Customised Ubiquiti Clients and Randomised MAC Addresses on Apple Devices
You know how some people are what you'd call "house proud" in that they like everything very neat and organised? You walk in there and everything is in its place, nice and clean without clutter. I'm what you'd call "network proud" and the same principle applies to how I manage my IP things:
That's just a slice of my Ubiquiti network map which presently has 91 IP addresses on it between clients and network devices. Each one has been meticulously customised by both name and icon so that it's immediately recognisable on the map. For example, the Nanoleaf in my daughter's room has the correct image associated to it and her name alongside it so I can easily differentiate it from the one in my son's room. Like I say, network proud, so you can imagine my horror when confronted with the image below:
"TroysAppleWatch"?! Where's the apostrophe?! And the spaces?! And what's that hideous default icon doing there?! This wasn't the first time I'd seen this either; I'd noticed clients losing their settings for weeks now. I had a theory about what might be the cause so a week ago, I snapped a pic of a bunch of the Apple clients on my network, including their MAC addresses:
Ah, look at those beautiful names and icons 😊
Now let's look at the details of my watch as they stand today and in particular, the MAC address it has:
It's completely different to the one I snapped last week. Same watch, same hostname, different MAC address. The root cause quickly became evident: MAC addresses are effectively unique identifiers and the appearance of the same one over and over again provides the ability to track devices. We've known about this for years; even back in 2013, rubbish bins in London were tracking people via their MAC addresses so this isn't a new thing. To address this privacy risk, in their recent OS updates Apple have begun randomising the MAC address on iPhones, iPads and Apple watches which, whilst improving privacy, has kinda messed up my otherwise very clean Ubiquiti setup.
The fix is simply to jump into the Wi-Fi network and look for the "Private Address" toggle:
Turning that off causes the device to disconnect from the network:
Before joining back on with a new (now static) MAC address:
After this the phone came back online and because it's reverted to a MAC address I'd previously associated a name and icon to, everything now looks just fine:
It's the same deal with the watch which has an equivalent setting:
One final thing on this: Apple's official docs suggest that whilst the MAC address is unique per network, it's static once assigned to the network:
To reduce this privacy risk, iOS 14, iPadOS 14 and watchOS 7 use a different MAC address for each Wi-Fi network. This unique, static MAC address is your device's private Wi-Fi address for that network only.
That's not consistent with the piece I referenced earlier though which referred to "a feature that periodically changes the MAC address your device uses with each Wi-Fi network", although that was related to a public beta of iOS 14 back in July. But it's also not consistent with my own observations; whilst it's possible that I was looking at changing names and icons for my own devices across different Wi-Fi networks within my own home (I have a primary network, an IoT network and a guest network), the same can't be said of my partner Charlotte who definitely has only ever connected to the primary network. Yet, last week when I was first looking into this, her watch and phone weren't recognised:
When we're talking about a home network, I can't see any downside to not randomising the MAC and so far, it's completely solved the problem I was seeing in my Ubiquiti network. Plus, even if the MAC does remain static on a per-network basis, I do still want my own devices in my own home recognised regardless of what SSID they happen to be connected to.
And so, with that done, it's back to being network proud 😊