Is Comcast’s Xfinity swapping your settings? No, but it can seem that way

What seems like overreach may actually be an iCloud quirk.

pixabay tech stock image
Credit: Pixabay/Gerd Altmann

Joseph Rosmann wrote in with a concern about Xfinity, Comcast’s cable TV and internet brand, to which his family subscribes. Starting in November, he and his family’s iPhones and Macs seemed to shift preferentially to Xfinity’s Wi-Fi network and email return address (plus mail server) without them having made any configuration changes of which they’re aware, and even while at home on their own Wi-Fi network.

Joseph wondered if Comcast had developed a technique to inject code or hijack settings that could have carried this out. I don’t believe so in this case, but Comcast does violate the integrity of user’s webpage requests, so it’s not a stretch to suspect it does worse.

For unencrypted web connections, Comcast will inject JavaScript code—rewriting the webpage on the fly from the server to your browser—to drop in popup dialogs that warn about you approaching your bandwidth limit for the month or, in the past, using a modem that relies on older data-encoding standards. Privacy and security advocates decry this practice, because there should be no point at which a third party injects software that isn’t sent by a web server. Secured connections aren’t affected, and the web as a whole is increasingly moving to always-https service.

However, with iOS and macOS, there’s no way for Comcast to modify network and mail settings without your direct involvement. What I believe is happening is a bubbling up of an Apple iCloud feature and an iCloud/Apple Mail flaw.

Xfinity offers Wi-Fi roaming access to its subscribers, and this includes not just hotspots operated by itself and by partner cable companies, but also networks that it unlocks on other Xfinity subscribers’ systems! The reason you see the xfinity network name all over the place across Comcast’s territory is that all Xfinity subscribers with Comcast-provided Wi-Fi routers automatically share network access unless they’ve opted out. Comcast says the bandwidth used is throttled and provided in excess of what they promise you for your home service. Sure it is; why not.

mac911 xfinity wifi app Comcast

The Xfinity Wi-Fi app wants to install a profile to create a faster secure connection to its hotspots. I say no.

If you ever connect to one of those xfinity hotspots, you’re prompted the first time to enter your subscriber credentials. This registers the device with Comcast’s systems. You can also install an Xfinity app that offers to install a network profile to make it easier to connect, but I recommend against this. (The app’s upside is that it uses the profile to create an encrypted local connection, unlike open Wi-Fi networks typically used in public places, which are unencrypted, even when you have to use a login.)

Here’s the issue: if you have iCloud Keychain enabled, it syncs Wi-Fi password and other connection information among devices. This can put the Xfinity network into rotation as one of the approved networks for all your Macs and iOS devices associated with that iCloud account. Again, it should require a subscriber login the first time you use a device, so you’d seemingly remember this, but because that only needs to occur once, maybe you’ve forgotten.

Comcast has a portal to see which devices have been associated with Xfinity hotspots, and instructions on how to work with it.

Why would Joseph’s devices connect at home to an Xfinity hotspot? The only thing I can think is that a neighbor’s service may have a higher signal strength than the router or routers in some parts of his house. iOS and macOS automatically switch Wi-Fi networks from a current weak connection to a stronger one if it has the credentials for that stronger network stored. That’s a feature of both operating systems, not something Comcast can override.

iOS wouldn’t allow a third party to swap network connections; that’s managed at a system level. macOS would require you to install software with administrator privileges, and I’m not aware of any such package by Comcast or third parties that forces this kind of swap. The closest thing I can think of is Boingo Wireless, a hotspot resale aggregator and venue operator that has Mac, Windows, and other software to manage connections—but you’d be aware of installing it and what it’s doing.

If you want to be sure none of your devices connect to the xfinity network, try all of the following:

  • Remove the iOS profile. If you have the hotspot app installed, remove the profile from Settings > General > Profiles (sometimes labeled Profile or Profile & Device Management).
  • Uninstall the iOS app.
  • Forget xfinity in iOS. Unfortunately, iOS doesn’t let you “forget” a network unless you’re connected to it. Find an Xfinity hotspot, connect, and then in Settings > Wi-Fi tap the info (i in a circle) button next to the network name, and then tap Forget This Network and confirm.
  • Forget xfinity in macOS. In macOS, open the Network system preference pane, select the Wi-Fi adapter in the list at left, and then click Advanced. In the Wi-Fi tab, find any xfinity networks one at a time, select each, and click the minus (-) button to remove the network. Then click OK and click Apply.

Because of iCloud Keychain sync, you might have to do this a couple of times, because the synced networks sometimes reappear from other devices, even though the removal should propagate outward to those systems.

As far as mail, Joseph has found—especially on his home Xfinity network—that Apple Mail seems to snap back to using his Comcast return address instead of his iCloud one. Even after removing Comcast mail server information from Mail, it still appears, but no longer sends mail correctly, since the server settings are gone.

Mail, especially in macOS, has funky issues with return addresses and account sync. I haven’t seen this precise problem, but with iCloud synchronization turned on for Mail, I have definitely had the recurrent issue of setting a return address as a default that won’t remain stuck in place, and occasionally had bad server information sync instead of the correctly working details.

To make sure Comcast information is not present anywhere:

  • In macOS, launch Mail, and select Mail > Preferences > Accounts. Remove any Comcast (or other unwanted) accounts from the left account list by selecting and clicking the minus button at the bottom. You also need to check the SMTP server list, which cannot be accessed directly. Instead, select any account, like your iCloud account, click the Server Settings button, and then from the Outgoing Mail Account popup menu, choose Edit SMTP Server List. You might find and need to remove a Comcast server from there, too!

  • In iOS, go to Settings > Mail > Accounts and tap the account. Now tap Delete Account and confirm. Outgoing (SMTP) servers are hidden in iOS, too. For any account, tap its name, tap the Account Name, and then tap SMTP under an Outgoing Mail Server label. (You may have to tap its name and then tap Mail to get to that SMTP label or tap an Advanced link.) If you see an unwanted SMTP server remaning in the list, you can tap it and set it to Off so it’s never used for that account. Repeat for every account.

That should resolve the problems. However, I’d love to hear from other people having network and mail switching issues with Xfinity or other providers—or that aren’t connected to ISPs at all.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate. Mac 911 can’t reply to—nor publish an answer to—every question, and we don’t provide direct troubleshooting advice.

Shop Tech Products at Amazon