Last month, Apple quietly unveiled a new feature in iOS 8 that automatically scrambles an iOS device’s MAC address when it is searching for Wi-Fi networks. It made this move as a security precaution, as some marketing and analytics companies use the unique identifier to collect users’ location history to help clients “improve store layouts, determine timing for promotions and sales, measure the effects of advertising, and set staffing levels and store hours.”
If you have an Android smartphone, however, the Electronic Frontier Foundation claims there remains a high risk that your device is broadcasting your location history to anyone within Wi-Fi range of you. “Wi-Fi devices that are not actively connected to a network can send out messages that contain the names of networks they’ve joined in the past in an effort to speed up the connection process,” the EFF writes.
Android has a feature called Preferred Network Offload (PNO) for allowing devices to establish and maintain Wi-Fi connections in low-power mode, with underlying goals of increased battery life and less cellular data usage. But the problem is that many Android phones, dating back to Honeycomb, are broadcasting the names of Wi-Fi networks when their screens are turned off.
Google tells the EFF that it is investigating possible changes that would be included in a future software update:
“We take the security of our users’ location data very seriously and we’re always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release.”
Android is not the only platform that is affected by this problem, but the EFF claims that it poses the greatest privacy risk. In the meantime, the digital rights group shares a workaround that involves going into “Advanced Wi-Fi” settings and setting the “Keep Wi-Fi on during sleep” option to “never.” The temporary solution does not work on all devices, however, meaning that you may have to manually forget networks or keep Wi-Fi toggled off to remain secure.
Expect your battery life and cellular data usage to increase as a result.