When we discovered this bug in iOS, we immediately tested it on an Android phone. Private Wi-Fi addresses are called “randomized MAC addresses” in Android world. We couldn’t spot the real MAC address in the network traffic that the Android device was sending during testing. It’s worth noting that this feature has been available since Android 8.0, which was released in 2017, as opposed to iOS 14, which was released in 2020.
I have a lot of issues with Android, but AOSP being source available lets you know if CVE’s are fixed instead of relying on the company to tell you the truth.
The fallout for most iPhone and iPad users is likely to be minimal, if at all. But for people with strict privacy threat models, the failure of these devices to hide real MACs for three years could be a real problem,
Yeah, if you’re using an Apple product, you either don’t have a privacy threat model that needs it, or you don’t understand privacy.
Add comment