A phone has a unique identifying code called a MAC address that can be used to track you, so you might think it would be a good idea to hide it, but there are potential problems to be aware of.
It is not just phones that have a MAC address, every network device has one and it is part of the way networks manage communications between devices. There has to be some unique way to identify a computer, phone, tablet, wireless printer, router and so on, so that the right network packets can be set to the right devices.
A MAC address consists of a series of numbers and letters. They are assigned by the manufacturer of the device, they are unique, and they are fixed in the hardware. (Wikipedia: MAC address).
A problem with having a unique identifier on a network device is that it enables that device to be tracked. When that device is a phone, it means you can be tracked by any Wi-Fi network within range.
If you are in a shopping mall for instance, there may be many Wi-Fi networks and as you visit stores, they may log your arrival by recording your phone’s MAC address. You could be tracked within shops and across multiple shops.
In the same way, cafes, restaurants, hotels, airports, train stations and other places with Wi-Fi can log you and track your movements.
To combat this, phone can replace the built in MAC address with one chosen at random. As you move around, a different random MAC address is used with each Wi-Fi network. The idea is to increase your privacy by making it impossible to track you.
This is not a perfect solution and there are ways around MAC address randomization that still enables tracking if someone really wants to track you. However, like all security methods, it helps and it is certainly better than no randomization.
Fighting MAC address randomization
Public Wi-Fi hotspots are fighting back and I recently came across a place that would not let me access the Wi-Fi unless I disabled MAC address randomization. I wanted to use the free Wi-Fi at McDonalds while I ate my Big Mac and drank my coffee, but this is what greeted me on my phone:
McDonalds wants to track me and won’t let me in unless I disable MAC address randomization! Should I agree and disable it and let them track me or forget using the Wi-Fi?
Is this the beginning of cafes, stores, hotels, airports and other places fighting back. Will they not let us use their Wi-Fi unless we agree to be tracked?
Enable/disable MAC address randomization
Let’s take a look at an Android phone first, then an iPhone afterwards. This budget Samsung phone is running Android 10.
Open Settings on the phone and press Connections. Then press Wi-Fi to see a list of Wi-Fi networks within range. Press the network you want to configure, McDonald’s Free WiFi in this case.
The Wi-Fi details appear, like the network speed, IP address and security. Down at the bottom is Advanced. Press it.
Among the advanced settings for this Wi-Fi network is MAC address type. You can see that it says Use randomized MAC (default). This phone defaults to always using a randomized MAC, but McDonald’s doesn’t like it and we need to turn it off. Press it.
A small menu appears and Use device MAC can be selected. This only affects this network and no others, which can continue to use a randomized MAC. Once this is selected, the phone will connect to the free Wi-Fi in the usual way.
Now let’s look at an iPhone. The menus use different words, but the result is the same.
Go to Settings > Wi-Fi > and press the current Wi-Fi network. The Private Address switch is used to enable or disable MAC address randomization. Most places accept this, but if you get a message like at McDonald’s, turn it off.
Is this a sign of things to come? I hope not. Who wants to be tracked everywhere they go? Let’s hope that this is a one-off and we can continue to be anonymous with MAC address randomization.