Privacy question about randomizing the MAC address of the iPhone per each AP connection

[Andy Burnelli]

Privacy between Android & iOS is COMPLETELY DIFFERENT in myriad ways.
Yet it's the same or similar in other ways. You just have to know.

For example, in Android I randomize my Wi-Fi MAC address per connection.
Even for what Apple calls "preferred connections", since it's ANY
connection and every connection, if that's how you want to set it up.

a. That's not only per access point (although that's one Android setting);
b. It's random per each connection (which is a secondary Android setting).

For privacy, can you randomize your iPhone or iPad Wi-Fi MAC address via a
simple native iOS Settings toggle like Android can for _every_ connection?

Or is that kind of MAC privacy not allowed on the iPhone/iPad platform?
<https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web>

[nospam]

In article <tu16be$348ct$1...@paganini.bofh.team>, Andy Burnelli

<nos...@nospam.net> wrote:

>
> For privacy, can you randomize your iPhone or iPad Wi-Fi MAC address via a
> simple native iOS Settings toggle like Android can for _every_ connection?

yes, and that's been possible for years. it's yet another thing android
copied from apple.

in fact, it's actually the default setting.

there is also a separate option to limit tracking of ip addresses.

[Bob Campbell]

Even MORE proof - which of course is not needed - that the Retarded
Troll Kiddie has never used an iAnything. Despite multiple claims (AKA
lies) that he has "several iOS devices".

Hey Arlen. How are those "Cross Platform Ultrasonic File Transfers"
working out?

Idiot.

[sms]

Be careful about who you believe!


iOS 14, in 2021, added MAC randomization. From Apple: "In iOS 14 or
later, iPadOS 14 or later, and watchOS 7 or later, when an iPhone, iPad,
iPod touch, or Apple Watch connects to a Wi-Fi network, it identifies
itself with a unique (random) MAC address per network. This feature can
be disabled either by the user or using a new option in the Wi-Fi
payload. Under certain circumstances, the device will fall back to the
actual MAC address."
<https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web>


Android 8, in 2017, used randomized MAC addresses when probing for new
networks.

Android 9, in 2018, had a developer option to cause the device to use a
randomized MAC address when connecting to Wi-Fi.

Android 10, in 2019, had MAC randomization enabled by default for client
mode, SoftAp, and Wi-Fi Direct.

<https://source.android.com/docs/core/connect/wifi-mac-randomization>


It doesn't really matter that Android was first with this feature, and
to say that Apple "copied" Android is probably not really accurate, it
was just a continuing increase in security that resulted in Apple adding
Mac Randomization.

[nospam]

In article <tu78fn$d4h2$1...@dont-email.me>, sms

<scharf...@geemail.com> wrote:

>
> Be careful about who you believe!

certainly not you.

> iOS 14, in 2021, added MAC randomization.

bzzt. wrong.

first of all, ios 14 was released in 2020.

second, apple added mac randomization with ios 8, in 2014:

<https://appleinsider.com/articles/14/06/09/mac-address-randomization-jo
ins-apples-heap-of-ios-8-privacy-improvements>
Beginning with iOS 8, Apple's handheld devices will generate and use
random Media Acccess Control, or MAC, addresses ã rather than their
real MAC address ã when scanning for Wi-Fi access points. The change
was announced in a closed session at the company's Worldwide
Developers Conference and first called out by security researcher
Frederic Jacobs.

> Android 8, in 2017, used randomized MAC addresses when probing for new
> networks.

three years after apple did!

> Android 9, in 2018, had a developer option to cause the device to use a
> randomized MAC address when connecting to Wi-Fi.

that's off by default, plus developer options means it's hidden so few
people will enable it, and that only was for limited cases anyway.

> Android 10, in 2019, had MAC randomization enabled by default for client
> mode, SoftAp, and Wi-Fi Direct.

wifi direct is equivalent to airdrop, which apple had been randomizing
all along. it's also persistent per ssid, so not truly random.

android 12 added non-persistent randomization, which is equivalent to
what ios 14 has (although doesn't rotate as often), also in developer
options (i.e., hidden):
<https://source.android.com/static/docs/core/connect/images/non-persiste
nt-option.png>

> It doesn't really matter that Android was first with this feature,

they weren't.

apple had it three years *before* android, and android's current
implementation isn't as robust.

> and
> to say that Apple "copied" Android is probably not really accurate,

it is accurate.

> it
> was just a continuing increase in security that resulted in Apple adding
> Mac Randomization.

and did so *before* android did.

it's important to note that there are downsides. one example are public
wifi networks where one must authenticate, which is done based on a mac
address. if that's randomized, authentication will not work properly.

[Jolly Roger]

On 2023-03-07, nospam <nos...@nospam.invalid> wrote:
> In article <tu78fn$d4h2$1...@dont-email.me>, sms
><scharf...@geemail.com> wrote:
>
>> Be careful about who you believe!
>
> certainly not you.
>
>> iOS 14, in 2021, added MAC randomization.
>
> bzzt. wrong.
>
> first of all, ios 14 was released in 2020.
>
> second, apple added mac randomization with ios 8, in 2014:
>
><https://appleinsider.com/articles/14/06/09/mac-address-randomization-jo
> ins-apples-heap-of-ios-8-privacy-improvements>
> Beginning with iOS 8, Apple's handheld devices will generate and use

> random Media Acccess Control, or MAC, addresses ‹ rather than their
> real MAC address ‹ when scanning for Wi-Fi access points. The change

> was announced in a closed session at the company's Worldwide
> Developers Conference and first called out by security researcher
> Frederic Jacobs.

sms will just ignore this FACT and continue to spew his disinformation
in order to troll.

>> Android 8, in 2017, used randomized MAC addresses when probing for
>> new networks.
>
> three years after apple did!
>
>> Android 9, in 2018, had a developer option to cause the device to use
>> a randomized MAC address when connecting to Wi-Fi.
>
> that's off by default, plus developer options means it's hidden so few
> people will enable it, and that only was for limited cases anyway.
>
>> Android 10, in 2019, had MAC randomization enabled by default for
>> client mode, SoftAp, and Wi-Fi Direct.
>
> wifi direct is equivalent to airdrop, which apple had been randomizing
> all along. it's also persistent per ssid, so not truly random.
>
> android 12 added non-persistent randomization, which is equivalent to
> what ios 14 has (although doesn't rotate as often), also in developer
> options (i.e., hidden):
><https://source.android.com/static/docs/core/connect/images/non-persiste
>nt-option.png>
>
>> It doesn't really matter that Android was first with this feature,
>
> they weren't.

And it definitely matters or sms wouldn't have mentioned it in the first
place. ; )

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[Andy Burnelli]

Jolly Roger wrote:

>><https://appleinsider.com/articles/14/06/09/mac-address-randomization-jo
>> ins-apples-heap-of-ios-8-privacy-improvements>
>> Beginning with iOS 8, Apple's handheld devices will generate and use
>> random Media Acccess Control, or MAC, addresses ‹ rather than their
>> real MAC address ‹ when scanning for Wi-Fi access points. The change
>> was announced in a closed session at the company's Worldwide
>> Developers Conference and first called out by security researcher
>> Frederic Jacobs.
>
> sms will just ignore this FACT and continue to spew his disinformation
> in order to troll.

Hi Jolly Roger, nospam, Steve, and any actual adults on this newsgroup,

There are three different situations which I doubt nospam, Jolly Roger, or
Steve have thought of, which is why this thread is important to clarify.

1. MAC randomization *_per_ AP SSID* (meaning, it's still permanent!)
2. MAC randomization *_per_ AP connection* (this changes on each connect)
3. MAC randomization *_only_ when scanning* (but not randomized on connect)

The key question is how the two platforms differ in _those_ three criteria.

>>> It doesn't really matter that Android was first with this feature,
>>
>> they weren't.
>
> And it definitely matters or sms wouldn't have mentioned it in the first
> place. ; )

In general, everything is on Android well before iOS simply because
_developers_ provide the functionality. In general, it's only later that
the motherships (whether that's Google or Apple) provide it native.

Since I base my belief system on facts, consider screen recording, for
example, for iOS, which was a tool by a developer before Apple had it.

Likewise, consider BackTap functionality on Android, which was a tool by a
developer well before Google added it native to their Pixel phones.
<https://i.postimg.cc/GpNBVK0w/ttap10.jpg>
--
Posted out of the goodness of my heart to disseminate useful information
which, in this case, is to faithfully try to outline the nuance in detail.

[Andy Burnelli]

nospam wrote:

> second, apple added mac randomization with ios 8, in 2014:
>
> <https://appleinsider.com/articles/14/06/09/mac-address-randomization-jo
> ins-apples-heap-of-ios-8-privacy-improvements>
> Beginning with iOS 8, Apple's handheld devices will generate and use

> random Media Acccess Control, or MAC, addresses rather than their
> real MAC address when scanning for Wi-Fi access points. The change

> was announced in a closed session at the company's Worldwide
> Developers Conference and first called out by security researcher
> Frederic Jacobs.

Hi nospam, Steve, Jolly Roger, and any other adults on this newsgroup,

Thank you, nospam, for bringing up that _critically important_ piece of
data, where adults should make their assessments based on actual facts.
"When scanning for wireless networks, client devices like the
iPhone periodically broadcast identifying packets that include
the MAC address. In recent years, a number of firms have taken
advantage of these broadcasts to track individual devices as
they move around - for example, some retail outlets use MAC
address-based tracking to record the path that consumers take
as they move through the store, allowing long-term measurement
of shopping habits and better placement of sale materials
and advertising."
� <https://appleinsider.com/articles/14/06/09/mac-address-randomization-joins-apples-heap-of-ios-8-privacy-improvements>

As I always read any reference posted in any cite that is provided to
ostensibly prove a point, I appreciate that I hadn't known about this:
"The city of Houston's TranStar traffic monitoring system,
for instance, uses the MAC addresses from Bluetooth devices
to measure traffic flow on city streets."

While that's from 2014, it's commendable Apple introduced randomization of
MAC addresses _while scanning_ way back then, since I've been randomizing
my MAC address (on a variety of computers) since the dawn of the Internet.

However... notice what's highlighted... "*while scanning*" ...
(Is it just me, or do other adults notice the nuance in detail here?)

And notice what's not said, which is the Apple bluetooth MAC address is NOT
also randomized *while scanning* so that's a second nuance of detail.

That's a critical nuance in detail that some people may have glossed over!

"Beginning with iOS 8, Apple's handheld devices will generate and use

random Media Acccess Control, or MAC, addresses, rather than their
real MAC address, *when scanning* for Wi-Fi access points."

So, um, er, at least in 2008, what MAC did the iPhone use to _connect_?
And, um, er, at least in 2008, why only the Wi-FI MAC and not bluetooth?

BTW, with respect to this topic of privacy being DIFFERENT between the
platforms, does any adult on this newsgroup know why I have all my computer
devices (laptops or phones) set to NEVER EVER AUTO CONNECT to Wi-Fi?

HINT: It's not what you think. Yet it's deeply related to this topic.
But you'd have to actually _understand_ networking to grasp the why.

--
Posted out of the goodness of my heart to disseminate useful information

which, in this case, is to faithfully try to teach people about privacy.

[RJH]

On 7 Mar 2023 at 11:51:17 AM, sms <scharf...@geemail.com> wrote:

> Be careful about who you believe!

I think his point is that when you read the original post's reference cite,
it doesn't actually say what Apple wanted you to think it said. Look again.
--
Cheers, Rob

[Jolly Roger]

On 2023-03-07, Andy Burnelli <nos...@nospam.net> wrote:
> Jolly Roger wrote:
>
>>><https://appleinsider.com/articles/14/06/09/mac-address-randomization-jo
>>> ins-apples-heap-of-ios-8-privacy-improvements>
>>> Beginning with iOS 8, Apple's handheld devices will generate and use
>>> random Media Acccess Control, or MAC, addresses ‹ rather than their
>>> real MAC address ‹ when scanning for Wi-Fi access points. The change
>>> was announced in a closed session at the company's Worldwide
>>> Developers Conference and first called out by security researcher
>>> Frederic Jacobs.
>>
>> sms will just ignore this FACT and continue to spew his
>> disinformation in order to troll.
>
> Hi Jolly Roger

Your shit eating grin betrays the shit you consume and spew, trollboi.

> The key question is how the two platforms differ in _those_ three
> criteria.

This is your lame attempt to shift the conversation away from the FACT
that sms was wrong in his false claim that Android had this feature
before iOS. : )

[Andy Burnelli]

Jolly Roger wrote:

> Your shit eating grin betrays the shit you consume and spew,

Hi Jolly Roger,

... Hehehheh... for the permanent record, adults will note...
My objective is to point out how _ignorant_ each & every iKooks truly is.

This is an iPhone newsgroup, but you & nospam & Steve don't know the first
thing about iPhones, and yet, all of you posers actually "think" you do.

Look at two things, which proves you don't know the first thing about iOS.
1. Look at the SUBJECT line, for God's sake - all the hints are in it...
2. Look at the REFERENCE I cited in the opening post, you morons...

*Read it*
*Understand it*

I handed you the answer on a silver platter, Jolly Roger.
*I _knew_ you wouldn't read it*
*If you did, I knew you wouldn't even _understand_ it for God's sake*

You think I didn't know the iPhone lacks the privacy that Android has?
Prove me wrong, Jolly Roger.

Or you'll remain an ignorant low-IQ poser for the rest of your life.
Steve and nospam also.

None of you ignorant posers knows even the first thing of iOS privacy.

>> The key question is how the two platforms differ in _those_ three
>> criteria.
>
> This is your lame attempt to shift the conversation away from the FACT
> that sms was wrong in his false claim that Android had this feature
> before iOS. : )

The key question is how the two platforms differ in _those_ three criteria.

1. MAC randomization *_per_ access point*
2. MAC randomization *_per_ connection*
3. MAC randomization *when _scanning_*

Simple question for you, Jolly Roger:
Very simple.

Q: *Which of these privacy features does iOS _not_ have*, Jolly Roger?

HINT: If you don't know the answer, then you're just an ignorant poser, JR.

--
Posted out of the goodness of my heart to disseminate useful information

which, in this case, is to point out how ignorant these iKooks really are.

[Jolly Roger]

On 2023-03-08, Andy Burnelli <nos...@nospam.net> wrote:
>>
>> This is your lame attempt to shift the conversation away from the
>> FACT that sms was wrong in his false claim that Android had this
>> feature before iOS. : )
>
> The key question is how the two platforms differ in _those_ three
> criteria.

That's never been the topic of this thread, and the only reason you are
bringing it up now is to try to deflect. : )

> you're just an ignorant poser

Projection.

[Andy Burnelli]

Jolly Roger wrote:

> That's never been the topic of this thread, and the only reason you are
> bringing it up now is to try to deflect. : )

What is your rather strange logic used to conclude it "isn't the topic"
when that exact topic is quite obviously in the thread's very own SUBJECT
line itself, for God's sake, Jolly Roger?

[Alan]

It's so easy to tell when unitelligent assholes such as yourself are lying:

Their replies suddenly omit all context.