The Need for MAC Address Randomization

MAC addresses are designed to uniquely identify computing devices like smartphones within a physically connected network in a confined geographical area. MAC addresses can also be used to track the movements of devices, revealing the location and time of the individual possessing the device (without their knowledge or consent) to all Wi-Fi access points in the vicinity.

Location data is a goldmine for targeted advertising, and its implications have been of significant legal discussions worldwide. Various privacy regulations and laws like GDPR and CCPA are now in place to help protect consumers; thus, smartphone manufacturers are introducing risk mitigation strategies such as MAC randomization to increase the cost and complexity of identifying device users. As an unfortunate side effect, this also impacts the real-world operation of public access Wi-Fi networks such as airports, hotels and apartment buildings.

Seamless User Experience and Data Privacy

In public Wi-Fi networks such as hotels and airports, MAC addresses are used to identify unique users and to provide a seamless experience. This is especially useful in large areas with multiple access points where devices hop from one Wi-Fi access point to another or leave the premises and return later. If the MAC address of their device is changed during this service, the device does not reconnect to Wi-Fi automatically, and the user is redirected to a captive portal to enter their credentials again for Wi-Fi access.

In residential Wi-Fi networks, however, MAC address-based onboarding is not commonly used. Instead, WPA2/3 passphrases are used by devices to identify themselves to the Wi-Fi access points, and to establish a secure, encrypted connection to the Wi-Fi access points. While residential Wi-Fi systems are secure, they require that all devices on the network belong to a single user, making WPA2/3 infeasible for public Wi-Fi.

Change is in the Air

Recent advancements in Wi-Fi onboarding technologies from leading manufacturers like Ruckus (DPSKtechnology), Cisco (iPSKtechnology) and others now make it possible to deploy millions of WPA2/3 Wi-Fi keys (one for each user) on a single SSID.

With WPA2 keys for uniquely identifying the Wi-Fi users in large and public Wi-Fi networks, subscriber management platforms need not rely on MAC addresses to identify the service level for a user. Furthermore, technologies like RoamingiQ VAULT simplify the distribution of WPA2 keys for businesses with hundreds and thousands of locations globally. VAULT provides an encrypted key store to onboard Wi-Fi devices for billions of users securely and without user intervention. Each user can optionally be assigned personal policies such as a virtual network (VLAN) or personal area network (PAN) for added security and service quality management.

Network operators benefit from lower operating costs and simplified device onboarding experiences. An impactful gain compared to pre-installing certificates for Hotspot 2.0 MVNO deployments or the daunting task of self-installing certificates for BYOD and transient public Wi-Fi access. Technologies like VAULT are designed to be integrated with current Wi-Fi subscriber management platforms in use, thereby reducing the need for a complete overhaul of the Wi-Fi technology stack.

Using VAULT, network operators deliver a better subscriber satisfaction experience. Users manage their personal Wi-Fi keys for better-perceived security and control via smartphone apps and service management web portals (i.e. loyalty/membership apps common in the hospitality and travel industry).

Ubiquitous Wi-Fi Authentication Built from Ground Up

The ubiquitous WPA2Wi-Fi onboarding method supports both LTE-first smartphone devices and headless devices such as Apple TV, Google Chromecast, Samsung refrigerators, etc.

At RoamingiQ, we engineer our products from the ground up with security and data privacy hygiene a top priority. We work ubiquitously with handheld devices and residential-grade smartphone devices.

  • New Revenue Opportunities
  • Designed for Global Operations
  • Compliance with GDPR and CCPA
  • Branding and Performance
  • Secure Infrastructure