By Claus Hetting, Wi-Fi NOW CEO & Chairman
Later this year – probably some time in September – Apple will release iOS14 and included will be a new ‘Use Private [Wi-Fi] Address’ feature. The new functionality could have serious implications for parts of the Wi-Fi industry, says Aptilo Networks’ VP Marketing & veteran Wi-Fi expert, Johan Terve.
Apple has long since been touting privacy as one of their prime corporate values – and now they are taking yet another step to make it more difficult for iPhones (and their users) to be traced: In the next iOS release (iOS14) Apple will be introducing so-called MAC address randomization as a feature. This means the hardware (MAC) address of the device – which is normally invariable – will change every 24 hours so that the phone is no longer traceable by MAC address.
The feature is called ‘Private [Wi-Fi] Address’ and a full description can be found here. It also appears that Apple will leave this feature on as default, which then of course means that MAC randomization will be activated on all iOS14 devices, unless actively disabled. The feature will make sure that MAC addresses will change every 24 hours, sources explain.
According to Aptilo Networks’ VP Marketing and veteran Wi-Fi expert, Johan Terve, this could seriously impact the Wi-Fi industry – or at least, some parts of it. “The first thing is that any Wi-Fi network that uses a MAC address for authentication of users will now need to present the user with a new log-in screen, because the network won’t recognise the user’s MAC address after 24 hours. Basically, the network won’t know if that user has been there before,” Johan Terve says.
Authentication (meaning service access) to Wi-Fi networks by MAC address is still widely used, so anyone applying this method – including service providers – will need to review their service policies. In the worst case, Wi-Fi users will be forced to create new credentials and log in again and won’t be able to autoconnect as normal. The issue arises only for open SSID networks, Terve says. He also says that it is not yet known if service providers will be able to disable this feature via device profiles.
For a part of the Wi-Fi industry, Apple’s new MAC randomisation feature could cause something akin to existential problems. Some Wi-Fi marketing and analytics companies use MAC addresses to identify returning guests – for example repeat visitors to a store or restaurant – and then apply this information within the context of a wider CRM-based marketing scheme. Apple may for the time being have put an end to that practice.
MAC randomization schemes have been around since 2014 but were never implemented by Apple in such a sweeping manner, Johan Terve says. The latest Android release (Android 10 September 2019) allows MAC randomization on a per Wi-Fi network basis. “The randomized MAC address option is configured for each wireless connection, so there is no way to configure this globally,” says TechRepublic here. It’s also active by default for each network, so Android users would need to actively turn the feature off if they don’t want to use it.