Skip to main content

More details on how iOS 8’s MAC address randomization feature works (and when it doesn’t)

Screen Shot 2014-09-26 at 5.57.54 PM

A few days ago Apple published a new privacy page on its website that detailed the various measures it has put in place to protect Mac and iOS users’ personal data. One of those features, which is new in iOS 8, is the automatic randomization of MAC addresses when the device is searching for a Wi-Fi network. This makes it much more difficult to track a device by seeing which Wi-Fi networks have spotted its unique identifier.

A new two-part study by AirTight Networks into how well this security feature works has turned up some interesting results, including several conditions that will stop the phone from randomizing a MAC address. Part one of the study breaks down what exactly needs to happen in order to start this function…

First, one of the more important points in the study indicates that the iPhone 5 and older models don’t seem to take advantage of MAC address randomization, though the security notes for iOS 8 say that the feature works on all devices. According to the AirTight research, only the iPhone 5s could be observed using this feature.

Apple’s website (seen above) states that to trigger this function, the user should be “out running errands with your phone in your pocket.” As implied by that sentence, the device needs to be locked to start randomzing its MAC address. This was confirmed by the AirTight study, which found that about two minutes after the device’s screen was locked, it would start searching for a familiar Wi-Fi network using a random address. Every time the device wakes up and goes back to sleep, a new MAC address is generated.

There is another stipulation that must be met before this feature will kick in, however, and it’s one that most users aren’t going to meet. In order to start using randomized MAC addresses, location services must be disabled.

If that requirement hasn’t ruled out every iPhone user from taking advantage of this feature, a discovery in the second part of the study almost certainly will. During the first round of testing, the researchers at the AirTight blog had not used SIM cards in any of the phones being analyzed. When they put SIM cards into these units and activated a cellular data connection, they found that MAC address randomization was completely disabled no matter what other critera were met.

You read that correctly: activating cellular data (3G/4G/LTE) on your iPhone (which you need to get iMessages, push notifications, emails, and more when not on Wi-Fi) seems to be deactivating one of the key features touted on Apple’s own privacy page. Apparently Apple belives that you should disable your cellular data connection when “out running errands with your phone in your pocket.”

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. At least now we can speculate on why they turned of cellular for the 8.0.1 release… someone at Apple must really only want you to use your phone when you are on WiFi…

    I know… it’s a bad joke…

  2. ron837192 - 9 years ago

    That must be a bug … Apple wouldn’t seriously advertise a feature that doesn’t work with location services enabled or a SIM card inserted.

    • crichton007 - 9 years ago

      Unless this is meant for use by people who typically wear tin foil hats.

      • giskardian - 9 years ago

        Ive oversees iOS development now, so it would be aloominium hats.

  3. driverbenji - 9 years ago

    from apple’s white paper: “When iOS 8 is not associated with a Wi-Fi network and a device’s processor is asleep, 
 iOS 8 uses a randomized Media Access Control (MAC) address when conducting PNO scans. When iOS 8 is not associated with a Wi-Fi network or a device’s processor is asleep, iOS 8 uses a randomized MAC address when conducting ePNO scans. Because
 a device’s MAC address now changes when it’s not connected to a network, it can’t 
 be used to persistently track a device by passive observers of Wi-Fi traffic.”

    What are “PNO” and “ePNO” scans? So, it does state here that it’s doing this when asleep…however, it doesn’t state that location services needs to be off. Perhaps this has bugs and should actually be working with location services on?

    I’ve seen several articles on this, has anyone talked with someone from Apple about this? Someone should, this needs explaining. But, if location services does need to be off then it will be pretty useless.

    • Jim Phong - 9 years ago

      http://redmine.replicant.us/boards/33/topics/5787
      “Preferred Network Offload leaks known SSIDs
      It was recently brought to our attention that most Android devices leak the know Wi-Fi SSIDs when the screen is turned off, in order to maintain Wi-Fi connections when the device is asleep. This issue was fixed (this is now disabled) in the Replicant source code and the fix will be part of the next batch of Replicant 4.2 images. You are encouraged to update to the new version (when available) or build Replicant from source if you don’t want to wait!”

      http://newsblog.wti.com/index.php/2014/07/how-to-lock-down-your-android-wi-fi-settings-to-improve-privacy/#more-25512
      “How to Lock Down Your Android Wi-Fi Settings to Improve Privacy

      Android users might want to check out this remedy for dealing with a privacy flaw that was recently discovered in Android devices …

      The Electronic Frontier Foundation discovered that the majority of Android devices were leaking Wi-Fi connection history data to anyone within range. This location history contains the names of Wi-Fi networks that the device has been connected to in the past. While it may contain cryptic names, it may also contain names such as “Home”, “London Heathrow Airport” or “Tom’s Mancave” that can be easily identified location-wise.

      The feature that makes this possible was introduced in Android 3.1 Honeycomb. It is called Preferred Network Offload (PNO) and its purpose is to allow Android phones and tablets “to establish and maintain Wi-Fi connections even when they’re in low-power mode” to extend battery life and reduce mobile data usage.

      Not all devices leak SSID information though. Apple’s iPhone, Amazon’s Kindle Paperwhite, the HTC One Mini or the Samsung Galaxy S4 don’t leak the information, while Google’s Nexus 4 and 5, the HTC One or the Samsung Galaxy Nexus do.

      What you can do about it

      There is unfortunately not a lot that you can do about it. Google has created a fix for the issue according to the EFF but it will take a while before it lands on user devices.

      There are however some options in regards to Wi-Fi settings on Android devices that lock down the phone at least partially.

      Note: The device used to demonstrate this is a Moto G running Android 4.4.2. Menus, names and options may differ depending on the version of Android and the manufacturer of it.”

  4. Roy Lin - 9 years ago

    After when I update my IOS 8.0.2 on iPhone 6 and mine iPad mini. Still having issue. Both of my devices not able to sync over wifi with iTunes 11.4 on my Macbook Pro. I try everything nothing seem to be work. Anybody can help me ?

  5. Jorge Mikhail - 8 years ago

    How to Change a Computer’s Mac Address in Windows

    https://youtu.be/hxaYX7dL6Ho