Apple randomises MAC addresses in iOS 8, killing off key ad-tracking tool

Apple will introduce a significant boost to privacy for users in iOS 8

With iOS 8, Apple will introduce a significant boost to privacy for users by eliminating the usefulness of a unique device number that advertisers and app developers have used to keep a tab on users.

Apple may have borrowed app data-sharing and widgets from Android to build iOS 8, but the company appears to be drawing a line between the two at privacy.

Communicating changes in iOS 8 to developers at its Worldwide Developers Conference that wrapped up on Friday, Apple revealed it will restrict what data iOS 8 devices will share when they scan for wi-fi networks. It's going to do this by randomising the media access control (MAC) address that is broadcast when devices search for an available wi-fi network.

“In iOS 8, Wi-Fi scanning behavior has changed to use random, locally administrated MAC addresses,” Apple notes.

This means that “the MAC address used for Wi-Fi scans may not always be the device’s real (universal) address,” Apple explains.

Currently all computers emit a device’s MAC address while it searches for available wifi networks and, without too much effort, anyone can see that address. The reason it’s seen as a threat to privacy is because the number is unique, making it a useful way for advertisers to continue monitoring a device owner.

News of the upcoming changes were outed on Sunday by UK-based user interface designer Luis Abreu.

“Remember the London trash cans that collected Wi-Fi MAC addresses? Not possible with iOS 8 as they’re randomized during scanning,” he wrote in a post on Twitter .

The trash cans he referred to were the 100 smart recycling bins that a UK startup called Renew rolled out across London ahead of the 2012 Olympics but only caught the attention of media in mid-2013.

The bins recorded the MAC address of each device that passed by, offering advertisers a map of a person’s movements through the city. At the time, the company’s spokesman told Quartz that it didn’t violate anyone’s privacy because it collected publicly available information, and didn’t link that to the owner’s home address or name. Nonetheless, London City pulled the plug on the smart bins.

While randomising a MAC address might prevent companies like Renew from tracking a person’s movements, Apple has had its eye on the unique identifier for some time for different reasons.

Read more: Apple, Cisco join Microsoft’s fight against US warrant for email stored overseas

On May 1, 2013, Apple began blocking apps that attempt to access an iOS device’s unique device identifier (UDID), which until then had been the most reliable way for advertisers to track users.

Ahead of the ban, as TechCrunch reported in 2012, the MAC address became a popular substitute for UDID since it too was unique and permanent, making it a reliable replacement.

The ban on UDID came as Apple launched its alternative system, Advertiser Identifier (Ad ID). Back then, as it continues to do today, Apple is encouraging developers to adopt its Ad ID, which provides advertisers a unique number associated with each iOS device but offers iOS users an option to “limit ad tracking” and the choice to reset their identifier.

Other privacy changes Apple will introduce with iOS include a new setting to block all third party cookies even if the user has visited a site in the past.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about AppleCSOEnex TestLab

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts