Sizing Up Apple's Privacy Changes in iOS 8

Randomizing Identifiers Could Help Foil Retail Tracking
Sizing Up Apple's Privacy Changes in iOS 8

Apple is adding changes to its upcoming iOS 8 that will shield consumers from retail analytics technology designed to track buyers as they move through stores.

See Also: From Authentication to Advanced Attack Vectors: Top Trends in Cybercrime in Q1 2016

At last week's Apple Worldwide Developers Conference, company officials outlined a number of privacy changes that will be built into the forthcoming iOS 8 and OS X 10.10 (Yosemite), slated for release this fall. For starters, both will be able to use - by default - the privacy-focused DuckDuckGo search engine, which promises to not track users. Likewise, iOS 8 can be configured to block all third-party cookies by default. Developers are also being given the ability to access the TouchID fingerprint-scanning feature from their apps.

Perhaps the biggest new privacy feature for iOS users, however, was first publicized not by Apple but rather by security researcher Frederic Jacobs. "iOS 8 randomizes the MAC address while scanning for WiFi networks. Hoping that this becomes an industry standard," he says via Twitter.

The aptly named MAC address wasn't, of course, coined by Apple. Rather, it refers to the unique "media access control" address that gets assigned to any device on a network. Currently, most devices broadcast their MAC address whenever Wi-Fi is enabled on the device. Hotspots, meanwhile, can be configured to analyze those MAC addresses and use them to track individual device users.

In iOS 8, "Wi-Fi scanning behavior has changed to use random, locally administrated MAC addresses," Apple says. When scanning for available hotspots, furthermore, "the MAC address used ... may not always be the device's real (universal) address."

Privacy Payoff Debated

Apple's move was seized on by a number of media outlets, with one press report noting that the MAC address change "could stop marketers spying on you."

"This seems like a good idea," says security expert Bruce Schneier in a blog post.

Some observers, however, have questioned the motives behind Apple's MAC move. For example, Ad Age this week reports that Apple, trying to regain its marketing edge, will bolster the internal advertising agency it built last year by expanding it to 1,000 employees. Accordingly, perhaps the move represents Apple's attempt to create a way to block competing advertising for iOS devices.

Similarly, some observers have suggested that Apple is attempting to force retailers and restaurateurs that want to track customers' iPhones to buy iBeacons, which is Apple's indoor proximity system based on Bluetooth low energy, or LE, which can be used to track and push content to nearby iOS devices. Airline Virgin Atlantic, for example, has been testing the technology in its London Heathrow airport lounges to push information for customers who opt in. The technology could be used to send notifications to fliers to open their electronic boarding pass when they near the gate.

"So Wi-Fi randomization isn't about privacy. It's about creating a market to sell iBeacons," says security researcher Jonathan Zdziarski via Twitter. "At first I saw iBeacon and was all excited. Then I realized it's just a stupid store beacon."

Zdziarski adds: "What iOS 8 needs is a randomizer for when connected to Wi-Fi, not just scanning." That level of randomization could theoretically be used to prevent anyone from tracking the device unless the user opted in.

Privacy Upsides

But many others have lauded the changes. Notably, Jacobs - who first publicized the new feature - disagreed with Zdziarski's technical assessment. "Saying that Wi-Fi MAC addresses are randomized only to push iBeacon is wrong. Bluetooth LE uses random addresses too," Jacobs says. Indeed, Apple notes that the Bluetooth 4.0 specification allows devices to periodically randomize their devices addresses, although it's not yet clear if this feature will be enabled in iOS 8.

Meanwhile, Sen. Al Franken, D-Minn., who earlier this year introduced the Location Privacy Protection Act of 2014, which would require businesses to obtain consumers' explicit permission before being allowed to collect user location data via their mobile devices, lauded Apple's actions. "Apple's decision to protect their users against this form of tracking is a smart and powerful move for privacy," he says.

Consumer Privacy View

Other privacy experts have a similar perspective on Apple's iOS 8 change. "It's a very good move. We've asked for them to do this - or something similar - for a while now as the retail analytics industry has sprung up," Justin Brookman, who leads the project on consumer privacy at the non-profit Center for Democracy and Technology, tells Information Security Media Group. "I don't think people expect their phone to be sending out a unique, persistent identifier that can be tracked by anyone at any time. So changing the phone's MAC address - while probing for Wi-Fi - to be dynamic and randomized makes it harder to track people."

Brookman also applauds Apple taking a leading role in developing the World Wide Web Consortium's "Do Not Track" standard, as well as adding controls for blocking tracking. "Apple deserves credit for being the first to roll out a Limit Ad Tracking feature for iOS. That effectively works like Do Not Track for apps, and they require their developers to honor it," he says. That means by using iOS - versus a plain Windows, OS X, or Android browser, for example - users could avoid more types of ad-related tracking.

But Brookman also offers some privacy cautions for Apple. "When they rolled out iBeacon, they turned Bluetooth back on for users who had it turned off. I hope they don't override privacy settings each time they upgrade iOS going forward."

Advertising networks and marketing firms, furthermore, will continue to craft new techniques for tracking devices and Internet users. "Despite the MAC address change, phones still leak a lot of identifiable information," Brookman says. "I hope [Apple continues] to iterate to find ways to prevent phones from being monitored by anyone."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network