iOS 8 randomizes MAC addresses

iOS 8 randomizes MAC addresses

Summary: Apple's next generation mobile OS doesn't broadcast your MAC address while searching for wi-fi access points. It's a small victory for privacy advocates and a loss for mobile marketers.

TOPICS: Apple, iOS, iPhone, iPad, Mobility

Frederic Jacobs (@FredericJacobs) tweeted that iOS 8 randomizes a device's MAC address while scanning for Wi-Fi networks.

Randomized MAC addresses were not demonstrated by Apple during its WWDC keynote address and the new privacy feature (and slide) most likely trickled out during one of the developer sessions.

MacRumors notes that randomizing the MAC addresses of iOS devices when scanning for Wi-Fi networks will make it more difficult for companies to track and gather location data on a customer. Since every iOS device has a unique MAC address it could easily be used for location tracking and data collection via Wi-Fi scanning.

According to the slide, Wi-Fi scanning behavior in iOS 8 "has been changed to use random, locally administered MAC addresses" and said MAC addresses "may not always be the device's real (universal) address." Nice.

Chalk it up as a victory for users concerned about their privacy because iOS 8 devices can't be tracked while doing something as pedestrian as searching for an available Wi-Fi network (which almost every device does).

Mobile marketers that salivate over such device data will undoubtedly be disappointed in Apple's decision, but it's a win for consumers and re-emphasizes Apple's commitment to privacy. 

Topics: Apple, iOS, iPhone, iPad, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • iOS 8 randomizes MAC addresses

    Kudos to Apple.
    Some will have some type of complaint to write about.
    • depends on how Apple treats the innovation

      If Apple threatens to sue anyone who implements this unless they give Apple $20/device, then I don't see this becoming widely adopted.
      Harlon Katz
      • Who Cares?

        Must be Apple Envy
      • You found something

        Yes well why does it have to be widely adopted?

        Apple has a security feature. It will work no matter what anyone else has.

        Too bad for everyone else then hey?
      • it doesn't matter how widely adopted it is

        since the protection here is entirely on the client end (and the web server can't thwart it), the adoption rate is irrelevant to the device... it is the device itself that randomizes the MAC address, and is thus protected.
        • try zero MAC mode for better security

          Turn wifi off
      • lol what

        Like they are going to get a patent for "breaking a protocol rule".
        Apple needs to swallow its pride and just pay up for NFC license and bring all their sheep up to date.
        if MAC randomising is technology, then ibeacon must the comedy sidekick.
        Apple needs to Just stick to designing and leave comms tech to real engineers.
        • Lol what are you on

          What are you talking about? why would apple want to adopt NFC. It is in no way secure enough. You sound like every other person that posts messages on here.

          Just go with the flow eh.
    • Randomized MAC addresses?

      OK, so even the user won't be able to tell which device is connected to his network because the MAC address will change every time he connects? NOT a good thing at all!
      Now I can't just put in a set of MAC addresses for MY devices, and be assured that other devices can't connect, and making it impossible to connect a new device I buy? Somehow I don't think this was wall thought out, or perhaps not well explained.
      • MAC filters will still work

        It only uses random MAC while scanning. When it negotiates a connection, it uses its fixed MAC address.
        The concept to prevent your MAC being logged by any router UNTIL you attempt to connect.
    • The NSA and some advertisers, maybe.

      And some users who want to lock their home wifi routers down with a MAC address whitelist (maybe there is an option to give the "honest" MAC, or at least a fixed consistent one, to the home or work wifi).

      Everyone else should love it.
  • Nice

    Good move.
  • It depends upon who's tracking you

    1. Won't this interfere with MAC access lists on wireless routers, like lots of people (should) have at home or in an office?

    2. The user device's MAC address doesn't go any further than a wireless access point; it doesn't go out onto the wider internet anyway. I'm not at all sure how mobile tracking works, but the only way you can be tracked by MAC address is if the wireless access point that you connect to is tracking you. Any signals that go 'out' onto the internet have the MAC address of the wireless router, not the phone. Likewise, at any hop along the route, the source MAC address is that of the source networking hardware (i.e., a router or a switch), not the end user device.

    So unless mobile tracking takes place in the wireless access point (which it may well do - like I said, I don't know how mobile tracking works) this won't prevent mobile tracking which is instigated from a server because, randomised or not, the server never sees the end user device's MAC address.
    • MAC access lists are snake oil.

      "Won't this interfere with MAC access lists on wireless routers, like lots of people (should) have at home or in an office?

      MAC access lists are snake oil. It's long been the case that they are easy to spoof; I've owned several consumer level routers that allow you to change their MAC address.

      You won't gain any protection using MAC access lists - if you want to keep people off your network, WPA is far more effective.
      • Most companies....

        ...use MAC address list IN ADDITION to WPA for certain internal wifi vlans...
        I haven't used MAC ACL as the only means of wifi network control since, what - 2001, but it's definitely useful in corporate environment for identifying misbehaving (but not malicious) devices.
        This move by Apple has me scrambling trying to find ways to keep ios 8 devices off my wifi network...
        Probably end up sandboxing them into restricted, throttled wlan...
        • Let's be realistic

          You're not going to spend much time trying to keep ios users off your network, it doesn't affect you at all - unless you were previously tracking devices passing by your network?

          It randomises the MAC address when scanning, once the user connects, the real MAC address activates.

          If anyone seriously uses mac filtering as a security feature anymore, ios 8 actually helps it - not hinders mac filtering. Here's how you bypass mac filtering - you just listen to devices around the network sending their identity packets, grab the MAC address, change your MAC address to that one, and you're in. If anything the fact that the ios devices will be sending out lots of nonesense mac addresses before they connect may delay an attacker by several seconds.

          It won't affect your ability to manage devices on your network at all
      • MAC address block

        I use the MAC address for parental controls on my router for my kids devices, not keep them off. I can't tell from what you are saying if this is going to be problematic with this new method.
    • It will stop at least one tracking project if it is extended beyond WiFi

      Some of the traffic lights here have bluetooth and are using the Bluetooth MAC address to track traffic flow between lights by the smartphones in the vehicles.

      If the MAC address were randomised and change between access points then this tracking would fail.

  • NICE! :)

    A great move and idea for Apple with this randomizing the MAC addresses of iOS devices when scanning for Wi-Fi networks will make it more difficult for companies to track and gather location data on a customer. Since every iOS device has a unique MAC address it could easily be used for location tracking and data collection via Wi-Fi scanning. This is great! :)
    • new security technology that protects you better than MAC randomising

      It's called: turn off wifi.