What is MAC address randomisation?

For several years now, Apple devices have incorporated features designed to enhance the protection of user privacy, particularly when connecting to WiFi networks.

One of these features, called MAC Randomisation, aims to prevent the tracking or profiling of users by masking the device's real identity. This behaviour can have an impact on the Wifirst network, particularly during identification at the captive portal.

The aim of this article is to explain this mechanism and its impact on the user experience.

What is MAC Randomisation?

MAC Randomisation is a feature introduced by Apple to protect users' privacy when using WiFi networks. 

Traditionally, each device connects to a network using a unique MAC address, making it possible to track the user's movements from one site to another.

To avoid this, Apple introduced a temporary MAC address in iOS 8 when searching for available networks ("probe requests"). These requests were sent to detect nearby networks and used the actual MAC address as an identifier.

Since iOS 14, this approach has been strengthened: iOS devices now use a random MAC address for each network, including at the time of connection. This address changes in certain cases (if the user forgets the network, for example), so that the same device can be seen as different each time.

This address can also change automatically even if the user takes no action, for example when accessing a new network with little or no security. In this case, iOS activates a default setting and the MAC address is automatically renewed every two weeks.

Who is affected?

All Apple users running iOS 14 or later are affected by MAC Randomisation. The feature is activated by default, but users can disable it in WiFi settings.

What is the impact on the Wifirst captive portal?

At Wifirst, network equipment identifies users via their MAC address. This ensures a smooth connection, with automatic access for reconnection.

With MAC Randomisation, the same device can be seen as "new" because its MAC address changed, requiring a one-off reconnection via the captive portal:

• The user connects to the WiFi network
• Their device uses a random MAC address, specific to this network
• The captive portal pops up

• Once access has been validated, the user can browse as normal
• As long as the device retains this MAC address, it will be automatically recognised the next time it connects.

This behaviour has no impact on network operation and performance, as Wifirst efficiently manages IP address allocation and multiple connections.

What are the alternatives?

MAC Randomisation is a native feature of iOS, so it is not a limitation specific to the Wifirst network, which can offer additional authentication solutions (login, code, etc.) to meet more stringent identification requirements.

Users can also disable MAC Randomisation from their device's WiFi settings, if they wish to avoid occasional reconnections.

In a nutshell

Since the latest versions of iOS, Apple devices use a random MAC address for each WiFi network. This privacy behaviour, activated by default, is taken into account by Wifirst. This may lead to reconnections, but has no impact on service stability.