Wi-Fi connection profile. Learn more about this in the upcoming post about Wi-Fi offloading and OpenRoaming.

Wi-Fi Network Selection

The device’s ability to select the right network is critical for optimizing Wi-Fi offloading. The good news is that modern devices, such as iPhones and Android phones, employ sophisticated algorithms to determine whether to connect to a Wi-Fi network or remain on the cellular network, balancing factors such as signal strength, network performance, and user preferences. It is no longer the case that devices blindly prefer Wi-Fi over cellular networks. If the cellular connection performs well, the device is less likely to switch to Wi-Fi unless the user has indicated that they prefer Wi-Fi, e.g., by selecting Wi-Fi manually.

It should be noted that while iOS has a consistent behavior, Android devices may have smaller differences in behavior across different OEM vendors.

Wi-Fi Network Discovery and Evaluation

When a device detects available Wi-Fi networks, it initiates a multi-stage process to evaluate and select the most suitable network:

1. Network Discovery: The device scans for available Wi-Fi networks within range.
2. Attribute Collection: For each detected network, the device collects key attributes such as signal strength (RSSI), supported Wi-Fi standards, frequency band, and security type.
3. Network Filtering: The device filters out networks that don’t meet minimum requirements, such as those with signal strength below a certain threshold.

Wi-Fi Network Selection Criteria

Devices consider multiple factors when selecting a Wi-Fi network:

• Signal Strength: Networks with stronger signals are enerally preferred.
• User Preferences: Networks manually selected by users receive a higher score in future selection processes. Manually disconnected networks get a lower score.
• Frequency Band: Due to their higher performance capabilities, 6 GHz and 5 GHz networks are typically prioritized over 2.4 GHz networks.
• Security: WPA Enterprise has the highest priority, and WPA Personal networks are favored over less secure options.
• Previous Connections: Networks that the device has successfully connected to in the past are given higher priority.

If multiple Passpoint Identity Providers (IdPs), responsible for authenticating the user for Wi-Fi access, are configured in the Wi-Fi connection profile, the Home Service Provider will be prioritized.