{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T19:36:04Z","timestamp":1776886564566,"version":"3.51.2"},"reference-count":31,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"3","license":[{"start":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T00:00:00Z","timestamp":1619481600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,7,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Mobile device manufacturers and operating system developers increasingly deploy MAC address randomization to protect user privacy and prevent adversaries from tracking persistent hardware identifiers. Early MAC address randomization implementations suffered from logic bugs and information leakages that defeated the privacy benefits realized by using temporary, random addresses, allowing devices and users to be tracked in the wild. Recent work either assumes these implementation flaws continue to exist in modern MAC address randomization implementations, or considers only dated software or small numbers of devices.<\/jats:p>\n               <jats:p>In this work, we revisit MAC address randomization by performing a cross-sectional study of 160 models of mobile phones, including modern devices released subsequent to previous studies. We tested each of these phones in a lab setting to determine whether it uses randomization, under what conditions it randomizes its MAC address, and whether it mitigates known tracking vulnerabilities.<\/jats:p>\n               <jats:p>Our results show that, although very new phones with updated operating systems generally provide a high degree of privacy to their users, there are still many phones in wide use today that do not effectively prevent tracking.<\/jats:p>","DOI":"10.2478\/popets-2021-0042","type":"journal-article","created":{"date-parts":[[2021,4,29]],"date-time":"2021-04-29T02:07:19Z","timestamp":1619662039000},"page":"164-181","source":"Crossref","is-referenced-by-count":52,"title":["Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds"],"prefix":"10.56553","volume":"2021","author":[{"given":"Ellis","family":"Fenske","sequence":"first","affiliation":[{"name":"USNA"}]},{"given":"Dane","family":"Brown","sequence":"additional","affiliation":[{"name":"USNA"}]},{"given":"Jeremy","family":"Martin","sequence":"additional","affiliation":[{"name":"MITRE"}]},{"given":"Travis","family":"Mayberry","sequence":"additional","affiliation":[{"name":"USNA"}]},{"given":"Peter","family":"Ryan","sequence":"additional","affiliation":[{"name":"MITRE"}]},{"given":"Erik","family":"Rye","sequence":"additional","affiliation":[{"name":"CMAND"}]}],"member":"35752","published-online":{"date-parts":[[2021,4,27]]},"reference":[{"key":"2022042203263498132_j_popets-2021-0042_ref_001_w2aab3b7c18b1b6b1ab1ab1Aa","unstructured":"[1] Wi-fi preferred network offload scanning, . https:\/\/source.android.com\/devices\/tech\/connect\/wifi-scan."},{"key":"2022042203263498132_j_popets-2021-0042_ref_002_w2aab3b7c18b1b6b1ab1ab2Aa","unstructured":"[2] Android wi-fi network selection, . https:\/\/source.android.com\/devices\/tech\/connect\/wifi-network-selection."},{"key":"2022042203263498132_j_popets-2021-0042_ref_003_w2aab3b7c18b1b6b1ab1ab3Aa","unstructured":"[3] 802.11aq-2018 - ieee standard for information technology\u2013 telecommunications and information exchange between systems local and metropolitan area networks\u2013specific requirements part 11: Wireless lan medium access control and physical layer specifications amendment 5: Preassociation discovery. https:\/\/standards.ieee.org\/standard\/802_11aq-2018.html."},{"key":"2022042203263498132_j_popets-2021-0042_ref_004_w2aab3b7c18b1b6b1ab1ab4Aa","unstructured":"[4] Wifi certified passpoint\u00ae continues worldwide momentum. https:\/\/www.wi-fi.org\/beacon\/the-beacon\/wi-fi-certified-passpoint-continues-worldwide-momentum."},{"key":"2022042203263498132_j_popets-2021-0042_ref_005_w2aab3b7c18b1b6b1ab1ab5Aa","unstructured":"[5] Changes to device identifiers in android o, Apr 2017. https:\/\/android-developers.googleblog.com\/2017\/04\/changes-to-device-identifiers-in.html."},{"key":"2022042203263498132_j_popets-2021-0042_ref_006_w2aab3b7c18b1b6b1ab1ab6Aa","unstructured":"[6] Fingerbank, 2020. https:\/\/fingerbank.org\/."},{"key":"2022042203263498132_j_popets-2021-0042_ref_007_w2aab3b7c18b1b6b1ab1ab7Aa","doi-asserted-by":"crossref","unstructured":"[7] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz. Extensible Authentication Protocol (EAP). RFC 3748 (Standards Track), 2004. http:\/\/www.ietf.org\/rfc\/rfc3748.txt.10.17487\/rfc3748","DOI":"10.17487\/rfc3748"},{"key":"2022042203263498132_j_popets-2021-0042_ref_008_w2aab3b7c18b1b6b1ab1ab8Aa","unstructured":"[8] Wi-Fi Alliance. Wi-Fi Simple Configuration Protocol and Usability Best Practices for the Wi-Fi Protected Setup\u2122 Program, 2020. https:\/\/www.wi-fi.org\/download.php?file=\/sites\/default\/files\/private\/wsc_best_practices_v2_0_1.pdf."},{"key":"2022042203263498132_j_popets-2021-0042_ref_009_w2aab3b7c18b1b6b1ab1ab9Aa","unstructured":"[9] Amelia Andersdotter. Ongoing developments in ieee 802.11 wlan standardization. 12th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2019), 2019."},{"key":"2022042203263498132_j_popets-2021-0042_ref_010_w2aab3b7c18b1b6b1ab1ac10Aa","unstructured":"[10] Apple. Use private Wi-Fi addresses in iOS 14, iPadOS 14, and watchOS 7, 2020. https:\/\/support.apple.com\/en-us\/HT211227."},{"key":"2022042203263498132_j_popets-2021-0042_ref_011_w2aab3b7c18b1b6b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Yan Shoshitaishvili, Adam Doup\u00e9, and Gail-Joon Ahn. Wi not calling: Practical privacy and availability attacks in wi-fi calling. In Proceedings of the 34th Annual Computer Security Applications Conference, pages 278\u2013288, 2018.10.1145\/3274694.3274753","DOI":"10.1145\/3274694.3274753"},{"key":"2022042203263498132_j_popets-2021-0042_ref_012_w2aab3b7c18b1b6b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] Guillaume Celosia and Mathieu Cunche. Discontinued privacy: Personal data leaks in apple bluetooth-low-energy continuity protocols. Proceedings on Privacy Enhancing Technologies, 2020 (1):26\u201346, 2020.","DOI":"10.2478\/popets-2020-0003"},{"key":"2022042203263498132_j_popets-2021-0042_ref_013_w2aab3b7c18b1b6b1ab1ac13Aa","unstructured":"[13] eduroam. eduroam, 2020. https:\/\/eduroam.org."},{"key":"2022042203263498132_j_popets-2021-0042_ref_014_w2aab3b7c18b1b6b1ab1ac14Aa","unstructured":"[14] Gabriel Ryan (s0lst1c3). EAPhammer, 2020. https:\/\/github.com\/s0lst1c3\/eaphammer."},{"key":"2022042203263498132_j_popets-2021-0042_ref_015_w2aab3b7c18b1b6b1ab1ac15Aa","unstructured":"[15] Denton Gentry and Avery Pennarun. Passive taxonomy of wifi clients using mlme frame contents. arXiv preprint arXiv:1608.01725, 2016."},{"key":"2022042203263498132_j_popets-2021-0042_ref_016_w2aab3b7c18b1b6b1ab1ac16Aa","unstructured":"[16] Christian Huitema. Experience with mac address randomization in windows 10. In 93th Internet Engineering Task Force Meeting (IETF), 2015."},{"key":"2022042203263498132_j_popets-2021-0042_ref_017_w2aab3b7c18b1b6b1ab1ac17Aa","unstructured":"[17] IEEE. Ieee standards for local and metropolitan area networks: overview and architecture. IEEE Std 802\u20132001, pages 802\u20131990, 2001."},{"key":"2022042203263498132_j_popets-2021-0042_ref_018_w2aab3b7c18b1b6b1ab1ac18Aa","unstructured":"[18] Ois\u00edn Kyne. Mac address de-anonymisation. arXiv, pages arXiv\u20131805, 2018."},{"key":"2022042203263498132_j_popets-2021-0042_ref_019_w2aab3b7c18b1b6b1ab1ac19Aa","unstructured":"[19] Malthankar, Rohan C., Sawant, Paresh B., Fernandes, Sitnikov, Sergey, Mathias, Arun G., Novak, and et al. Protection of the ue identity during 802.1x carrier hotspot and wi-fi calling authentication - apple inc., May 2018. http:\/\/www.freepatentsonline.com\/y2018\/0124597.html."},{"key":"2022042203263498132_j_popets-2021-0042_ref_020_w2aab3b7c18b1b6b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] Jeremy Martin, Erik Rye, and Robert Beverly. Decomposition of mac address structure for granular device inference. In Proceedings of the 32nd Annual Conference on Computer Security Applications, pages 78\u201388. ACM, 2016.10.1145\/2991079.2991098","DOI":"10.1145\/2991079.2991098"},{"key":"2022042203263498132_j_popets-2021-0042_ref_021_w2aab3b7c18b1b6b1ab1ac21Aa","doi-asserted-by":"crossref","unstructured":"[21] Jeremy Martin, Travis Mayberry, Collin Donahue, Lucas Foppe, Lamont Brown, Chadwick Riggins, Erik C Rye, and Dane Brown. A study of mac address randomization in mobile devices and when it fails. Proceedings on Privacy Enhancing Technologies, 2017(4):365\u2013383, 2017.10.1515\/popets-2017-0054","DOI":"10.1515\/popets-2017-0054"},{"key":"2022042203263498132_j_popets-2021-0042_ref_022_w2aab3b7c18b1b6b1ab1ac22Aa","unstructured":"[22] C\u00e9lestin Matte and Mathieu Cunche. Panoptiphone: How unique is your wi-fi device? In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pages 209\u2013211, 2016."},{"key":"2022042203263498132_j_popets-2021-0042_ref_023_w2aab3b7c18b1b6b1ab1ac23Aa","unstructured":"[23] C\u00e9lestin Matte and Mathieu Cunche. Spread of mac address randomization studied using locally administered mac addresses use historic. 2018."},{"key":"2022042203263498132_j_popets-2021-0042_ref_024_w2aab3b7c18b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] C\u00e9lestin Matte, Mathieu Cunche, Franck Rousseau, and Mathy Vanhoef. Defeating mac address randomization through timing attacks. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pages 15\u201320, 2016.10.1145\/2939918.2939930","DOI":"10.1145\/2939918.2939930"},{"key":"2022042203263498132_j_popets-2021-0042_ref_025_w2aab3b7c18b1b6b1ab1ac25Aa","unstructured":"[25] Scientia Mobile. Mobile overview report, 2020. https:\/\/www.scientiamobile.com\/movr-mobile-overview-report\/."},{"key":"2022042203263498132_j_popets-2021-0042_ref_026_w2aab3b7c18b1b6b1ab1ac26Aa","unstructured":"[26] Wi-Fi Now. Is Apple backpedaling on their new \u2018Private Wi-Fi\u2019 feature?, 2020. https:\/\/wifinowglobal.com\/news-and-blog\/is-apple-backpedaling-on-their-new-private-wi-fi-feature\/."},{"key":"2022042203263498132_j_popets-2021-0042_ref_027_w2aab3b7c18b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] Piers O\u2019hanlon, Ravishankar Borgaonkar, and Lucca Hirschi. Mobile subscriber wifi privacy. In 2017 IEEE Security and Privacy Workshops (SPW), 2017.10.1109\/SPW.2017.14","DOI":"10.1109\/SPW.2017.14"},{"key":"2022042203263498132_j_popets-2021-0042_ref_028_w2aab3b7c18b1b6b1ab1ac28Aa","doi-asserted-by":"crossref","unstructured":"[28] Jiaxing Shen, Jiannong Cao, and Xuefeng Liu. Bag: Behavior-aware group detection in crowded urban spaces using wifi probes. IEEE Transactions on Mobile Computing, 2020.10.1145\/3308558.3313590","DOI":"10.1145\/3308558.3313590"},{"key":"2022042203263498132_j_popets-2021-0042_ref_029_w2aab3b7c18b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] Mathy Vanhoef, C\u00e9lestin Matte, Mathieu Cunche, Leonardo S Cardoso, and Frank Piessens. Why mac address randomization is not enough: An analysis of wi-fi network discovery mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pages 413\u2013424. ACM, 2016.10.1145\/2897845.2897883","DOI":"10.1145\/2897845.2897883"},{"key":"2022042203263498132_j_popets-2021-0042_ref_030_w2aab3b7c18b1b6b1ab1ac30Aa","unstructured":"[30] Wi-Fi Alliance. Hotspot 2.0 Specification Version 3.1, 2019."},{"key":"2022042203263498132_j_popets-2021-0042_ref_031_w2aab3b7c18b1b6b1ab1ac31Aa","unstructured":"[31] Fang-Jing Wu, Yunfeng Huang, Lucas Doring, Stephanie Althoff, Kai Bitterschulte, Keng Yip Chai, Lidong Mao, Damian Grabarczyk, and Ernoe Kovacs. Passengerflows: A correlation-based passenger estimator in automated public transport. IEEE Transactions on Network Science and Engineering, 2020."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2021-0042","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:31:32Z","timestamp":1658334692000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2021\/popets-2021-0042.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,27]]},"references-count":31,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2021,4,27]]},"published-print":{"date-parts":[[2021,7,1]]}},"alternative-id":["10.2478\/popets-2021-0042"],"URL":"https:\/\/doi.org\/10.2478\/popets-2021-0042","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,27]]}}}