The researchers behind an earlier version of Snoopy that tracked only Wi-Fi signals have already used it to track more than 42,000 unique devices during a single 14-hour experiment in 2012 at the King’s Cross train station in London. They have also unleashed Snoopy in a variety of other environments over the past two years, including at several security conferences. By taking careful notice of the Wi-Fi networks the devices have previously accessed (and continue to search for), the researchers were able to detect likely relationships among users. Four devices that hailed an SSID that the researchers geolocated to a London branch of one of the UK’s largest banks, for instance, were presumed to belong to coworkers of the financial institution.
This is why devices should default to wifi being off and only turned on when a user wants to use a public wifi. Devices with wifi on will try and get an IP address via DHCP from any open wifi or wifi with a well known SSID — which can be spoofed by anyone. This usually isn’t a problem. The most they get is the layer 2 MAC address of the device which is unique. This could be put into a database and used for tracking.
Sometimes devices will spill IP addresses through ARP requests on networks they think they are still on and this can be problematic.