iOS 14 Per-Network MAC Addresses

With per-network MAC addresses in iOS 14, will there be user-facing controls to turn this on or off on a network-by-network basis?

Some networks may use DHCP reservations or MAC Access Controls for example and need an unchanging MAC, while for other networks privacy may be the strongly preferred mode for the user.

Also, how are the MAC addresses generated? Is a server involved? MAC addresses will change daily for each device-network pairing and need to be unpredictable to network observers, but can't be the same as other devices' current set of MAC addresses.
Up vote post of g0b Down vote post of g0b
4.5k views
Posted by
g0b
Reply
Add a Comment

Accepted Reply

The introduction to the feature is mentioned in the "Build trust through better privacy" video (https://developer.apple.com/videos/play/wwdc2020/10676/).

Key points :

  • Users are always in control - users can control enablement of the feature at any time for each network.

  • Addresses are generated randomly for every network

  • Addresses are not linked to your identity

  • Addresses are updated for all networks daily by the device, NO server is involved in address generation. Since addresses are generated randomly, it is very unlikely that two devices on the same network will generate the same address.

  • A new MAC will be used whenever a new address has been generated and the device re-joins the network

  • Users can see which MACs are generated for each network in the Wi-Fi scan list, even before joining the network

Networks that use MAC-based access inherently track devices. Privacy on tracking networks can be controlled using the temporary address so that participation with the tracking network is also temporary.


Posted by
Apple Staff
Up vote reply of Apple Staff Down vote reply of Apple Staff
Post marked as solved
Add a Comment

Replies

The introduction to the feature is mentioned in the "Build trust through better privacy" video (https://developer.apple.com/videos/play/wwdc2020/10676/).

Key points :

  • Users are always in control - users can control enablement of the feature at any time for each network.

  • Addresses are generated randomly for every network

  • Addresses are not linked to your identity

  • Addresses are updated for all networks daily by the device, NO server is involved in address generation. Since addresses are generated randomly, it is very unlikely that two devices on the same network will generate the same address.

  • A new MAC will be used whenever a new address has been generated and the device re-joins the network

  • Users can see which MACs are generated for each network in the Wi-Fi scan list, even before joining the network

Networks that use MAC-based access inherently track devices. Privacy on tracking networks can be controlled using the temporary address so that participation with the tracking network is also temporary.


Posted by
Apple Staff
Up vote reply of Apple Staff Down vote reply of Apple Staff
Post marked as solved
Add a Comment
I have follow up questions:

  • Does randomization follow the IEEE scheme (2nd from the last bit of the first octet as 1)?

  • Is randomization enabled by default?

  • Is daily randomization enabled by default?

Posted by
hosuk
Post not yet marked as solved Up vote reply of hosuk Down vote reply of hosuk
Add a Comment
As the official release is getting closer, and we need to get our apps ready for this feature can you support us with below questions?

  • Will the private MAC address feature be turned on by default?

    • Is this feature currently available for testing on Beta 14 iOS?

  • is the new MAC address format different from the current one?

Posted by
Arthur04
Up vote reply of Arthur04 Down vote reply of Arthur04
Add a Comment
Will the randomized MAC still use an OUI portion registered to Apple?
Posted by
sdcorn
Up vote reply of sdcorn Down vote reply of sdcorn
Add a Comment
I just updated several iOS devices to iOS 14.

• Private Address is turned on by default, and I would expect them to change daily. If you use DHCP reservations or other router action based on MAC address, you'll need to turn Private Address off on relevant devices for relevant networks.

• MAC addresses are not local and do not appear to necessarily fall within any particular vendors' OUI ranges.
Posted by
g0b
Up vote reply of g0b Down vote reply of g0b
Add a Comment
We may need Apple Staff  to reply for an authoritative answer, but after more investigation, daily Private Addresses do seem to have the local bit set, but not necessarily in any of Apple's OUI ranges when de-localized.

When Private Address is on, Probe Requests seem to use the daily local random MAC address when connecting to a network and the target SSID is present in the request. When Private Address is off, Probe Requests seem to use the iOS 13 behavior of using frequently-changing local random MAC addresses.
Posted by
g0b
Up vote reply of g0b Down vote reply of g0b
Add a Comment
The WWDC video mentioned that

"A new MAC address will also be generated for networks every 24 hours, and the new private address will be used when the user leaves and rejoins the network."

Is this still happening? I cannot find this information in the KB article here any more
https://support.apple.com/en-us/HT211227
Posted by
sophia79lx
Post not yet marked as solved Up vote reply of sophia79lx Down vote reply of sophia79lx
Add a Comment