One of the new features in iOS 8, the latest update to Apple's mobile operating system for iPhone and iPad, seems to be a huge benefit for users who want to maintain their privacy: It randomizes (and therefore hides) the address of your device when your phone looks for wifi services.
The problem is, it mostly doesn't work, according to Bhupinder Misra, a principal systems engineer at AirTight Networks, a software/analytics company that provides wifi services for businesses.
The intention of the new privacy feature is to shield your phone from being persistently identified as it probes for wifi signals that it can use to hook up to the internet or use to service its apps. (If you've ever left your wifi on and later discovered a long list of strange wifi services that your phone has tried to hook up to, this is what we're talking about.)
What Apple has done is randomize the MAC address of your phone, so that wifi providers can't identify your specific phone as it looks for a good signal. The MAC address is a unique string of characters that identifies your phone.
That sounds great, on paper. Everyone knows that hackers can use wifi signals to monitor your internet use. And in-store advertisers love to know that it's you, specifically, who has returned to the retailer once again, leaving the wifi on your phone in the "on" position, so they can target you with ads. Apple has been hailed in the tech press for increasing the privacy of its users.
The problem is that your iPhone needs to be in these three conditions for the phone to actually be anonymous to other people's wifi, according to AirTight:
- Wifi must be on but not hooked up to an actual wifi service.
- Phone needs to be in sleep mode.
- Location services need to be OFF in the privacy settings.
Needless to say, almost nobody keeps their phone this way. Many of the most popular apps won't even work if you have location services off, and it's pointless if the protection ends as soon as you wake up your phone. An AirTight spokesperson told Business Insider that perhaps 99% of users won't be protected by the MAC randomization in iOS 8.
Here is what Apple officially says about the way MAC randomization works:
When iOS 8 is not associated with a Wi-Fi network and a device’s processor is asleep, iOS 8 uses a randomized Media Access Control (MAC) address when conducting PNO scans. When iOS 8 is not associated with a Wi-Fi network or a device’s processor is asleep, iOS 8 uses a randomized MAC address when conducting ePNO scans. Because a device's MAC address now changes when it's not connected to a network, it can’t be used to persistently track a device by passive observers of Wi-Fi traffic.
Bottom line: MAC randomization in iOS 8 can be helpful if you don't want to be tracked when using other people's wifi — but you have to carefully adjust your system settings to take full advantage of it.
