Skip to main content

iOS 8's location-tracking protections aren't as powerful as predicted

iOS 8's location-tracking protections aren't as powerful as predicted

Share this story

In June, researchers discovered an unexpected feature in iOS 8 that seemed to offer new protections against location-tracking. But now that the new operating system is trickling out to customers, many marketers are saying it won't even slow them down. As it turns out, Apple's big privacy win isn't as big as we thought.

The new iOS feature focuses on a phone's MAC address, a persistent ID used by mobile devices when scanning for open Wi-Fi signals. In recent years, marketers have started using MAC addresses to track people in stores and malls, pulling data even when the phone is in sleep mode. Privacy advocates don't like it, and iOS 8 seemed to offer a simple fix: When the phone was in sleep mode, it would offer a phony MAC address, chosen at random and completely unconnected to the phone itself. Unearthed by researcher Frederic Jacobs, the feature seemed to offer a simple technical fix to a tricky privacy problem.

Apple's big privacy win isn't as big as we thought

Not so fast, say marketers. Airtight Networks, which performs MAC-based location tracking for clients, has been examining iOS 8's MAC spoofing feature in the wild, and the firm has come away unimpressed. Getting MAC-spoofing to work in practice requires a delicate combination of settings, which Airtight says will severely limit the real-world impact of the feature. Both cellular data service and iOS's Location Services setting must be switched off, both of which will seriously diminish the capabilities of the user's phone. Turning off Location Services will disable the phone's GPS and a host of related functions, while switching off cellular data will limit any internet access to Wi-Fi only. The feature also won't work on the iPhone 5, or anything from a previous generation, and iPad Minis also seem to be be missing the feature. Finally, the nature of the spoofing means it only works in sleep mode, so as soon as a phone's screen lights up, any protection from MAC spoofing is lost.

Those restrictions alone will rule out most users, but Airtight says marketers should be able to work through data even if MAC spoofing is in effect. "It’s easy to weed out the random MACs from real MACs because they use special signatures," says Hemant Chaskar, a VP at Airtight. "So if you want to sanitize the sample set before doing your big data analysis, that is possible."

As a result, it seems likely the vast majority of iPhone users will miss out on these protections, and the location-tracking industry will be relatively unaffected by the changes. iOS 8's MAC spoofing features could still pave the way for stronger protections down the road, but it's far from the big blow for privacy that many had expected this summer.

ICYMI:iOS 8 Review

Today’s Storystream

Feed refreshed 5:33 PM UTC Striking out

Andrew Webster5:33 PM UTC
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.

The Verge
Andrew Webster4:28 PM UTC
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.

Andrew Webster1:05 PM UTC
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.

A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.

Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.

External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.

External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.

Spain’s Transports Urbans de Sabadell has La Bussí.

Once again, the US has fallen behind in transportation — call it the Bussí gap. A hole in our infrastructure, if you will.

External Link
Jay PetersSep 23
Doing more with less (extravagant holiday parties).

Sundar Pichai addressed employees’ questions about Google’s spending changes at an all-hands this week, according to CNBC.

“Maybe you were planning on hiring six more people but maybe you are going to have to do with four and how are you going to make that happen?” Pichai sent a memo to workers in July about a hiring slowdown.

In the all-hands, Google’s head of finance also asked staff to try not to go “over the top” for holiday parties.