iOS 14 MAC randomization privacy feature may cause Cisco enterprise network issues

Posted:
in General Discussion
A new iOS 14 privacy feature could potentially cause problems for enterprise or educational network and device management setups, Cisco warned on Thursday.

Credit: Apple
Credit: Apple


The privacy feature in question is an option to use a "private," or randomized, media access control (MAC) address when connecting a Wi-Fi network. Generally, devices identify themselves using the same MAC address when connecting to networks, which can allow for tracking by network operators.

But the random MAC address can also break certain network or device management systems. For example, in a notice on Thursday, Cisco warned that its Identity Services Engine could run into problems if a user has the feature enabled because it relies on MAC address lookup.

Mobile device management, or MDM, systems could fail to detect a device running iOS 14 if it's using a randomized MAC address. Employees or students using a Bring Your Own Device system for education or work could also see issues with network security requirements, since those often rely on MAC addresses for authentication.

It isn't just Apple devices that can cause issues. Google in Android 10 also added randomized MAC addresses as a feature, the networking company notes.

Cisco notes that there's currently no large scale solution for these problems that can be deployed by itself or network operators. However, there is an easy solution, by asking a user to disable the feature.

Users can turn off private Wi-Fi addresses by tapping on a network in the Wi-Fi Settings pane and hitting the toggle next to Private Address.

While that could allow for a network operator to track users, it will mitigate potential issues with MDM and "bring your own device" systems at work and school. It's also worth noting that the feature is enabled or disabled on a per-network basis, meaning you can selectively disable it just for work or school networks.

Comments

  • Reply 1 of 17
    Ok this is going to drive so many calls to Shaw’s call center. They use the device’s MAC to auth connections on their network of WiFi base stations all across western Canada. 

    Man their tech support is gonna HATE iOS 14. (I’m enjoying it but I will be turning off this feature. I turned it off on my home network. Need to see if you have to do it on a per network basis. 
    watto_cobra
  • Reply 2 of 17
    This feature in iOS 14 will also break any fixed IP address assignments (since the MAC address will change each time the device connects) and therefore any firewall rules that are based on IP addresses for those devices will break.

    juls
  • Reply 3 of 17
    IMO, iOS14 is an unmitigated disaster.

    Thank goodness I just updated my secondary iPhone to check it out.
    I'm an elderly sleeper and have to set my alarm accordingly, both for the night, and in the daytime.  Ha! The Alarm hnow has to be set using the Health app.  And the Health bases your sleep it on an 8-hour cycle. Changing wake and sleep times is a b***h. 

    Also, it doesn't like my selection of an IMAP mail server, and keeps trying to steer me to one of its favorites. 

    I've just turned OFF the automatic updates in both my primary iPhone and iPad. 


    Am I nuts, or just plainly senile?
  • Reply 4 of 17
    mike1mike1 Posts: 3,275member
    Grayeagle said:
    IMO, iOS14 is an unmitigated disaster.

    Thank goodness I just updated my secondary iPhone to check it out.
    I'm an elderly sleeper and have to set my alarm accordingly, both for the night, and in the daytime.  Ha! The Alarm hnow has to be set using the Health app.  And the Health bases your sleep it on an 8-hour cycle. Changing wake and sleep times is a b***h. 

    Also, it doesn't like my selection of an IMAP mail server, and keeps trying to steer me to one of its favorites. 

    I've just turned OFF the automatic updates in both my primary iPhone and iPad. 


    Am I nuts, or just plainly senile?

    You can still set alarms in the Clock app just like you always could, unrelated to any Sleep functionality in health.
    Haven't set up a new e-mail yet, but what are its "favorites"???
    chaickawatto_cobra
  • Reply 5 of 17
    Grayeagle said:
    IMO, iOS14 is an unmitigated disaster.

    Thank goodness I just updated my secondary iPhone to check it out.
    I'm an elderly sleeper and have to set my alarm accordingly, both for the night, and in the daytime.  Ha! The Alarm hnow has to be set using the Health app.  And the Health bases your sleep it on an 8-hour cycle. Changing wake and sleep times is a b***h. 

    Also, it doesn't like my selection of an IMAP mail server, and keeps trying to steer me to one of its favorites. 

    I've just turned OFF the automatic updates in both my primary iPhone and iPad. 


    Am I nuts, or just plainly senile?
    I just looked in the Clock app and in the Alarm pane when you scroll to the very top of your list of alarms, the Sleep alarms are still there - and seems the screens it take you to when changing them are fancier than before. 
    chaickawatto_cobra
  • Reply 6 of 17
    Grayeagle said:
    IMO, iOS14 is an unmitigated disaster.

    Thank goodness I just updated my secondary iPhone to check it out.
    I'm an elderly sleeper and have to set my alarm accordingly, both for the night, and in the daytime.  Ha! The Alarm hnow has to be set using the Health app.  And the Health bases your sleep it on an 8-hour cycle. Changing wake and sleep times is a b***h. 

    Also, it doesn't like my selection of an IMAP mail server, and keeps trying to steer me to one of its favorites. 

    I've just turned OFF the automatic updates in both my primary iPhone and iPad. 


    Am I nuts, or just plainly senile?
    I don't think you're nuts or senile. If you haven't been a beta tester or reading about all the new features and changes, it can be confusing jumping in after an OS update.

    If you previously used Apple's Sleep Monitoring (it was labeled as "Bedtime") in the Clock app, it has been moved to the Health app. You can still see your Sleep and Wake alarm at the very top of the Clock app but it takes you to the Sleep section of the Health app whenever you set alarms, make changes, and view data.  You are not limited to an 8-hour cycle. You can move the Bedtime and Wake Up sections of the dials independently to set your times. This was the same as in iOS 13. I'm looking at it right now on my main iPhone 11 Pro Max (13.6) and newly updated secondary iPhone X.

    That said, setting regular alarms is still done in the Clock app as before. The interface has changed there where you now can use the numerical keypad to set the time OR if you keep your finger pressed on the time and scroll up/down, you can change the time similarly as before.

    I'm not entirely sure what problem you're describing regarding IMAP mail server.  If you can provide more info, maybe I or someone else can help you.

    I've updated my 2018 iPad Pros (11" & 12") and my iPhone X successfully and have not had any issues so far. I have been testing the Public Beta since it became available.  I'm waiting a few more days before I update my main iPhone 11 Pro Max.


    watto_cobra
  • Reply 7 of 17
    JinTechJinTech Posts: 1,020member
    A new iOS 14 privacy feature could potentially cause problems for enterprise or educational network and device management setups, Cisco warned on Thursday.
    This is one of the reasons why Apple had beta's of the iOS available for developers, to ensure their software works with the latest OS......
    chaickawatto_cobra
  • Reply 8 of 17
    JinTech said:
    A new iOS 14 privacy feature could potentially cause problems for enterprise or educational network and device management setups, Cisco warned on Thursday.
    This is one of the reasons why Apple had beta's of the iOS available for developers, to ensure their software works with the latest OS......
    Was thinking the same thing. Why are they just discovering this now?
    watto_cobra
  • Reply 9 of 17
    mike1 asked about the Mail servers.  

    Th.e usual suspects: gmail, etc.  
    I use Heller Information Services  < his > Paul Heller began y running a Mac bulletin boar, well before the internet coalesced.  Google Heller Information Services and you'll see why I use them.   They support mail and web pages from individuals, businesses and the federal government, 

  • Reply 10 of 17
    JinTech said:
    A new iOS 14 privacy feature could potentially cause problems for enterprise or educational network and device management setups, Cisco warned on Thursday.
    This is one of the reasons why Apple had beta's of the iOS available for developers, to ensure their software works with the latest OS......
    And if it affects Android 10, how is this an IOS 14 issue? 
    chaickawatto_cobra
  • Reply 11 of 17
    Grayeagle said:
    mike1 asked about the Mail servers.  

    Th.e usual suspects: gmail, etc.  
    I use Heller Information Services  < his > Paul Heller began y running a Mac bulletin boar, well before the internet coalesced.  Google Heller Information Services and you'll see why I use them.   They support mail and web pages from individuals, businesses and the federal government, 

    You mean the list of providers on the Add Account screen? You shouldn’t have had to set up your Mail accounts again, mine are still intact, but you’d set up your Mail provider under “Other” etc. if for some reason you needed to set it up again. 
    edited September 2020 watto_cobra
  • Reply 12 of 17
    julsssark said:
    This feature in iOS 14 will also break any fixed IP address assignments (since the MAC address will change each time the device connects) and therefore any firewall rules that are based on IP addresses for those devices will break.

    juls
    It will break it once and you would have to redo your DHCP reservation for the new MAC address but after that it behaves as before - every time you connect to the same network, the device will use the same MAC address that it initially chose at random.

    The feature stops tracking by using a different MAC address on different networks. It doesn't stop tracking on the same network (although Apple has indicated that it could take it to that next level in the future).
    chaickaappleinsideruserwatto_cobra
  • Reply 13 of 17
    JinTechJinTech Posts: 1,020member
    JinTech said:
    A new iOS 14 privacy feature could potentially cause problems for enterprise or educational network and device management setups, Cisco warned on Thursday.
    This is one of the reasons why Apple had beta's of the iOS available for developers, to ensure their software works with the latest OS......
    And if it affects Android 10, how is this an IOS 14 issue? 
    Well they could work with Apple while the OS is still in development to see how it could get resolved? Last I heard Apple has pretty solid communication with the big software and hardware developers. 
    edited September 2020 chaickawatto_cobra
  • Reply 14 of 17
    julsssark said:
    This feature in iOS 14 will also break any fixed IP address assignments (since the MAC address will change each time the device connects) and therefore any firewall rules that are based on IP addresses for those devices will break.

    juls
    No, it does not. The MAC address is fixed per SSID unless that SSID is deleted and re-created under same name but the BSSID changed.

    In the early iOS/iPadOS 14 betas, it did change per reconnection. But that’s been fixed since mid-beta and also in GM.

    Not sure about Cisco platform. For UniFi platform, it’s been tested and working well across iOS/iPadOS 14 and watchOS 7 devices.
    watto_cobra
  • Reply 15 of 17
    My AirPort Extreme (flat version 7.8.1) decided to start dropping its signal at random as soon as I had upgraded my iPhone and iPad. It actually stops transmitting AFAICS on my MBP. I have to do a cold reboot a few times a day for it to come back, very annoying. 

    It could be that it's just EOL, that would be too bad. But what are the odds for this to happen at the exact time of the iOS upgrade?

    Has anyone else seen this, or am I the last one still using this Airport base station?
    edited September 2020 watto_cobra
  • Reply 16 of 17
    So, yesterday, I updated my iPhone11 Pro to iOS14... Prior to the update, my WiFi was as solid as a rock, no matter where I travelled.
    Today, I'm at a B&B fo 2 days. I signed into the B&B wifi, no problem.  Went to dinner, came back to B&B, and iPhone won't connect no matter what I do.
    I've tried all the solutions I found on web using my new MacBookPro, (also w/ newest update 10.15.6), which connects, no problem, but nothing fixes the iOS 14 iPhone.
    My wife's not-yet-updated iPhone 11 gets onto the B&B WiFi perfectly, both before and AFTER dinner.
    So, it's clearly an iOS14 issue.

    Any suggestions?  (Already tried hard restart; toggle wifi off/on; toggled 'private' on/off; toggled wifi calling assist (I use that at home); 
    One issue is that, since I can't sign onto the B&B wifi now, I cannot find anywhere in the wifi window to 'forget' that network, which has helped from my many years of wifi troubleshooting.

    Help if you can; thanks in advance.   BtheB
Sign In or Register to comment.