Back at WWDC in June, Apple told the world that a new iOS 8 feature would stop marketers from spying on users through Wi-Fi. The feature is available now—but it turns out, it only works if you turn off your GPS and disable your cellular connection. Which isn't quite as comprehensive as we may have thought.
Airtight Networks security researcher Bhupinder Misra dug into the MAC address randomization feature built into iOS 8. As Apple described it, the feature seems pretty good for users: When your device is searching for Wi-Fi, say in a mall or sports stadium, it will send out a randomised MAC address, rather than the actual code that networks can use to identify your unique device and its location.
But there are caveats: Earlier this week, Misra discovered that on an iPhone 5S, the MAC randomisation only happens when the phone is in sleep mode (i.e., display turned off) with Location services turned off. If you wake up your iDevice to check a text message, or if you leave your GPS signal turned on to use navigation or a fitness tracking app, you're out of luck.
But those first tests were done on devices with the SIM card removed. Today, Misra published a disappointing update: iOS 8's MAC randomisation simply won't work unless you've got your cellular data connection turned off.
That's right; according to this research, if you don't want people tracking your iDevice, you've got to leave it in sleep mode, with GPS turned off, and disconnect your cellular data. If you've done all that, you'll be safe, sure. But at that point, you might as well have left your smartphone back at home, because there's absolutely no utility in carrying around a device that you cannot turn on. But as it stands right now, that's the only way you can utilize the randomised MAC address feature Apple says will prevent retailers from tracking you.
Misra discovered these findings on an iPhone 5S, and says he has not tested the iPhone 6 yet to see how it responds. He says the MAC randomisation feature did not work on an iPhone 5 or an iPad Mini.