Where are Wi-Fi passwords stored on your phone: hidden system settings

It's common to need to connect a new device to an existing wireless network but forget or lose the password. Fortunately, modern smartphones automatically remember the login information after the first successful entry. However, for security reasons, viewing this code in plaintext in the standard connection menu is not possible.

System files in which Wi-Fi passwords are stored on the phone, protected by superuser access rights or isolated in encrypted operating system storage. The location of this data varies significantly depending on the platform: Android uses text configuration files in the system partition, while iOS hides keys in the secure iCloud Keychain storage, accessible only through the Apple ecosystem.

Understanding the file system structure and synchronization mechanisms allows you to extract the necessary information legally. In this article, we'll take a detailed look at system file paths on different Android versions, examine the specifics of Keychain functionality on iPhone, and discuss safe ways to view saved networks without voiding your warranty.

Wi-Fi Storage Architecture on Android

In the Android operating system, information about wireless networks is stored in a special system file, which usually has the extension .conf or .xmlThe path to this file depends on the operating system version and the device manufacturer. On most smartphones running Android 9 and below, this file is located at /data/misc/wifi/wpa_supplicant.confThis is where the list of all networks (SSIDs) the phone has ever connected to is stored, along with their passwords in clear or hashed form.

Starting with Android 10, Google implemented strict security restrictions by changing the data storage structure. Passwords can now be scattered across different files or stored encrypted within the system database. WifiConfigStore.xmlAccess to these file system sections is closed by default to regular applications and users. Direct reading of files requires Root rights, which give full control over the device, or using special debugging methods via ADB (Android Debug Bridge).

It's important to note that on devices with custom skins, such as Xiaomi's MIUI or Samsung's OneUI, the paths may differ. For example, on some Samsung models, configuration files may be located in the directory /data/misc/wifi/ under names containing the user ID or a specific network interface. Manually modifying the contents of these files without proper knowledge may cause the Wi-Fi module to stop working properly.

⚠️ Warning: Directly editing system Wi-Fi configuration files without first creating a backup may result in the loss of all saved networks and the need for a complete reset of network settings.

For users who don't want to root, there are alternatives available through the system settings, which were introduced in Android 10 and later. The "Share" feature or QR code allows you to view the password, but only for the currently active network. This is a compromise solution that allows for quick connection of guests, but does not provide full access to the connection history.

Android Instructions: Access via Root and ADB

If your smartphone has an unlocked bootloader and root privileges (for example, via Magisk), obtaining the password is a trivial task. You'll need a file manager with root access, such as Root Explorer or Solid Explorer. After granting root privileges, you'll need to navigate to the system's root directory.

Find the file wpa_supplicant.confOpen it with any text editor and you'll see a data structure where each network corresponds to a block of parameters. The password you're looking for is in the line starting with psk=If instead of a password you see a long string of characters enclosed in quotation marks, this is your access key in cleartext.

If you don't have root access but have USB debugging enabled, you can use a computer and the ADB utility. This method requires connecting a cable and executing commands in a terminal. It's less likely to affect your warranty, but requires technical expertise.

☑️ Check before using ADB

Completed: 0 / 4

The sequence of actions for extracting data via ADB is as follows:

  • 📱 Connect your phone to your computer using a cable and select "File Transfer" mode.
  • 💻 Open the command prompt on your PC and enter the command adb pull /data/misc/wifi/wpa_supplicant.conf.
  • 📂 If the command is successful, the file will be copied to the ADB root folder on your computer.
  • 🔍 Open the resulting file with notepad and find the line psk="YOUR_PASSWORD".

It's worth noting that on newer versions of Android, the pull command may not work without root access due to changes in SELinux permissions. In such cases, the system will simply deny access to the file, even if debugging is enabled.

View passwords on iPhone and iPad (iOS)

The Apple ecosystem takes a radically different approach to security. There's no single text file that can be "read." All Wi-Fi passwords are stored in a secure vault. iCloud Keychain (Keychain). Access is only possible through biometric authentication (Face ID or Touch ID) or the device's passcode. This ensures that even with physical access to the phone's file system, the data remains encrypted.

Starting with iOS 16, Apple allowed users to view saved passwords directly in Settings. To do this, go to the Settings menu. Settings → Wi-Fi, tap the "i" icon next to the network name, and select "Password." After verifying your identity, the phone will display the hidden text. On older versions of iOS, this option is not available in the interface, and the only options are to use a Mac with keychain sync enabled or jailbreak.

If you have a Mac computer associated with the same Apple ID, you can find the password using the Keychain Access app. Enter the network name (SSID) in the search bar, double-click it, and check the "Show password" box. The system will prompt you for your macOS account password or fingerprint, after which it will display the required data.

Why can't I view the password on older iPhones?

On devices without iOS 16, Apple hid passwords for security purposes, assuming the user remembered their own password or used a Mac to view it through syncing.

However, this action voids the warranty and makes the device vulnerable to malware, so this method is not recommended for regular users.

Using cloud services for recovery

Modern smartphones automatically sync Wi-Fi settings with cloud accounts. On Android, this is a Google account, and on iOS, it's iCloud. If you lose your phone or reset it to factory settings, the list of known networks and passwords will be restored automatically when you sign in to your account on a new device.

Google stores passwords encrypted on its servers. You can check what data is stored in your account through the web interface. Visit the website passwords.google.com, log in, and search for "Wi-Fi" or the name of your network. All saved passwords synced between Chrome and Android will be displayed here.

iCloud works similarly. On the website icloud.com You can manage your keychain data in the Account Settings section, although directly viewing Wi-Fi passwords through the web interface is often restricted for security reasons and requires a trusted device to be nearby.

Platform Storage location Access without Root/Jailbreak Web access
Android (< 10) wpa_supplicant.conf No (Root required) Via Google Passwords
Android (10+) WifiConfigStore / Settings Only the QR code of the current network Via Google Passwords
iOS (< 16) iCloud Keychain No (only via Mac) Limited
iOS (16+) Settings → Wi-Fi Yes (via FaceID/TouchID) Limited

Using cloud sync is the most reliable way to ensure you don't lose access to your data. Make sure the backup feature is enabled in your device settings.

📊 How do you usually restore Wi-Fi access?
I remember the password by heart
I'm looking at the router
I'm using a QR code from another phone.
I'll ask the person who set it up.

Third-party apps: risks and reality

App stores are filled with hundreds of apps with names like "WiFi Password Viewer" or "WiFi Key." Users often hope these utilities will magically reveal saved passwords. However, the reality is that without root access, these apps are useless for viewing saved networks.

Most of these programs operate in one of two ways. First, they simply display the QR code for the current network (a feature also available in Android's default settings). Second, they attempt to guess the password from a database of common combinations or exploit WPS vulnerabilities (if they haven't been patched by the router manufacturer).

⚠️ Warning: Installing apps that require suspicious permissions to "analyze Wi-Fi" can lead to the theft of your personal data. Many of these programs are adware or malware.

If you have root access, such applications can actually read the system file. wpa_supplicant.conf and display a list of passwords in a user-friendly interface. Examples include WiFi Password Viewer or WiFi Key RecoveryBut is the risk of installing questionable software worth simply viewing a password that can be found by other methods?

A more secure alternative is password managers such as 1Password, LastPass or Google's built-in manager. They securely store data and can autofill Wi-Fi input fields when connecting if you've previously saved this data.

Security and protection of saved networks

Understanding where passwords are stored highlights the importance of protecting the device itself. If an attacker gains physical access to an unlocked phone or runs a malicious script with adb privileges, they can easily extract all stored networks. This is especially relevant for the corporate sector, where a leaked Wi-Fi password could open the door to the company's internal infrastructure.

Use complex passwords to unlock your screen. Biometrics are convenient, but a numeric code or a long phrase provide an additional layer of security, especially after a device reboot, when biometric data may not work until the PIN is entered for the first time.

Regularly check the list of connected devices in your router settings. If you notice an unknown device, change your Wi-Fi password immediately. After changing the router password, all your devices will be required to forget the network and enter a new key, which is also a good digital hygiene practice.

Avoid connecting to open public Wi-Fi networks without using a VPN. While this doesn't directly affect password storage, it will prevent data interception if your device automatically attempts to connect to a fake hotspot with a similar name.

Frequently Asked Questions (FAQ)

Is it possible to find out a Wi-Fi password if the phone has never connected to this network?

No, a phone physically can't know the password if it's never entered and saved. To connect, you need to know the key in advance. However, if WPS is enabled on the router, connecting without entering a password is theoretically possible, but this method is considered outdated and insecure.

Where is the wpa_supplicant.conf file stored on a Samsung Galaxy?

On most Samsung devices, the path remains standard: /data/misc/wifi/wpa_supplicant.confHowever, on newer models with Android 11+, the contents of this file may be hidden or replaced with WifiConfigStore.xml, which can only be accessed with root rights.

Are password recovery apps safe to use?

Using such apps is only safe if you have root access and trust the developer. Otherwise, such apps often simply display ads or, worse, steal data. It's better to use built-in QR code features or cloud-based password managers.

What should I do if I changed the password on my router, but my phone won't connect?

You need to "forget" the network on your phone. Go to Wi-Fi settings, tap your network name, and select "Delete" or "Forget Network." Then try connecting again using the new password.