The death of the captive portal: why Apple, Google, and Samsung are killing legacy WiFi

If you manage WiFi for a venue, your relationship with the captive portal is… complicated. For years, it’s been the mandatory gateway, the digital front door for public-facing networks. We at Purple know this space intimately; we've dedicated over a decade to perfecting that very doorway. We built what we confidently call the best captive portal experience in the world.

And now, we're here to tell you it's time to prepare for its funeral.

The captive portal isn't just aging; it's being actively taken down, piece by piece, by the very companies that make the devices connecting to it. The pop-up login screen is no longer a minor inconvenience; it's a fundamental flaw in a system that's rapidly being replaced. For IT professionals and venue operators, ignoring this shift isn't an option.

Here's why the end is here, and what's coming next.

The manufacturer attack: a war on friction

Apple, Google, and Samsung - the primary gatekeepers of the mobile world - are in a race to deliver the smoothest, most secure user experience. The captive portal is now their declared enemy.

Why? Because it represents friction. It's a clunky, unpredictable barrier that breaks the "it just works" promise.

• iOS & Android are making portals harder to use: With every OS update, the noose tightens. Captive Network Assistants (CNAs) - the mini-browsers that handle logins - are becoming more sandboxed and less capable. They block cookies, break password manager integration, and fail complex multi-factor authentication flows. This isn't a bug, it's a deliberate design choice. The device manufacturers see the portal as a broken security model and a terrible user experience, and they are hamstringing it.
• The walled garden problem: The modern web simply wasn't built for a world where it's half-blocked. A captive portal, by definition, breaks most internet traffic until you authenticate. This can stop app notifications, break payments, and create a cascade of user-facing errors that your IT team gets blamed for.

Privacy concerns: big tech's ongoing crusade

Privacy is no longer a niche feature; it's a core marketing pillar for big tech. The legacy model of guest WiFi, which often relied on tracking a device's unique MAC address to provide a reasonable user experience, is now untenable.

• MAC address randomization: This was the kill shot for traditional, passive device recognition. Both iOS and Android now default to using a randomized, private MAC address when scanning for and joining WiFi networks. The ability to seamlessly recognize a returning customer just by their device has been (rightfully) taken away in the name of consumer privacy.
• User data as a hostage: The old value exchange - give me your email for free WiFi - feels increasingly archaic and coercive. Users are more skeptical, and regulators are more stringent. The device manufacturers are simply building this privacy-first mindset directly into the hardware, forcing the network industry to stop relying on legacy tracking.

The future is profile-based: WPA3 & Passpoint

The industry has been building the replacement for years, and it's finally ready. The future is not about logging in; it's about belonging.

• WPA3: This is the new security standard. It doesn't just offer stronger encryption; it fundamentally changes the authentication model. It moves us away from shared passwords (which are horribly insecure for public networks) and toward individualized, encrypted connections.
• Passpoint (formerly Hotspot 2.0): This is the technology that makes the magic happen. Passpoint allows a device to automatically discover and connect to a WPA3-secured network using a pre-installed profile or credential.

Think of it like this: instead of a user logging into your network, their device is provisioned with a pass that your network instantly recognizes and trusts. The connection is instant, encrypted, and seamless. No pop-up. No login.

Industry standards are here: WBA & OpenRoaming

This isn't a proprietary fantasy. This is a global, industry-wide evolution.

• Wireless Broadband Alliance (WBA): The WBA has been the driving force behind standardizing this new seamless experience.
• OpenRoaming: This WBA-led initiative is the most visible and powerful example. OpenRoaming creates a global federation of WiFi networks. A user with a single profile (from an operator like Purple, a carrier, or even their device manufacturer) can walk into any OpenRoaming-enabled venue on the planet - be it an airport, stadium, or coffee shop - and connect instantly and securely.

This is the roam like at home concept, but for WiFi. It obliterates the captive portal and replaces it with a trusted, global standard.

What this means for you

For tech-savvy venue operators, this is a moment of opportunity, not a crisis. Yes, the captive portal is dying. But what's replacing it is infinitely better.

We've seen this future coming. It's why, after perfecting the captive portal, we built its replacement. The shift is here.

It's a future that is:

• More secure: WPA3 and Passpoint provide robust, individualized encryption, protecting your guests and your network.
• A better experience: Users get instant, invisible connectivity. The friction you've been fighting for years simply evaporates.
• More valuable: Instead of a list of click-throughs from a frustrated captive portal, you build a relationship with users who choose to engage with you after they are already online, perhaps via an app or a non-intrusive notification.

The platforms have made their choice. The question is no longer if you will move beyond the captive portal, but when.