One of the most important features of Apple’s next mobile platform is something the company has barely talked about. When iOS 8 comes out this fall, it will have the ability to randomize an iPhone or iPad’s Wi-Fi media access control (MAC) address, or network ID.
That’s a huge privacy advantage for people who want to leave their devices’ Wi-Fi active without worrying that their information might be gathered by marketers, police, spies or hackers. However, it does nothing to impede iBeacon, Apple’s own Bluetooth-based proximity-marketing service.
Interestingly, Apple barely mentioned MAC randomization at the World Wide Developers Conference last week, during which it announced iOS 8. It was left to UK-based user-interface designer Luis Abreu to tweet an image of a slide from a conference presentation about iOS 8 privacy that described the process.
“In iOS 8, Wi-Fi scanning behavior has changed to use random, locally administrated MAC addresses,” reads the slide, which can be downloaded from Apple’s servers as part of the presentation. “The MAC address used for Wi-Fi scans may not always be the device’s real (universal) address.”
So how would Apple’s MAC randomization work? Each piece of networking hardware on a computer, smartphone or tablet has a unique, permanent MAC address that identifies that specific piece of hardware on a network. A laptop, for example, will have separate MAC addresses for its Ethernet, Bluetooth and Wi-Fi connections.
MAC addresses are necessary for establishing a network connection and obtaining a temporary Internet Protocol (IP) address to get online, but they’re not so great for privacy, since devices can be identified and tracked by their specific MAC addresses.
If you’re walking through a shopping mall with Wi-Fi enabled on your smartphone, the phone is “scanning,” or simultaneously searching for Wi-Fi networks and broadcasting its MAC address to every Wi-Fi hotspot you pass by, whether or not you intend to connect to any of those hotspots.
Those hotspots are often logging all the MAC addresses they encounter, and marketers can examine those logs to identify repeat shoppers, how long a shopper spent in a store or even potential shoppers who walked by the store many times but didn’t come in.
The phones don’t even have to establish connections to provide their MAC addresses. Just being within range of the store network is enough. If any of those smartphones’ users decide to connect to the store’s Wi-Fi network, then marketers might also be able to assign real names to those harvested MAC addresses. Governments and criminals can set up Wi-Fi hotspots to gather the same information.
All of these practices impinge on people’s privacy, whether desirably or not. To counter the practice of MAC-based tracking, whenever an iOS 8-enabled device scans for Wi-Fi networks, it will use a randomized, temporary MAC address to announce its presence. (If a Wi-Fi connection is established, the iOS 8 device will apparently revert to its real, permanent MAC address.)
This is possible because software can “spoof” a MAC address so that the MAC address presented to a network doesn’t actually correspond to the device presenting it. MAC-address spoofing can be used by malicious hackers use to conduct man-in-the-middle attacks — they can pretend to be both the victim and the Wi-Fi router, positioning themselves to view Internet traffic and capture unencrypted data — but it can also be used to maintain privacy when moving through an environment rich with Wi-Fi networks.
This enhanced-privacy feature won’t stop man-in-the-middle attacks, but it will stop MAC-address-based tracking practiced by marketers — or police departments.
However, it also conveniently removes a competitor to iBeacon, which the company is encouraging retailers to use to target shoppers with hyperlocalized ads beamed to their iPhones. Introduced with iOS 7, iBeacon uses Bluetooth, not Wi-Fi, to track and communicate with iOS devices in a retail establishment.
MAC-address randomization isn’t iOS 8’s only new privacy feature. Mobile Safari users will be given the option to make their default search engine Duck Duck Go, a privacy-centric service that doesn’t store users’ personal information to customize searches. Duck Duck Go also doesn’t tell a Web page which search terms you used to find it, and also connects to the encrypted versions of websites whenever possible.