Overview

On September 16th, 2020, Apple released iOS 14 for the apple iPhone, iPad, iPod touch, and Watch. This release introduces ‘private Wi-Fi address,’ a feature that assigns the iOS device a randomized MAC address for each Wi-Fi network. To learn more, check out Apple’s Support Article.

Background

Apple has introduced ‘private Wi-Fi address’ to further protect users’ privacy. MAC randomization increases user privacy by preventing outsiders from using MAC addresses to build a history of device activity. Initially, Apple announced plans to generate random MAC addresses every 24 hours, which would have caused greater disruption to network services. Apple’s final iOS 14 release delivers a softer approach while delivering user privacy.

This article serves to inform you of Apple’s new ‘private Wi-Fi address’ feature and how it may impact you and your customers. 

How ‘Private Wi-Fi Address’ is implemented on Apple devices

• After the Apple device is updated to Apple iOS 14, ‘Use Private Address’ is turned on by default.
• When a user upgrades to iOS 14, a randomized MAC address is generated for all existing SSIDs
  • Note: If your home network has separate 2.4GHz and 5GHz networks, your Apple device will generate a MAC address for each.
• The randomized MAC address will not change over time, even if you force the Apple device to forget the Wi-Fi network and connect again.
• Toggling between ‘Use Private Address’ on and off will cause the Apple device to switch between the real MAC and the randomized MAC for that Wi-Fi network.

How ‘Private Wi-Fi Address’ is implemented on Android devices

‘Private Wi-Fi address’ is already supported on Android devices version 10 and newer. The feature is implemented the same way as Apple devices; however, with one key difference:

• When a user upgrades from a previous version of Android to Android 10, ‘Private Wi-Fi address’ will be turned off and saved SSIDs will stay configured without randomization.

Symptoms

When your Apple device updates to iOS 14, a new ‘private Wi-Fi address’ is generated for each network and causes the Apple device to be treated as a new device. This may cause some OvrC and MAC address-based network services to be interrupted for these Apple iOS devices, including:

• Apple iOS devices appear twice in the OvrC device list
• OvrC Home client services including wireless device profiles created for Apple iOS devices 
• DHCP reservations, whitelist/blacklists & Access Control lists

Workarounds & Next Steps

Below covers the new expected behavior caused by ‘private Wi-Fi address.’ There are several workarounds available if you and your customers are impacted by this change.

Important Note: If you are using Wireless Profiles in any of your projects, we encourage you to review the potential impact this may have on your customers and determine a suitable solution.

1. Apple iOS devices appear twice in the OvrC device list
When an Apple iOS device is updated to iOS 14, the initial instance of the device will show offline, and a second instance of the device will appear. Since the new MAC address assigned is random, OvrC has no way to identify the type of device this is. As a result, the device will appear as “Unspecified” with the device type as “Unknown.”

Identifying the new MAC address on the Apple device

• To learn the new MAC address of your phone, go to:
  Settings > Wi-Fi > Wi-Fi Address.
• To view the original MAC address of your phone, go to:
  General > About > Wi-Fi Address.

Identifying the second device in the OvrC device list

• First instance of Apple device (now showing offline):
  
• Apple device with new MAC address (now showing online):
  

2. OvrC Home parental controls assigned to Apple devices
Manually going through each customer project and identifying the matching Apple devices in the device list may become time consuming and largely not necessary. However, projects where Apple devices are assigned to OvrC Home ‘Wireless Device Profiles’ for parental controls will require special attention.

Assigning Wireless Device Profiles

Apple and Android devices are assigned to OvrC Home Wireless Device Profiles in order to set up client services. The MAC address of an iOS or Android device is used to identify the device through OvrC. If the ‘private Wi-Fi address’ feature is enabled, the MAC address will change and the device will no longer be recognized in OvrC Home client services.

Workaround

• Add the newly-identified (second) Apple device to the Wireless Device Profile to ensure the client services continue to operate as expected.

Alternative Workaround

Users can choose to disable ‘Private Wi-Fi Address’ on their phone for their Private Networks. This feature is designed to increase user privacy. We encourage users to understand the impact prior to disabling. Enabling this feature is encouraged at all times when connecting to Public Networks.

To learn more, check out Apple’s Support Article.