Thanks to Misuse, Apps Can’t View MAC Addresses on iOS 11

2 minute read
| Product News

One change in iOS 11 will frustrate many network administrators. For that matter, anybody who uses their iOS device to manage or secure a network, home or otherwise, is impacted. Thanks to the unscrupulous misuse by some developers, apps can’t view MAC addresses on iOS 11 any longer.

view MAC addresses on iOS 11

An important piece of network administration is now missing from Fing — the MAC address — because of changes in iOS 11

What’s the Deal With Being Able to View MAC Addresses on iOS 11?

A MAC address, or a media access control address, is a unique identifier for a network interface. This applies to Ethernet, Wi-Fi, and Bluetooth network devices. In previous versions of iOS, apps had access to MAC addresses by way of the address resolution protocol (ARP) tables stored within the device. This is what maps an IP address to your specific device’s network connection.

Thanks to developers misusing that information, apps can’t use the ARP table to view MAC addresses on iOS 11 anymore. A MAC address is unique to one particular device, and certain apps were using that information to track users. I won’t say whom, but I think we can all guess.

What Does This Mean for Legitimate Network Scanners?

In a word, iOS 11 hobbles those apps. Legitimate network scanners can no longer read MAC addresses, which means all administrators can go by now are IP addresses. Since devices frequently change IP addresses, this takes away an enormous layer of usefulness for most network scanning apps, including Fing, Network Analyzer, and others.

This restriction also means you’ll eventually stop seeing manufacturer information in network scanning apps. If you’ve used a network scanning utility before iOS 11, manufacturer data may still appear. Once the device’s IP address changes, though, it will go away. Apps derive the manufacturer of a network interface from the first three bytes of a MAC address. It also means apps will no longer be able to assign custom names to discovered devices, because there is no longer a unique identifier for those network cards. IP addresses can (and often do) change.

Does It Have to be This Way?

In a nutshell, no, it doesn’t. The developers behind Network Analyzer recommended a method that Apple could use to allow certain apps access to MAC information while restricting it from others.

I believe there is a technical solution to this problem – there could be a new permission like “Network Utility” (either exposed to users or hidden from users and only checked during app review) which would allow network utility apps to access the potentially sensitive network-related information. Apps which don’t show MAC addresses directly to users wouldn’t be allowed to get this permission.

The developer has filed a bug with Apple suggesting this solution, but it’s up to Cupertino to decide whether or not to implement it.

If this restriction affects your business, or even your home network, you can contact Apple as well and explain why being able to reference MAC addresses is important to you. Cupertino tries to protect its customers’ privacy. However, the company does listen to those customers.

2 Comments Add a comment

  1. furbies

    I do hope the developers behind Network Analyzer can convince Apple to allow MAC address access.

    I use “network app tools” from time to time on my iDevices to scan networks to try and see what’s visible, and if the scanning app(s) cant at least identify device types by their first 3 characters of their MAC ID then it’s going to make finding/identifying misbehaving network devices so much harder 🙁

    • iamthearm

      Also, for the IT professionals out there, who does Apple think is suggesting to end-users that they should get an iPhone? Maybe its a good idea to keep them happy lol. Time to fill out a bug report.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account