Search results for

All search results
Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Apple made a false privacy claim for three years and everyone believed it

The "Private Wi-Fi Address" feature on iOS claimed to hide your MAC address, but continued sharing it in a different field.
By

Published onOctober 27, 2023

apple iphone 15 dynamic island
Ryan Haines / Android Authority
iPhone 15
TL;DR
  • iOS 14 introduced a “private Wi-Fi address” feature that claimed to hide your MAC address and share a different identifier when you connect to Wi-Fi.
  • However, security researchers discovered that the feature still shared your MAC address in a different field.
  • Apple has fixed this issue with iOS 17.1 by removing the vulnerable code.

iPhones are generally regarded as one of the most secure smartphones available for purchase to the public at large. Apple has built a lot of iOS features over the years that have helped it earn this reputation. However, everything doesn’t always work exactly as advertised. The latest iOS 17.1 update brings fixes for iOS’s “private Wi-Fi address” feature, which unintentionally broadcasted the real MAC address of your iPhone in some instances.

According to a report from ArsTechnica, iOS 17.1 includes a fix for a vulnerability that prevented the “private Wi-Fi” address feature from working. The feature was introduced in iOS 14, and security researchers interviewed by the website mention that the vulnerability rendered the feature useless.

iOS Wi Fi settings 2
Aamir Siddiqui / Android Authority

Apple devices are said to have continued displaying the actual Wi-Fi address instead of the claimed private one.

What does the “Private Wi-Fi Address” feature on iOS do?

All devices that connect to a Wi-Fi network have an identity string that is used to help connect them to the internet. This identity string is a group of 12 characters (numbers and letters) that identifies your hardware. It is what is called a MAC (media access control) address.

MAC addresses are usually deemed permanent and tied to your device. They can be changed when you change the network interface hardware and can be masked in some instances but are otherwise deemed static at the hardware level. This allows trackers to track you across Wi-Fi networks, as your MAC address remains the same.

With iOS 14, Apple introduced the “Private Wi-Fi Address” feature for iPhones. Instead of sharing the MAC address with the network, the feature would display a separate “private Wi-Fi address” that would differ for each network, reducing your trackability.

What was the bug, and what is its impact?

However, the security researchers note that while the feature did share the “private Wi-Fi address” on connection, it would also share the MAC address alongside, just in a different field. A knowledgeable person could still pull the real MAC address without trouble. Even Apple’s Lockdown Mode would continue sharing the real MAC address.

In fairness to Apple, the feature did make it difficult to ordinarily track an iPhone across the network, which is what the cautious wording on the feature also indicates. What it failed to do was provide complete protection.

This bug is of little practical consequence to the average user, even though it compromised the privacy it claimed to protect. It does highlight that the iPhone isn’t so secure after all, and you shouldn’t have blind faith in every feature and toggle.

You might like