Category Archives: Project Fi

Fi on a non-Google phone is like mowing your lawn with a weed eater….

Project Fi LogoI’ve seen the “can you use Project Fi with an XYZ model phone” question over and over. Invariably someone (or several someones) will reply “yeah, it works”. And while this answer is kind of / sort of technically correct (with caveats), it’s misleading!  When I see this I imagine  quotes around the word works… it “works” – unfortunately, a lot of people take it at face value.


Before we go any further, you need to understand a couple of basic issues.  GSM carriers (like T-Mobile and AT&T) use sims to provision service on their network. The sim’s unique id is what is activated by the carrier and ties the service to whatever phone it’s inserted in. On the other hand, CDMA carriers (Sprint) only use the sim to provision the data portion of their service (LTE) – the cell side is provisioned based on a unique id in the PHONE.

You also need to be aware that not all phones have all of the US cell bands that are used by T-Mobile and Sprint. For instance, the International versions of Nexus phones don’t have any CDMA bands.

Activating your Project Fi Sim

The first thing that happens when you start the Project Fi activation process is that the Project Fi app verifies that you are using a supported phone. If you aren’t on a supported phone, the app stops the activation process. In short, you can NOT activate a Project Fi sim on an unsupported phone ( to me this means it does NOT work).

If you are on a supported phone, the app activates service on T-Mobile using the sim’s ID and then activates the PHONE’s unique ID on the Sprint Network.

So, I’ll just activate my sim in my friend’s Google Phone

And now we head down the rabbit hole.  Yes, you MAY be able to do that – BUT, you will be activating your friend’s phone on Sprint. This has a couple of possible side effects:

  • Your friends phone may have issues if he tries to activate Sprint service (either Sprint, Project Fi or any Sprint MVNO).
  • When you change out the sim, your phone will not be able to utilize the Sprint network. It will basically be a T-Mobile ONLY sim.

OK, so I’ll use a “Data Only Sim” Instead

Not so quick. The “Data Only Sim” is an ADD ON to a full sim, so if you can’t activate your primary sim, you won’t be able to use the data only one. This sim is intended as a way to get access to a SECOND device (like a tablet), not as your primary service.

Additional Things To Consider

  • Google will NOT support Project Fi on an unsupported phone.
  • Google has stated in the Network Policies section of their TOS that all “supported devices” will be listed on the Project Fi website and that they “reserve the right to suspend any device that we reasonably determine is unsupported”.  So, yes, they have the option of terminating your service for using a non-approved phone.


Basically, it’s like asking a group of guys “can I mow my lawn with a weed eater”?  There will be at least one guy that will says “sure, you can do that”. And while he is technically correct, and may be doing it himself; it is only kind of “working”.

Regardless of what you’ve heard – No, Project Fi sims do not work (note the lack of quotes) on unsupported phones! You probably need to consider a T-Mobile plan (or one of it’s MVNO’s – like Straight Talk).

Have fun and enjoy Project Fi!



Project Fi – What is a “Key” and why should I care?

What does the “KEY” mean?

I’ve seen several new (and some not so new) Project Fi users asking “what’s a key?”  So I thought I would take a crack at explaining what it is anProject Fi Logod why you should care.

First off, the “key” simply means that Project Fi’s WiFi Assistant is using an open WiFi hotspot to route all of your data through a Google VPN (see diagrams 2 and 4 below).  What this means to you is that your data is encrypted from your phone all the way to Google’s VPN server.

While we don’t know all of the rules for when Google’s WiFi Assistant will automatically connect, we do know that (at current) it only works on open hotspots with no “captive portal”.  What does that mean?  It means that if you have to provide a passphrase (WEP / WPA2 password for the router) or you have to acknowledge a Terms Of Service or click through a “Welcome” page (captive portal), WiFi Assistant won’t automatically connect and the vpn won’t be used.

Beyond that, we’ve been told that hotspot owners can “opt out” of providing this service and that Project Fi uses “a network quality database to help determine which networks are high quality and reliable.”  I’ve also seen the WiFi Assistant connect in a location one day but then not the next day – general consensus is that the location may or may not be “WiFI Assistant” material on a given visit based on connectivity at that time.

Why do you call it a “KEY” and how do I know if I get one?

If you are connected via a VPN, you will see a key (key) on your Project Fi status bar.

I’ve got a “KEY”, why do I care?

Well, the primary reason is that the key means that your data is encrypted from your phone to Google.  In the diagram below, this means that you don’t have to worry about “points of attack” A through E below.

Secure Data Transfer




What are the likely points of attack?

  • A – between your phone and the WiFi hotspot.  This is the easiest point of attack because the attacker doesn’t need physical access to any of the network hardware.  He can simply “listen to” (sniff) your WiFi radio connection.  Also keep in mind that some WiFi encryption protocols have been successfully hacked – for instance WEP is basically useless.  Just because the hotspot you are connected to uses WEP or WPA2 doesn’t mean it can’t be sniffed.
  • B – at the “hotspot”.  Hotspots are basically computers. It’s quite possible to embed malicious code in a hotspot to compromise data. This is reportedly common at some “cyber cafes” and other “public” hotspots.
  • C – between the hotspot and the ISP.  This isn’t very likely because it would require physically tapping the connection (think Police / NSA).
  • D – at the hotspot’s ISP.  Remember that while you trust your ISP, not all hotspot owners are using trustworthy upstream providers. A small provider with a rogue employee has access to 100% of the the unencrypted traffic going through their servers.
  • E – between the ISP and the “internet”.  Ok, this is kind of the same thing as G below, but I mention it specifically because it is one of the hack points the NSA has used to log traffic going into / out of the backbone.
  • F – the internet.  When you connect to a web site,  you don’t connect “directly” to that site.  Your data bounces from server to server (sometimes 10-20 “hops”) before getting to the other end. If your data isn’t encrypted, it can be compromised at any of these hops.
  • G – between the internet and the web server.  This would usually be used to see who is using a specific web server.  Police would use this to log users connecting to illicit servers and hackers would target this to get “high value” data going to a specific server.

Possible Connection Scenarios 

I’m going to arbitrarily assign weights to each of the 7 points of attack above (based on my opinion how likely each is).

A=4, B=2, C=0.5, D=1.5, E=0.5, F=1, G=0.5

So, if you are still with me (I’m surprised I haven’t bored you to death), let’s look at the 6 scenarios above and security rating (based on the scale above 0-10 with higher being better):

  1. Using an open WiFi Hotspot with HTTP protocol.  In this case, your data can be captured at any point (A-G).   Rating:  0
  2. Using an open WiFi Hotspot with HTTP protocol and a “KEY” (Google VPN).  In this case, you are protected from your phone to Google.  This will defeat the vast majority of sniffing attempts. Rating:  7
  3. Using open WiFi + HTTPS (SSL).  This is as good as SSL is (which pretty good).  There has been some talk that SSL may be compromised by the government, but I’ve not seen any definitive documented examples (but I’m going to knock off a point just in case). Rating: 9
  4. Using open WiFi + HTTPS (SSL) and VPN. This is about as good as it gets.  Your data is double encrypted through steps A-E). Rating: 10
  5. Using WEP / WPA2 encrypted hotspot with HTTP.  This is very similar to option 1 except you get 3 out of 4 on the first step (it looses a point for possible compromise.  Rating: 3 (EDIT: I was reminded that it’s not actually fair to group WEP with WPA2 or WPA3  since WEP it seriously flawed, so I’m going to change my rating).  Rating WEP: 0, Rating WPA2/3: 3
  6. Using WEP / WPA2 encrypted hotspot with HTTPS (SSL).  Pretty darned good.  Rating: 9.5

Are there any other ways the VPN could protect me?

Yes, there is (at least) one way.  When you directly connect to a remote host, the host (and every hop in between) sees your public facing IP address (your Comcast / AT&T provided router address).  If you use a VPN, the remote server will see a Google provided IP address.  What this means is that it would be quite a bit harder for the remote server to identify who you are.  Anonymity can be a good thing. 🙂

Ok, so where do I go to find a key?

There is a crowdsourced map of locations where keys have been seen.  Keep in mind that locations where keys have been seen may still not show a key for you if the connectivity at the hotspot isn’t “good enough”  Edit: it’s been brought to my attention that this map is no longer available.  Sorry.

Project Fi WiFi Spots

I don’t want Google knowing that much about me

I know many people are concerned about how much Google “knows” about them.  While I haven’t been able to locate the specific privacy policy related to the Google VPN, I’m pretty sure you are safer using Google than any of the “free VPN” services.  Google is a big corporation with a reputation to uphold, “Johnny’s Free VPN” service is only as good (and reputable) as Johnny is.


Project Fi’s “Key” or VPN is a cool free feature that you should be happy to see.

I hope you found something in here useful.