| ▲ | bigiain 2 hours ago | ||||||||||||||||
> Lookup "resolvable private address". The short of it is, your phone can find your headphones or vice-versa, despite one or both having random addresses. Is that just for the connection phase? Or does it then start publicly broadcasting a persistent MAC onced it's connected, so if you earbuds or watch are connected and communicating with your phoine, would a sniffer see a persisten MAC address or the session randomised one? That's a problam (one of many problems) with WiFi MAC address randomisation - you can sniff the network names a phone is trying to connect to, then stand up a wifi access point with one of those names and the phone will reveal its real MAC address when it connects. I experimented a long time back with having a raspi that broadcast itself as a McDonalds free wifi access point, a huge number of phones would try to connect while I was out in public with it. | |||||||||||||||||
| ▲ | gruez 2 hours ago | parent [-] | ||||||||||||||||
>That's a problam (one of many problems) with WiFi MAC address randomisation - you can sniff the network names a phone is trying to connect to, then stand up a wifi access point with one of those names and the phone will reveal its real MAC address when it connects. That's not how mac address randomization works now for both android and ios. Both connects with a randomized mac as well, which might be persistent per-network, but it still heavily hampers data collection. For ios specifically, it also seems to have some sort of heuristic to detect which network names are common/guessable, and use a rotating mac for those. Moreover "you can sniff the network names a phone is trying to connect to" isn't really a thing unless the network is using hidden ssid, which isn't the default for almost all routers. | |||||||||||||||||
| |||||||||||||||||