Wi-Fi privacy with Apple devices
Apple devices have features designed to help devices maintain private Wi-Fi connections.
Private Wi-Fi address
On devices with iOS 14, iPadOS 14, macOS 14, watchOS 7, visionOS 1.0, or later, when connecting to a Wi-Fi network, the device has the ability to identify itself with a unique and random Wi-Fi (MAC) address. This assists in reducing tracking of devices and enhances user privacy.
Note: This feature can be turned off by a mobile device management (MDM) solution (requires visionOS 1.1 or later). If the feature is turned off, the operating system shows a privacy warning in Settings indicating that the network has reduced privacy protections.
On devices with iOS 18, iPadOS 18, macOS 15, watchOS 11, visionOS 2.0, or later, the Private Wi-Fi Address feature has been updated to support three operating modes, selectable on a per-network basis:
Off: Uses the device’s hardware Wi-Fi address, allowing tracking by networks and nearby Wi-Fi devices.
Fixed: A fixed private address reduces cross-network tracking by using a unique Wi-Fi address on the network. Used as default for secure network connections, such as WPA2 Personal, WPA2 Enterprise, WPA3 Personal, WPA3 Enterprise, WPA3 Enterprise 192-bit Security, and R3 WPA3 Personal.
Rotating: A rotating private address reduces tracking by periodically changing this device’s Wi-Fi address on the network. Used as default for connections that use weaker authentication or encryption methods, such as WPA, OWE, WEP, captive portals, and open networks.
For more information, see the Apple Support article Use private Wi-Fi addresses on iPhone, iPad, and Apple Watch.
Hidden networks
Wi-Fi networks are identified by their network name, known as a service set identifier (SSID). Some Wi-Fi networks are configured to hide their SSID, which results in the wireless access point not broadcasting the network’s name. These are known as hidden networks. Apple devices automatically detect when a network is hidden. If a network is hidden, the device sends a probe with the SSID included in the request—not otherwise. This helps prevent the device from broadcasting the name of previously hidden networks a user was connected to, thereby further ensuring privacy.
Personal Hotspot, Internet Sharing, and peer-to-peer privacy
Apple generates randomized MAC addresses for the peer-to-peer Wi-Fi connections that are used for AirDrop and AirPlay. Randomized addresses are also used for Personal Hotspot in iOS and iPadOS (with a SIM card) and Internet Sharing in macOS. New random addresses are generated whenever these network interfaces are started, and unique addresses are independently generated for each interface as needed.
Timing synchronization function offset randomization
To increase user privacy and mitigate device fingerprinting, Apple devices randomize the starting Timing Synchronization Function (TSF) offset for all peer-to-peer and Access Point modes. This 56-bit random offset helps prevent an attacker from using the TSF value to defeat MAC address randomization. The TSF offset for an interface is randomized whenever the interface MAC address changes. TSF offset randomization support was added on the following devices with iOS 15, iPadOS 15, macOS 12.0.1, tvOS 15, visionOS 1.0, or later:
All iPhone models starting with the iPhone 8 or later
All iPhone SE models starting with the iPhone SE (2rd generation) or later
All iPad models starting with iPad Air (3rd generation) or later
All Mac computers from late 2020 or later
All Apple TV models starting with Apple TV 4K (1st generation) or later
Apple Vision Pro
All HomePod models