Topics In Demand
Notification
New

No notification found.

Blog
Effect of Apple's MAC Randomization Feature on Enterprises

216

0

A recent announcement by Apple over its new addition to the MAC randomization feature has taken the Wi-Fi community by storm. No doubt, it will impact many industries that leverage Wi-Fi as part of its business offerings. Let us understand the situation step by step:

What is MAC Address?

Consider MAC address of a wireless device like our house address. Just like our house address is a unique and permanent identity of the house, similarly, a MAC address is a unique identity of the wireless device which is used to identify the device whenever it is on a network and then allow it to communicate with other devices

Assigned at the time of manufacturing of the device, MAC address remains unchanged when moving from one network to another.

How MAC address is used by Enterprises?

Most businesses have long been using MAC addresses for identifying their repeat guests and provide an enhanced guest experience.

Enterprises have leveraged the permanency attached with MAC addresses to provide a smooth and painless Wi-Fi experience to their loyal guests. By storing and recognizing the MAC addresses of end-users devices, enterprises are enabled to provide automatic authentication and connections to their guests for connecting to their wi-fi networks.

With such systems, guests are required to register onto the wi-fi networks once. The wi-fi networks store the MAC address of the user device during the registration to recognize it in the future. The next time the guests return, they are automatically authenticated and connected to the wi-fi network.

Moreover, it also empowers the businesses for tracking the end-user movements within the premise and maintaining a historic location data that is used to understand guest behavior and personalized marketing purposes.

What is MAC Address Randomization?

MAC Address Randomization is a feature where the device can use a random MAC address instead of the real one. It maintains device anonymity and prevents unwanted listeners from using MAC addresses to build a history of device activity, thus, minimizing the major privacy concern for portable device users.

It was introduced in 2014 when Apple, with its iOS 8 version, made its devices capable of using a random and anonymous MAC address instead of the real one. The randomized MAC was used while scanning or probing wireless networks. This, as a result, did not expose the real address of the device before connecting to the network for increased user privacy and security.

In 2017, Android 8 also followed iOS and added MAC randomization for wi-fi probe requests. But later in Android 9, full MAC randomization was introduced where the device was enabled to use the random MAC even when it connects to the wi-fi network.

Till then Android kept this feature disabled by default which could be enabled via developer settings. But in 2019, Android 10 came with MAC randomization when connecting to the network as a default enabled setting, however, the randomized MAC stayed consistent per network or SSID.

Current Developments – What’s New with Apple’s iOS 14 and Android 11?

Currently, the Operating system not only uses a randomized MAC address by default when scanning the public wireless networks but also while connecting to it as well. But for each network/SSID, the randomized MAC stays the same which helped the businesses to continue to provide seamless wi-fi connections to their end-users.

The new iOS 14 (in its Beta version) has come up with a new feature called “Use Private Address” to further enhance user privacy protection. With this, the Apple devices will now rotate their MAC address every 24 hours even for the same networks. Therefore, the device will never expose its original MAC address to the network but an anonymous, temporary identifier that will now change every day.

Considering the features are enabled by default in the Beta version, it will remain turned on in the final release unless deactivated by the user.

Use-private-address-feature-iOS

Android 11, on the other side, through its Beta 1 version introduced a new developer option called “Wi-Fi-enhanced MAC randomization”. This feature allows the MAC address to change every time the phone connects to a Wi-Fi network that has MAC randomization enabled.

WiFi-enhanced-MAC-randomization-in-Android

How and Who will it Impact?

Considering that 77% of iPhones and 79% of iPads are running on the company’s latest major release, it has much broader implications for Apple devices because the adoption rate of new iOS versions is generally very high. Although such approaches do promote enhanced security, they also introduce additional friction to the guest Wi-Fi experience.

Enterprises like Hotels, Retail Malls, Restaurants, Cafes, etc. that have built their Guest Wi-Fi networks with MAC addresses as unique user identity will now struggle to provide a seamless experience to their guests. Using MAC reauthorization such enterprises identify and provide seamless wi-fi connections to their returning guests or even allow them to roam between multiple venues.

With this new update, guests will now be forced to re-authenticate their devices via the captive portal every 24 hours as their device MAC address will change. This will not only disrupt the connections of guests every day during their stay at any hotel but also returning customers will not be recognized automatically and would need to verify themselves every time they visit the venue.

Guest-reauthentication-process-due-to-MAC-Randomization

With this unwanted disruption for “always connected wi-fi experience”, it would have a severe effect on the wi-fi user experience which businesses have long tried to improve upon.

For enterprises such as retail that rely on Wi-Fi analytics to identify their repeat visitors, will have no use of the customer data after a 24-hour period after which each device will be like a new device. Thus, it will be impossible to identify returning customers or differentiated from first-time shoppers, regular buyers, or guests.

They will eventually be left with two choices, i.e. either to ask customers to disable the feature, which can pose a negative impression since you are asking a customer to disable a privacy feature or look for other solutions. A Hotspot 2.0 based offering that bypasses the MAC-based authentication and utilizes a certificate-based authentication approach to identify and automatically authenticate a device onto a network can be a remedy. By implementing such a solution there will be no reliance on the MAC address or the randomization attached to it.

With the new iOS feature to be officially released around September, many enterprises and network operators will have to revisit their business strategies.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


HughesSystique

© Copyright nasscom. All Rights Reserved.