Apple's iOS 8 will change the way iOS devices communicate with WiFi networks, a shift that will improve privacy for Apple customers and inconvenience marketers, who might turn to Apple's iBeacon tracking technology.
Over the weekend, Swiss programmer Frederic Jacobs, who works on encrypted messaging at Whisper Systems, discovered that Apple's next version of its mobile operating will randomize the MAC addresses of iOS devices as they scan for available WiFi networks.
A MAC address should not be confused with a Mac computer. The term stands for Media Access Control and refers to the unique identification number assigned to the network hardware layer in a device.
Unique identification numbers make networking more efficient; data can be sent to a specific address rather than every network node. But they also can be used as a means of network access control and of user identification.
[Is Apple becoming more open? Read Apple WWDC 2014 Highlights: A New Era?]
MAC addresses are not a foolproof solution for either of these tasks because they can be altered or spoofed. But they're effective enough that marketers use them for retail analytics. Apple's plan to randomize MAC address in iOS 8 is likely to make profiling mobile devices and their owners more difficult for analytics firms. Existing analytics systems will have to come up with another method for identifying devices.
Smartphones, by design, emit pings to find nearby wireless networks in order to join known networks automatically. Euclid Analytics, a mobile marketing startup based in San Francisco, uses this information, which includes the device's MAC address, to track and assess shopper behavior. As a concession to privacy, the company creates a one-way hash of each MAC address, so it has a unique identifier for each device that can't be reversed to determine the source MAC address.
Being able to identify a device, and by inference, the person using the device, has obvious commercial implications but also raises signficiant privacy concerns. In a 2010 blog post, Microsoft chief architect of access Kim Cameron argued that MAC addresses can be used to identify the home addresses, and thus the identities, of device users.
Yet back in 2011, when Google was revising its data collection practices after its StreetView cars were caught vacuuming data from WiFi networks, Google dismissed the notion that MAC addresses presented a privacy issue.
In an online help document about Google's Location Service, Google said, "A MAC address tells you nothing about the owner or user of the equipment concerned. It's just a string of characters that's technically necessary for Web pages and other content to be properly delivered to your device over the Internet."
Google appears to have revised its opinion the following year: The reference to MAC addresses no longer appears in an October 2012 snapshot of that support document.
In iOS 7, Apple extended its Location Services with a notification system called iBeacon that allows apps to notify users -- with ads, discounts, or just for customer tracking -- when near iBeacon hardware. In iOS 7.1, Apple turned the service on by default, so that apps implementing CoreLocation notifications register to receive iBeacon alerts. Users must opt out if they do not wish to be notified in this way.
The arrival of iOS 8 this fall will make MAC addresses more unreliable as a way to track devices and their users. Marketers thus might be inclined to consider Apple's iBeacon system, perhaps alongside competing schemes such Qualcomm's Gimbal and PayPal's Beacon, as an alternative.
What do Uber, Bank of America, and Walgreens have to do with your mobile app strategy? Find out in the new Maximizing Mobility issue of InformationWeek Tech Digest.