IBM MaaS360

IBM MaaS360

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Wi-Fi MAC Randomization Policy for Android devices using MaaS360

By Apoorva Chourasia posted Mon September 23, 2024 12:20 AM

  

Wi-Fi MAC Randomization Policy for Android devices using MaaS360

History of Wi-Fi MAC Address  

The Wi-Fi MAC address in mobile phones has evolved significantly since its introduction, reflecting the growth of wireless communication and privacy concerns over the years. Wi-Fi started being integrated into mobile phones in the early 2000s. Before this, mobile phones used cellular networks exclusively, which didn't require a MAC address. With Wi-Fi integration, these devices needed a unique MAC address for network communication. Since then phones were designed with built-in Wi-Fi capabilities, and each device came with a unique Wi-Fi Device MAC address, allowing them to connect to wireless networks. 

 

Overview - What is Wi-Fi MAC Randomization?  

A Wi-Fi MAC randomization address is a temporary, randomized address that a device uses when connecting to a Wi-Fi network. MAC randomization creates a different, artificial MAC address for each Wi-Fi network a device joins. The goal of doing this is to increase user privacy by preventing network operators from being able track devices using the real address as a consistent device identifier. 

Security Risks 

Since the Wi-Fi Device MAC address was a unique, permanent identifier for the device, it became a target for potential privacy violations and malicious attacks. The ability to track users over different networks raised significant privacy concerns, especially as more apps and services began requiring Wi-Fi access. 

 

Evolution of Wi-Fi MAC Address  

Android 9 : Devices were having only static Wi-Fi Device MAC Address . 

Android 10 : Google has allowed users to enable MAC address randomization  that is Persistent randomization  on a per-network basis. This became the default behavior for most devices running Android 10 and later 

Android 12 : Non-persistent randomization  address was introduced.

Types of Randomized MAC address :  

  1. Persistent randomization  - Android  generates a MAC address based on the network profile's parameters, like the SSID or security type. The MAC address remains the same until the device is factory reset.

  2. Non Persistent MAC Address : The Wi-Fi module re-randomizes the MAC address at the start of every connection or the framework uses the existing randomized MAC address to connect to the network. Address is regenerated when the current randomized MAC for the network profile was generated more than 24 hours ago. MAC address re-randomization only happens at the start of a new connection. 

Finding your MAC address on Mobile 

Go to Network & Internet >  Internet  > Choose Internet connection > Click on settings icon > Privacy 


Why and How to disable MAC Randomization  

In some cases, users can still choose to use their device’s real MAC address. This is often necessary for networks with MAC address filtering (common in enterprise or secure environments), where the actual hardware MAC address needs to be whitelisted to gain access. 

 

MaaS360 Support 

MaaS360 has enhanced the capability to support the policy  where user can choose the Wi-Fi MAC address type & can disable MAC Randomization based upon their needs and requirement. 

Step-by-step guide on how to configure the Wi-Fi by setting the MAC Randomized type. 

Step 1: Configure a Wi-Fi profile in MaaS360 portal using MDM policy.

The path to do configure the Wi-Fi profile in the MaaS360 portal:  

Security > Policies  > Choose policy > Configure settings >  Android Enterprise Settings > Wi-Fi  > Wi-Fi Profile > Check Configure Wi-Fi  >

 Add Wi-Fi Profile.  

 This will open a below screen to configure a Wi-Fi profile, fill in the details and user can choose the MAC Randomization setting. 

Note: The Network Details settings screen does not let users control what MAC randomization type is used. Users are only able to enable and disable the MAC randomization feature as a whole for a given network. 

1. On selecting  Use Device MAC, device will use Device MAC address. 

2. On selecting  Automatic MAC, Persistent MAC & Non -Persistent MAC device will use Randomized MAC.  

Example : Below screen you can see Test Wifi Profile is configured by selecting MAC Randomization as Use Device MAC. 

A screenshot of a computer Description automatically generated

Step 2:  Publish the policy  

Once device receives the policy then configured Wi-Fi profiles can be seen in the Corporate Settings in the device. 

A white background with black dots Description automatically generated

Step 3 : Check the MAC Randomized  type in the saved Wi-Fi profile in phone.  

Go to Settings > Network & Internet >  Select Test Wifi Profile >  Click on icon to get the details of this WiFi. 

You can see that Device MAC Address is used here as configured in the policy. 

A screenshot of a phone Description automatically generated

How it varies across operating systems

The implementation of MAC randomization is not standardized, so its behavior varies across operating systems. For example, iOS 14 automatically randomizes a device's MAC address every 24 hours, while Android's MAC address stays consistent for each network after joining. 

Prerequisites

  • MaaS360 Android Agent 8.70 or higher.

  • This feature is supported from Android 13 onwards.

Conclusion  

Today, mobile devices balance security, privacy, and convenience, with more sophisticated handling of Wi-Fi MAC addresses.This enhancement from MaaS360 is a solution to the customer to choose and configure the Wi-Fi MAC address based upon their needs. 

 Do stay tuned for more feature enhancements. 

0 comments
40 views

Permalink

https://community.ibm.com/community/user/blogs/apoorva-chourasia/2024/09/19/mac-randomization-policy-for-android-devices-using