iOS 14

Comments

43 comments

  • Avatar
    Firewalla

    Out of my curiosity, if you have the privacy button on, and connected to your home network, did that MAC change in the past few days?  ours didn't ...  (in the beta phases we see changes, seems apple now stick one MAC to one SSID ... which is like android ... which means, the problem of the randomized MAC will only happen once.

    0
    Comment actions Permalink
  • Avatar
    Rolando Nispiros

    My privacy button is on and I have not had the issue in the past few days and I have at least 6 iOS devices on iOS 14.

    0
    Comment actions Permalink
  • Avatar
    Andy

    According to Apple’s support document, the mac will not change once configured for that network, just the mac will not identify the device manufacturer and can change if you reset network setting.

    https://support.apple.com/en-us/HT211227

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    So I thought the private addresses were generated once/24 hours. This suggests not.

    “To reduce this privacy risk, iOS 14, iPadOS 14, and watchOS 7 use a different MAC address for each Wi-Fi network. This unique, static MAC address is your device's private Wi-Fi address for that network only.”

    https://support.apple.com/en-us/HT211227
    that would suggest that once the device is on the network it will keep the private address, I personally don’t think that goes far enough, but it does match what some of you are seeing. Once I tried the private address I turned it off and things have been working as I wanted them to. 

    I don’t see why anyone should want the private address setting on at home. 

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    According to fing, it isn’t stable and it isn’t 1/24 hours, but random. https://www.fing.com/news/private-mac-address-on-ios-14

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    That makes sense @andy since apparently the randomization is based in part on the BSSID.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Hi Andy I've seen sources say that it isn't a strict 24 hour process. Some sources claim each wifi point (BSSID really) will be permanently tied to a private MAC. Others say it is random and will change without notice even while you are on a network. Have you tested and verified how it works or did you just read this somewhere? 

    0
    Comment actions Permalink
  • Avatar
    Adam Case

    Thanks for this post, it has been very helpful.  I consider myself a novice in this area.  I have been using Firewalla blue for about 6 months.  I have appreciated it because of its simplicity.  I have been having the same problem mentioned in this post, since iOS 14 has been installed on my iOS devices.  I finally realized it was only ios 14 devices that were having the problem.  I have followed the advice here of turning off Private address and it seems to have worked, although it's only been 12 hours ago. I was running two iphones and one ipad that were having issues.  Since finding this post I have upgraded the other two family ipads so I am now running five ios devices on ios 14 and have turned off Private address for each of them.  It seems to have worked. So far I've had no issues since I turned off private address and restarted my devices.

     

    As a novice, my question is, am I more secure using firewalla with private address turned off in ios or would I be more secure to stop using firewalla and leave private address on?  I feel like it would be nice to use both, but from reading this post, that doesn't seem possible.

    0
    Comment actions Permalink
  • Avatar
    Adam Case

    Thanks @andy and @firewalla  I appreciate the help/clarification.

    It seems like an impossible request, given what is happening with this issue, but it would be helpful for a novice to somehow be alerted to this issue and what the fix/workaround is.  (If I'm understanding things correctly it would be virtually impossible for firewalla to have any way to know iOS was spoofing the MAC address and alert the user).  I was frustrated for a number of days, and then when I found out it was related to firewalla my first thought was that I was going to have to stop using it.  I'm glad I dug a little deeper and was able to find this thread. I greatly appreciate firewalla.  Thanks again everyone.

     

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @Adam, Firewalla is using a dialog to alert you when it thinks that a Private Address is an issue. Though I can't speak to how they determine that or if it is flawless. My guess is that maybe they are looking for devices with names they already know? But in any case, my guess is this is imperfect and this is just one of the challenges any router will face with the introduction of Private Addresses. Eventually people will learn that if they are on a trusted network they should disable Private addresses. It is that simple. 

    0
    Comment actions Permalink
  • Avatar
    New Gold owner

    Michael brings up a great point here:   I don’t know yet if I can stop the kids from using private Mac addresses. If I can’t, then firewalla parental controls are worthless.

    In my current TP-Link router, I've set both the original MAC address and the private MAC address that my kid's iPhone uses to connect to it, in order to apply parental controls (sometimes a blacklist, and sometimes a whitelist of websites, etc). Oddly, I've noticed in iOS 14, it uses the same private MAC address when I toggle it back and forth from private to non-private MAC.  So I just block both and will keep looking if it changes it to another, randomly assigned MAC address.

    Firewalla - have we figured this out? I'd like to know before buying a Gold or Blue Plus.  Parental controls to help guide our kids is exactly what is needed, but almost every teenager knows how to turn on/off a VPN and Private MAC address settings using iOS. 

     

     

     

     

    0
    Comment actions Permalink
  • Avatar
    New Gold owner

    Also, to point out the obvious, if the kids have their cellphones, it’s easy for them to turn off WiFi and use their cellular data plans. So I’ve had to confiscate phones in order for homework to be completed. They can also use a different, publicly available hotspot (xfinitywifi) for their school issued Chromebook, so I’m trying to control our home network at a minimum.

    I know it’s not Firewalla’s problem to fix our kids’ addiction to the Internet (thanks, home/online learning) but anything would certainly help!

    0
    Comment actions Permalink
  • Avatar
    New Gold owner

    Thank you - I'm getting desperate here, and will place my order for Firewalla Gold.  Keep up the good work. Hopefully the interfaces for blacklist websites allows for wildcards and subnets? keyword search blocks?

    0
    Comment actions Permalink

Please sign in to leave a comment.