iOS 8 randomises the MAC address while scanning for WiFi networks. Hoping that this becomes an industry standard.
Whenever you walk around a major Western city with your phone’s Wi-Fi turned on, you are broadcasting your location to government agencies, marketing companies and location analytics firms.
In shopping malls, for instance, a firm called Euclid Analytics collects, in its own words, “the presence of the device, its signal strength, its manufacturer (Apple, Samsung, etc.), and a unique identifier known as its Media Access Control (MAC) address.” In London last year, one start-up installed a dozen recycling bins that sniffed MAC addresses from passers-by, effectively tracking people through the area via their phones. Such companies go to great lengths to explain that such information in not personally identifiable—except that repeated studies have shown that this data can indeed be used to infer a great deal about your life.
In adding MAC address randomization during Wi-Fi probing, Apple manages to both eliminate a potential privacy leak and drive companies interested in location-based advertising toward a solution it prefers. iOS users who would prefer to opt out of iBeacon can first ensure they have no iBeacon-aware apps installed (like the official Apple Store app), or they can disable Bluetooth. Until iOS 8 arrives, iOS 7 users who would prefer not to have their MAC addresses tracked in public can disable Wi-Fi when they’re out and about.
The new MAC randomization system is the latest in a line of privacy-focused moves from Apple that have come to light as developers digest the wealth of material offered at last week’s Worldwide Developers Conference.
Most visible among those change is iOS 8’s new “While Using” location privacy option. The new setting allows users to restrict apps from determining their location unless the app is in active use, preventing apps from collecting location data in the background unless explicitly authorized to do so.
I think this is a good idea, but I’m skeptical that it will do as much for privacy as people are saying. Julian Bhardwaj:
Most devices use both passive and active discovery in an attempt to connect to known/preferred networks. So it’s very likely that your smartphone is broadcasting the names (SSIDs) of your favourite networks for anyone to see.
The unfortunate news is there doesn’t appear to be an easy way to disable active wireless scanning on smartphones like Androids and iPhones.
However, you can at least tell your phone to ‘forget’ networks you no longer use to minimise the amount of data leakage.
In other words, with MAC address randomization, the names of your favorite networks become an identifier for you. Secondly, snoopers can use a common network name that your phone will try to auto-connect to, at which point they’ll get your real MAC address.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.