I know something about this. I built and ran a service for carriers to help with “WiFi offload”.
It’s intended as a consumer-friendly way to increase capacity in dense areas (like a sports stadium or mall) where the carrier’s cell towers don’t have enough capacity.
Wifi offloading is not new. AT&T helped invent these standards back in ~2009 when their network was getting crushed by massive increases in traffic as iPhone usage took off.
WiFi offload networks are configured as “Managed Networks” which are lower priority than any user-selected networks. You can disable them by turning off “auto-join”. (Also these WiFi offload networks are secure; you can’t spoof them).
However it appears that the original poster’s carrier (presumably Xfinity Mobile or Spectrum Mobile) has done something new - they’ve disabled the user’s ability to turn off “auto-join” on iOS. Some overzealous team is trying to lower their cellular costs. That’s because both Comcast and Spectrum rent capacity on Verizon Wireless towers, but their MVNO cellular service is not profitable unless their customers are using the cable company’s own WiFi fairly often.
However this (disabling “auto-join”) is a dumb move. It’s obviously problematic for users whose neighbors are broadcasting the [Xfinity WiFi or Spectrum Mobile?] SSID.
To my knowledge, no major carrier does this. If you’re on AT&T, T-Mobile, or Verizon, the “managed offload networks” can be easily disabled. And the major carriers are using higher-quality commercial WiFi networks for offload, not random home cable modems.
Friendly remark.
Recently the term "consumer-friendly" became the synomym of "we shove it down your throat whether you like it or not!". If you wish to communicate some real user-friendly feature better find some other phrase. Reading "consumer-friendly" statements of providers makes me turn away and never look back.
See the above example. Hijacking the device we use for our daily operations, very important one with sensitive data, already in risk from multitude of origins, hijacking it remotely into some unknown channels along hidden organisational incentives is a very offensive and frightening move. The technology is not new and it is OPTIONAL for very long time. Shoving it down the throat is bad. Very bad.
(I am pretty disappointed with the population of the world that accepts anything from service providers for mostly marginal or never missed gains, accepting the elimination of choice. Providers feel they can get away with anything and became increasingly hostile.)
If the use case is as described (connecting to WiFi APs owned and controlled by the network in deadspots / hotspots - e.g. stadiums and large buildings - and not end-user APs in homes), it's not clear to me that this poses any significant threat above and beyond connecting to the same operator's cell towers. If you don't trust them to run a WiFi network, probably shouldn't trust their cell network either.
Having phones automatically and uncontrollably route via random 3rd party APs is a bad decision, but I didn't read GP as advocating for this.
In the US, at least, tampering with cell service risks getting the FCC involved, so very few people do it compared to WiFi hacking.
I'm very curious, for example, if the devices that connect to these APs are vulnerable to the WiFi client isolation bypass that was disclosed about a week ago.[1] That seems a lot scarier when there are potentially thousands of random people's personal phones connecting to the same WiFi infrastructure instead of a bunch of more or less trusted corporate devices in an office.