Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds
Mobile device manufacturers and operating system developers increasingly deploy MAC address randomization to protect user privacy and prevent adversaries from tracking persistent hardware identifiers. Early MAC address randomization implementations suffered from logic bugs and information leakages t...
Saved in:
Published in | Proceedings on Privacy Enhancing Technologies Vol. 2021; no. 3; pp. 164 - 181 |
---|---|
Main Authors | , , , , , |
Format | Journal Article |
Language | English |
Published |
Sciendo
01.07.2021
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Mobile device manufacturers and operating system developers increasingly deploy MAC address randomization to protect user privacy and prevent adversaries from tracking persistent hardware identifiers. Early MAC address randomization implementations suffered from logic bugs and information leakages that defeated the privacy benefits realized by using temporary, random addresses, allowing devices and users to be tracked in the wild. Recent work either assumes these implementation flaws continue to exist in modern MAC address randomization implementations, or considers only dated software or small numbers of devices.
In this work, we revisit MAC address randomization by performing a cross-sectional study of 160 models of mobile phones, including modern devices released subsequent to previous studies. We tested each of these phones in a lab setting to determine whether it uses randomization, under what conditions it randomizes its MAC address, and whether it mitigates known tracking vulnerabilities.
Our results show that, although very new phones with updated operating systems generally provide a high degree of privacy to their users, there are still many phones in wide use today that do not effectively prevent tracking. |
---|---|
ISSN: | 2299-0984 2299-0984 |
DOI: | 10.2478/popets-2021-0042 |