Tethering and the lure of data: How to make every byte count

Sebastian Müller portrait

By Sebastian Müller
Published on: 06.08.2020

Reading time: ( words)
Categories: Telco analytics, vEPC

We all know about the lure of data. Screen addiction has become so commonplace that in most places, connected devices have started outnumbering people. These devices have become the gateways to new forms of entertainment, information and social engagement, and many of us at some point would have turned down a good night out with friends for a long night on the screen.

It is perhaps not surprising that data has enticed many to foray into the less permissible means of finding it. Tethering for example, has become one such means. Turning a connected smartphone into an on-demand modem, and using it to power other smartphones and PCs, either via a Wi-Fi hotspot, Bluetooth or USB cable, has become a convenient means of connecting a handful of other unaccounted users to the data highway.

What is tethering?

Tethering works through the available mobile data and Wi-Fi sharing feature enabled on most smartphones. Over the last many years, sharers and users alike have enjoyed the lax rules and poor enforcement that has rendered tethering a disputable grey area. Citing increasing costs of devices and escalating tariff rates that accompany higher data speeds, the parties involved continue to justify the use of data above and beyond what is agreed with the communication service providers (CSPs).

Despite all this, tethering is not all forbidden. The number of networked devices per capita globally is expected to reach 3.6 by 20231 (with a whopping 13.6 devices per capita for the United States!). This effectively translates to each mobile user having 2 to 3 other devices that require concurrent access to the Internet. Enabling tethering will allow a subscriber to share data among their many devices, while allowing them to monitor the total usage of all their different devices from a single account and a single bill.

In fact, many CSPs have responded to this by developing plans that incorporate tethering, specifying explicitly the number of devices a subscriber may tether to or going all the way to offering ‘phone-as-a-modem’ plans. T-Mobile, for example, offers a Smartphone Mobile Hotspot (SMHS) feature in its Magenta, T-Mobile ONE and Simple Choice plans. Users can connect up to 10 devices to their smartphone’s mobile data with the usage limit depending on the plan. Verizon offers tethering services for a list of its packages including its unlimited plans, and the limit on the number of devices and data usage depends on the type of plan and the user’s device compatibility.

Unfortunately, the lure of data can be so strong that subscribers often circumvent these limits by downloading third party tethering apps that are not available on the app store for example the PdaNet+ app, and jailbreaking or rooting their smartphones to allow the installation of such apps, which make it difficult for CSPs to detect tethering activity. This leads to tethering fraud, where many different unauthorized and uncontracted devices with different private IP addresses disguise themselves as a single public IP address to take advantage of existing mobile data plans, with unlimited plans often being the target.

As data usage overtakes voice and traditional messaging, the pumping of unauthorized data into the network via illegal tethering may cause massive revenue leakages and traffic congestion, resulting in a poor quality of service for other subscribers and poor customer satisfaction. This effect will only worsen with the rising consumption of rich content. Mobile video consumption is expected to increase tremendously as UHD/4K video consumption, online meetings and conferences, live streaming and vertical videos gain popularity. This coupled with the 10.2% year on year growth in mobile gaming2 and the increase in usage of other mobile applications, such as image- and video-heavy social media and instant messaging, will result in subscribers attempting to share much more of their data plan than they are allowed to, causing a considerable downgrade in the quality-of-experience of other users.

How to restrict unauthorized tethering

To prevent such risks and losses, CSPs will require a solution that can track and detect tethering in real-time, and this is where mobile tethering transparency tools come into play. Our mobile tethering detection plug-in for example, identifies network address translation activities and the devices and applications involved in such activities. The plug-in uses heuristic methods such as Google QUIC user agents, Time to Live (TTLs) and TCP timestamps to recognise the devices hiding behind a routing device’s publicly exposed IP address.

The plug-in is an extension of our OEM deep packet inspection (DPI) software R&S®PACE 2 that inspects and classifies IP traffic and extracts metadata. Leveraging this advanced detection and classification engine, the plug-in delivers one of the highest and most accurate traffic classification rate in the industry and is constantly updated to reflect any changes or updates in device operating systems.

The mobile tethering transparency plug-in displays IP traffic analytics in an accessible and flexible manner and provides real-time information, for example, about the number of routing devices and the number of devices tethering from the routing device. Using this information, CSPs can block or slow down the connection of subscribers that are tethering more than what their plans allow and prevent the abuse of their data network.

This visibility is also essential for network management. Network analytics vendors, for example, benefit from incorporating mobile tethering transparency into their network monitoring tools. This facilitates the detection of phantom users and the invisible usage of network resources, and allows actual network issues such as faulty network devices and bandwidth limitations to be separated from issues arising from illegal tethering.

While some CSPs have banned tethering altogether, others have threaded the path with caution by including extended terms and conditions in their service plan agreements. However, monitoring limitations and lack of transparency can render plan rules ineffective. Having real-time insights on tethering activity therefore not only allows CSPs to enforce what is agreed in their plans, it also allows them to learn about subscriber sharing behaviour and use this to expand their offerings for multi-device subscribers.


1. Cisco Annual Internet Report (2018–2023) White Paper (https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html)

2. The Global Games Market Will Generate $152.1 Billion in 2019 as the U.S. Overtakes China as the Biggest Market (https://newzoo.com/insights/articles/the-global-games-market-will-generate-152-1-billion-in-2019-as-the-u-s-overtakes-china-as-the-biggest-market/)

Sebastian Müller portrait

Sebastian Müller

Contact me on LinkedIn

Sebastian is a passionate DPI thought leader guiding a cross-functional team to build the networks of the future with leading traffic analytics capabilities. He has over ten years of dedicated experience in the telecom and cybersecurity domain, providing him with deep understanding of market requirements and customer needs. When he’s not at work, you can either find him on his road bike or hiking in the mountains.

Email: Seb.Mueller@rohde-schwarz.com
Stay informed. Subscribe to our newsletter.

For more details about how we protect your privacy and information, please read our privacy policy.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news.ipoque@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the "Statement of Privacy".

What does this mean in detail?

I agree that ROHDE & SCHWARZ GmbH & Co. KG and ipoque GmbH, a ROHDE & SCHWARZ company may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.