Beginning with iOS 8, Apple's handheld devices will generate and use random Media Acccess Control, or MAC, addresses -- rather than their real MAC address -- when scanning for Wi-Fi access points. The change was announced in a closed session at the company's Worldwide Developers Conference and first called out by security researcher Frederic Jacobs.
MAC addresses are unique identifiers that allow devices to distinguish between one another on a network. Typically, every network interface has its own MAC address -- on an iPhone, that means one each for the Bluetooth and Wi-Fi radios.
When scanning for wireless networks, client devices like the iPhone periodically broadcast identifying packets that include the MAC address. In recent years, a number of firms have taken advantage of these broadcasts to track individual devices as they move around -- for example, some retail outlets use MAC address-based tracking to record the path that consumers take as they move through the store, allowing long-term measurement of shopping habits and better placement of sale materials and advertising.
Beginning in iOS 8, Apple's mobile devices will broadcast random MAC addresses to foil long-term tracking
There are also other, more benign uses for MAC address tracking. The city of Houston's TranStar traffic monitoring system, for instance, uses the MAC addresses from Bluetooth devices to measure traffic flow on city streets.
Though it is generally difficult to tie MAC addresses to specific people without some other connection, the privacy implications of MAC address tracking have been the subject of increasing debate. Apple's solution would effectively neuter the practice of long-term tracking by randomizing the MAC address shown during each round of scanning, a feature that many in the privacy community have been pushing for some time.
The new MAC randomization system is the latest in a line of privacy-focused moves from Apple that have come to light as developers digest the wealth of material offered at last week's Worldwide Developers Conference.
Most visible among those change is iOS 8's new "While Using" location privacy option. The new setting allows users to restrict apps from determining their location unless the app is in active use, preventing apps from collecting location data in the background unless explicitly authorized to do so.
Also new in iOS 8 is support for DuckDuckGo, an alternative search engine that promises not to track its users' searches or internet history. Additionally, Apple has opened the iPhone 5s's Touch ID authentication system for use by third-party apps, further enhancing security while increasing convenience.
Taken together, Apple's recent moves suggest a renewed focus on security and privacy that could pay dividends as its competitors come under increasingly heavy fire from governments and privacy advocates.