August 5, 2020
A recent announcement by Apple over its new addition to the MAC randomization feature has taken the Wi-Fi community by storm. No doubt, it will impact many industries that leverage Wi-Fi as part of its business offerings. Let us understand the situation step by step:
Consider MAC address of a wireless device like our house address. Just like our house address is a unique and permanent identity of the house, similarly, a MAC address is a unique identity of the wireless device which is used to identify the device whenever it is on a network and then allow it to communicate with other devices
Assigned at the time of manufacturing of the device, MAC address remains unchanged when moving from one network to another.
Most businesses have long been using MAC addresses for identifying their repeat guests and provide an enhanced guest experience.
Enterprises have leveraged the permanency attached with MAC addresses to provide a smooth and painless Wi-Fi experience to their loyal guests. By storing and recognizing the MAC addresses of end-users devices, enterprises are enabled to provide automatic authentication and connections to their guests for connecting to their wi-fi networks.
With such systems, guests are required to register onto the wi-fi networks once. The wi-fi networks store the MAC address of the user device during the registration to recognize it in the future. The next time the guests return, they are automatically authenticated and connected to the wi-fi network.
Moreover, it also empowers the businesses for tracking the end-user movements within the premise and maintaining a historic location data that is used to understand guest behavior and personalized marketing purposes.
MAC Address Randomization is a feature where the device can use a random MAC address instead of the real one. It maintains device anonymity and prevents unwanted listeners from using MAC addresses to build a history of device activity, thus, minimizing the major privacy concern for portable device users.
It was introduced in 2014 when Apple, with its iOS 8 version, made its devices capable of using a random and anonymous MAC address instead of the real one. The randomized MAC was used while scanning or probing wireless networks. This, as a result, did not expose the real address of the device before connecting to the network for increased user privacy and security.
In 2017, Android 8 also followed iOS and added MAC randomization for wi-fi probe requests. But later in Android 9, full MAC randomization was introduced where the device was enabled to use the random MAC even when it connects to the wi-fi network.
Till then Android kept this feature disabled by default which could be enabled via developer settings. But in 2019, Android 10 came with MAC randomization when connecting to the network as a default enabled setting, however, the randomized MAC stayed consistent per network or SSID.
Currently, the Operating system not only uses a randomized MAC address by default when scanning the public wireless networks but also while connecting to it as well. But for each network/SSID, the randomized MAC stays the same which helped the businesses to continue to provide seamless wi-fi connections to their end-users.
The new iOS 14 (in its Beta version) has come up with a new feature called “Use Private Address” to further enhance user privacy protection. With this, the Apple devices will now rotate their MAC address every 24 hours even for the same networks. Therefore, the device will never expose its original MAC address to the network but an anonymous, temporary identifier that will now change every day.
Considering the features are enabled by default in the Beta version, it will remain turned on in the final release unless deactivated by the user.
Android 11, on the other side, through its Beta 1 version introduced a new developer option called “Wi-Fi-enhanced MAC randomization”. This feature allows the MAC address to change every time the phone connects to a Wi-Fi network that has MAC randomization enabled.
Considering that 77% of iPhones and 79% of iPads are running on the company’s latest major release, it has much broader implications for Apple devices because the adoption rate of new iOS versions is generally very high. Although such approaches do promote enhanced security, they also introduce additional friction to the guest Wi-Fi experience.
Enterprises like Hotels, Retail Malls, Restaurants, Cafes, etc. that have built their Guest Wi-Fi networks with MAC addresses as unique user identity will now struggle to provide a seamless experience to their guests. Using MAC reauthorization such enterprises identify and provide seamless wi-fi connections to their returning guests or even allow them to roam between multiple venues.
With this new update, guests will now be forced to re-authenticate their devices via captive portal every 24 hours as their device MAC address will change. This will not only disrupt the connections of guests every day during their stay at any hotel but also returning customers will not be recognized automatically and would need to verify themselves every time they visit the venue.
With this unwanted disruption for “always connected wi-fi experience”, it would have a severe effect on the wi-fi user experience which businesses have long tried to improve upon.
For enterprises such as retail that rely on Wi-Fi analytics to identify their repeat visitors, will have no use of the customer data after a 24-hour period after which each device will be like a new device. Thus, it will be impossible to identify returning customers or differentiated from first-time shoppers, regular buyers, or guests.
They will eventually be left with two choices, i.e. either to ask customers to disable the feature, which can pose a negative impression since you are asking a customer to disable a privacy feature or look for other solutions
Indeed, there is!
HSC’ Next Generation Hotspot Solution is a Hotspot 2.0 based offering that bypasses the MAC-based authentication and utilizes a certificate-based authentication approach to identify and automatically authenticate a device onto a network. Thus, having no reliance on the MAC address or the randomization attached to it.
With the new iOS feature to be officially released around September, many enterprises and network operators will have to revisit their business strategies.
At Hughes Systique, we help transform our customers the right way!