MAC address randomization
Apple platforms use a randomized media access control address (MAC address) when performing Wi-Fi scans when not associated with a Wi-Fi network. These scans can be performed to find and connect to a known Wi-Fi network or to assist Location Services for apps that use geofences, such as location-based reminders or fixing a location in Apple Maps. Note that Wi-Fi scans that happen while trying to connect to a preferred Wi-Fi network aren’t randomized. Wi-Fi MAC address randomization support is available on iPhone 5 or later.
Apple platforms also use a randomized MAC address when conducting enhanced Preferred Network Offload (ePNO) scans when a device isn’t associated with a Wi-Fi network or its processor is asleep. ePNO scans are run when a device uses Location Services for apps that use geofences, such as location-based reminders that determine whether the device is near a specific location.
Because a device’s MAC address changes when disconnected from a Wi-Fi network, it can’t be used to persistently track a device by passive observers of Wi-Fi traffic, even when the device is connected to a cellular network. Apple has informed Wi-Fi manufacturers that iOS and iPadOS Wi-Fi scans use a randomized MAC address and that neither Apple nor manufacturers can predict these randomized MAC addresses.
iOS 14, iPadOS 14, and watchOS 7 introduce a new Wi-Fi privacy feature: When an iPhone, iPad, iPod touch, or Apple Watch connects to a Wi-Fi network, it identifies itself with a unique (random) MAC address per network. This feature can be disabled either by the user or using a new option in the Wi-Fi payload. Under certain circumstances, the device will fall back to the actual MAC address.
For more information, see the Apple Support article Use private Wi-Fi addresses in iOS 14, iPadOS 14, and watchOS 7.
Wi-Fi frame sequence number randomization
Wi-Fi frames include a sequence number, which is used by the low-level 802.11 protocol to enable efficient and reliable Wi-Fi communications. Because these sequence numbers increment on each transmitted frame, they could be used to correlate information transmitted during Wi-Fi scans with other frames transmitted by the same device.
To guard against this, Apple devices randomize the sequence numbers whenever a MAC address is changed to a new randomized address. This includes randomizing the sequence numbers for each new scan request that’s initiated while the device is unassociated. This randomization is supported on the following devices:
iPhone 7 or later
iPad 5th generation or later
Apple TV 4K or later
Apple Watch series 3 or later
iMac Pro (Retina 5K, 27-inch, 2017) or later
MacBook Pro (13-inch, 2018) or later
MacBook Pro (15-inch, 2018) or later
MacBook Air (Retina, 13-inch, 2018) or later
Mac mini (2018) or later
iMac (Retina 4K, 21.5-inch, 2019) or later
iMac (Retina 5K, 27-inch, 2019) or later
Mac Pro (2019) or later
Apple generates randomized MAC addresses for the Peer-to-Peer Wi-Fi connections that are used for AirDrop and AirPlay. Randomized addresses are also used for Personal Hotspot in iOS and iPadOS (with a SIM card) and Internet Sharing in macOS.
New random addresses are generated whenever these network interfaces are started, and unique addresses are independently generated for each interface as needed.
Wi-Fi networks are identified by their network name, known as a service set identifier (SSID). Some Wi-Fi networks are configured to hide their SSID, which results in the wireless access point not broadcasting the network’s name. These are known as hidden networks. iPhone 6s and later devices automatically detect when a network is hidden. If a network is hidden, the iOS or iPadOS device sends a probe with the SSID included in the request—not otherwise. This helps prevent the device from broadcasting the name of previously hidden networks a user was connected to, thereby further ensuring privacy.