Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

MAC address randomization joins Apple's heap of iOS 8 privacy improvements

With consumers growing more conscious about protecting their privacy, Apple has begun tackle the issue head on with numerous enhancements to its next-generation mobile operating system including a new feature that makes it more difficult to track and identify individual iOS devices.

Beginning with iOS 8, Apple's handheld devices will generate and use random Media Acccess Control, or MAC, addresses — rather than their real MAC address — when scanning for Wi-Fi access points. The change was announced in a closed session at the company's Worldwide Developers Conference and first called out by security researcher Frederic Jacobs.

MAC addresses are unique identifiers that allow devices to distinguish between one another on a network. Typically, every network interface has its own MAC address — on an iPhone, that means one each for the Bluetooth and Wi-Fi radios.

When scanning for wireless networks, client devices like the iPhone periodically broadcast identifying packets that include the MAC address. In recent years, a number of firms have taken advantage of these broadcasts to track individual devices as they move around — for example, some retail outlets use MAC address-based tracking to record the path that consumers take as they move through the store, allowing long-term measurement of shopping habits and better placement of sale materials and advertising.

Beginning in iOS 8, Apple's mobile devices will broadcast random MAC addresses to foil long-term tracking

There are also other, more benign uses for MAC address tracking. The city of Houston's TranStar traffic monitoring system, for instance, uses the MAC addresses from Bluetooth devices to measure traffic flow on city streets.

Though it is generally difficult to tie MAC addresses to specific people without some other connection, the privacy implications of MAC address tracking have been the subject of increasing debate. Apple's solution would effectively neuter the practice of long-term tracking by randomizing the MAC address shown during each round of scanning, a feature that many in the privacy community have been pushing for some time.

The new MAC randomization system is the latest in a line of privacy-focused moves from Apple that have come to light as developers digest the wealth of material offered at last week's Worldwide Developers Conference.

Most visible among those change is iOS 8's new "While Using" location privacy option. The new setting allows users to restrict apps from determining their location unless the app is in active use, preventing apps from collecting location data in the background unless explicitly authorized to do so.

Also new in iOS 8 is support for DuckDuckGo, an alternative search engine that promises not to track its users' searches or internet history. Additionally, Apple has opened the iPhone 5s's Touch ID authentication system for use by third-party apps, further enhancing security while increasing convenience.

Taken together, Apple's recent moves suggest a renewed focus on security and privacy that could pay dividends as its competitors come under increasingly heavy fire from governments and privacy advocates.



37 Comments

bighype 148 comments · 12 Years

These moves are further differentiating Apple away from evil Google's "big brother" model. The choice for consumers will be pretty simple: you either buy Apple gear that's safe and designed to protect your privacy or you pick Google's gear that's designed to spy on you since that's how Google makes money.

cpsro 3239 comments · 14 Years

Another way to look at this might be that if accurate tracking of iOS users is desired, a fee-based agreement with Apple must be made.

solipsismx 19562 comments · 13 Years

[quote name="Cpsro" url="/t/180527/mac-address-randomization-joins-apples-heap-of-ios-8-privacy-improvements#post_2547997"]Another way to look at this might be that if accurate tracking of iOS users is desired, a fee-based agreement with Apple must be made.[/quote] Is there any evidence that Apple wants to sell copy these MAC addresses per device and then sell these lists? Wouldn't that also mean the MAC addresses can't truly be random, but rather just give each device a large pull to pull from in order for the lists to still yield accurate results? I don't see any reason for Apple to think this paltry gain in sales would outweigh the backlash if they were caught doing this. I think the only reasonable conclusion is that Apple does care about your privacy because they know that will help them sell more devices.

patsu 430 comments · 20 Years

[quote name="Cpsro" url="/t/180527/mac-address-randomization-joins-apples-heap-of-ios-8-privacy-improvements#post_2547997"]Another way to look at this might be that if accurate tracking of iOS users is desired, a fee-based agreement with Apple must be made. [/quote] They won 't be able to do this of course. It would fly against their historic stance on privacy protection, and future health-related efforts.

elmoofo 100 comments · 11 Years

Google's whole business model is based off of them tracking everything about you, vs this. Easy choice.