Android P MAC Randomisation: A GlobalReach Technology Assessment

Chris Spencer, Group Chief Security Officer, GlobalReach Technology

A number of new changes are being introduced within Android P of which two are associated with Wi-Fi. GlobalReach Technology has been briefing customers about one change, MAC address randomisation, a new privacy guard feature being introduced in Android P called ‘Connected MAC Randomisation’.

This GlobalReach briefing is available to our close partners to inform them about the changes, and to and raise awareness of this upcoming Android feature that could impact their current or planned Wi-Fi solution.

The GlobalReach Odyssys AAA+ platform already supports the changes needed to allow operators to create a stable usable Wi-Fi solution. Speak to us about your individual use case, and how it can be changed or adapted to support this upcoming Android change.

Currently, iOS and Android will anonymise the MAC during probe requests but still use the true hardware MAC address when connecting to the network. In the Android P new development release, Android plans to create a unique, anonymous MAC for each SSID that the device connects to:

  • Connected mode randomisation is a developer feature only and would be default off for Android P. Our (Google) main goal this year is to get a soak time in the industry and get feedback from partners such as yourself who depend on MAC address identifier. It gives time for the ecosystem to adapt to new behavior once we roll out in subsequent releases as the default behaviour.
  • In O, we (Google) released Probe mode randomisation, which randomised the MAC address while scanning for new networks. For P, we are going to create a persistent MAC address per SSID. So for enterprise use-case, you would see the device show up with the same mac address every time it connects to your network. (Source: Android Development Team Liaison Officer).

During one discussion with the Android team, we were made aware of one important note. If the user forcefully forgets the network and removes that network’s Wi-Fi settings, then reconnects, a new MAC address is created for the SSID. Thus, operators will no longer be able to use the MAC as a reliable unique identifier for the device.

Wi-Fi Industry Implications

We’ve identified that the following are potential impacts to existing systems and Wi-Fi solutions:

  • It will not be possible to use MAC address that has attached to the private network to block that MAC from connecting to public Wi-Fi in own home (carriers)
  • If a subscriber forgets the network as stated above, they will have to re-register for a service that is based on MAC address recognition.
  • Customers that change MACs will have to re-sign in and register new device (which could be filling up their account’s device concurrency limits)
  • Android’s connectivity manager creates a profile on the fly. Creating a new MAC with every connection will fail or will mean having to use WISPr for open connections
  • Some clients rely on a stored authorised MAC (hashed) address list to connect users quickly to open hotspots without authentication (returning users)
  • Pay-per-use customers have their PPU pass associated with a MAC. If it changes there is no way to transfer that pass to another MAC (an alternative solution for this is already possible within the GlobalReach AAA, such as issuing a session code that they could re-enter to gain back the purchased package)
  • Freemium Wi-Fi subscribers can more easily create a new MAC that will allow them to create a duplicate account and get another free session or allowance.
  • MAC randomisation could result in duplication of a real registered MAC address, creating a spoofing scenario (theft of service, erroneous attribution). NB: We’ve asked for more clarity from Google. Currently, it is not known what the scope of the randomisation is.
  • Analytics that rely on the ability to identify a unique device, and have that identifier remain consistent over time, will be affected

Beta Available

As of the time of creating this document, Android P Developer Build R2 (Build PPP2.180412.013), is available. Some small edge cases could be seen prior to the official release with developers testing this release.

Update: June 2018

Google has issued an updated statement: In Android P, MAC Randomisation will be OFF by default to give the industry time to adapt to this change. However, it also warns that by release Q (due 2019), this feature will be enabled by default for everyone, though users wishing to turn this feature on in P may do so within their Wi-Fi settings.

Why Randomise the Device MAC Address?

The primary reason for this is client privacy, the aim and thought behind this is to stop data sets from different networks being combined to create a profiled user without the users’ consent.

Disclaimer: Accuracy

All information contained in this document was correct at the time of publication, GlobalReach has members on the liaison committees working with the Google Android team.

Dr Chris Spencer, GlobalReach Technology, sits on the industry feedback review panel. Please relay questions to the panel through Chris.

Google has not stated when P will become a public release, but typically a new public carrier code base and AOSP are released around August/September. More information will be shared as the Android team releases answers to questions that have been raised.