Has Apple killed off location analytics with this simple privacy enhancement?


iOS 8 MAC address to be randomizedA small change in iOS 8 will make privacy advocates happy, although it’s going to be a tough pill to swallow for mobile marketers.

Apple iOS 8 devices keep more of users’ mobile data private, such as location, past Wi-Fi connections, and the all-important MAC address, which is unique to each device.

Whenever your mobile device searches for nearby Wi-Fi networks (which it always does when you have Wi-Fi turned on), the device’s Media Access Control (MAC) addresses are visible to nearby routers, even if you don’t actually join a network.

The difference on iOS 8, out in September 2014 along with the iPhone 6, means the marketing firms that gather those MAC addresses won’t be able to track your movements (such as where you shop) and serve you ads based on your profile, location and preferences.

At the Apple Worldwide Developer Conference, a developer named Frederic Jacobs discovered that iOS 8 will use randomly generated MAC addresses – and sent out a tweet saying he is “Hoping that this becomes an industry standard.”


@FredericJacobs: iOS 8 randomises the MAC address while scanning for WiFi networks. Hoping that this becomes an industry standard.

The tweet got lots of attention, including from @Mario_Greenly, who tweeted that this is going to make a few marketing firms, well, mad.


@Mario_Greenly: @FredericJacobs Holy hell that is going to p*ss some wifi/mobile marketing firms off.

This Wi-Fi sniffing tracking technology has been used by so-called marketing location analytics (MLA) firms to create profiles of shoppers and serve ads from formerly innocuous objects such as trash receptacles and vending machines.

ios8-170Although iOS 8 will obscure your identity when your Wi-Fi-enabled device scans for wireless networks, it’s not perfect privacy protection.

Once you decide to connect to a hotspot, iOS 8 will use your real MAC address.

And if you have your device set to remember and automatically connect to Wi-Fi spots you’ve logged into in the past, Wi-Fi sniffers, including MLA firms but also spies or criminals, can see who you are and track you.

Of course, you should be mindful that other parties can and do track your location – even if your Wi-Fi is turned off.

For example, mobile devices with phone or 3G capability turned on can be tracked independently of your Wi-Fi settings as they move around in the cellular network.

MLA industry standards only exist in the form of a “code of conduct” which is agreed to by the mobile marketing firms themselves.

Which is better than no standards at all, but it still relies on device users understanding the implications for their privacy.

As for Android users, there’s no similar protection for MAC addresses. Should Google follow Apple’s lead? It’s a good idea, and one that Apple should not try to keep for itself.

Wi-Fi privacy tips

Broadcasting your movements and past connections can reveal a lot about you and when you use location services and GPS on your device, you are broadcasting your location and movements to the world.

To protect yourself from unwanted snooping, here are a few recommendations for better security and privacy.

  • Turn off Wi-Fi and Bluetooth when you’re not using it. You can also use “flight mode” (although you won’t be able to receive calls in flight mode).
  • Your apps such as Facebook, Twitter and Instagram use geo-tagging. Turn geo-tagging off if you don’t want to give away your location.
  • Don’t accept prompts to remember Wi-Fi networks – if you automatically connect to networks you could leave yourself vulnerable to Wi-Fi sniffers, including MLA firms but also spies or criminals, who can see who you are and track you. An attacker could also create a network with the same name and use it to launch a Man-in-the-Middle attack.
  • Encrypt your devices and data. You should always use a VPN (virtual private network) for a secure connection when you sign on to an open Wi-Fi network.
  • Make sure you’re using WPA2 encryption on your wireless networks. Don’t use the outdated WEP or WPA encryption protocols.
  • Download the free Sophos UTM Home Edition. It comes with a VPN for both iOS and Android.

For further information

Sophos’s James Lyne recently went on a “warbiking” tour to see how careful the general public is when connecting to Wi-Fi networks. First stops – San Francisco and London.

And to learn more about MAC addresses, and how they can be used to track you, check out the short video below, “Busting Wireless Security Myths.”


Image of iPhone using Wi-Fi courtesy of Shutterstock. Image of iOS 8 logo courtesy of Apple.