Unlike its predecessors, the latest version of Apple’s mobile operating system (OS), due in September 2014, will keep private the device's location, past Wi-Fi connections and Media Access Control (MAC) address.
In current versions of iOS, whenever Wi-Fi is turned on, a device’s MAC address is visible to nearby wireless access points.
But, as announced at the recent Apple Worldwide Developer Conference in San Francisco, iOS8 will use randomly generated MAC addresses while scanning for Wi-Fi networks.
This means the marketing firms that gather those MAC addresses will no longer be able to track users and serve them ads based on their profile, location and preferences.
According to security firm Sophos, Wi-Fi sniffing tracking technology has been used by marketing location analytics (MLA) firms to create profiles of shoppers and serve ads from vending machines, for example.
Read more about Apple iOS
However, although iOS 8 will obscure device identity when it scans for wireless networks, it will not provide perfect privacy protection, points out Sophos blogger John Zorabedian.
“Once you decide to connect to a hotspot, iOS 8 will use your real MAC address,” he wrote in blog post. This could expose users to unwanted tracking, using past Wi-Fi hotspots.
Sophos warns that, if mobile users automatically connect to networks, they are vulnerable to Wi-Fi sniffers, including criminals.
This means an attacker could also create a network with the same name and use it to launch a man-in-the-middle attack.
Apple’s planned change to the way iOS handles MAC addresses has prompted calls for this to become an industry standard and for other operating systems, such as Google’s Android, to offer similar protection.
How to protect yourself from snoopers
Sophos provides some recommendations on how mobile users can protect themselves from unwanted snooping for better security and privacy:
- Turn off Wi-Fi and Bluetooth when not in use;
- Turn of geo-tagging in apps such as Facebook;
- Do not accept prompts to remember Wi-Fi networks;
- Encrypt devices and data;
- Always use a VPN (virtual private network) for a secure connection;
- Use WPA2 encryption on wireless networks, not the outdated WEP or WPA encryption protocols.