Hacker News new | ask | show | jobs
by jampa 209 days ago
In the beginning of Android / iOS, just installing an app and registering was enough for the company to get your device's MAC address and thus your indoor location with accurate precision.

They could access your Wi-Fi network's BSSID (whose location is often public due to wardriving databases), and in public places, they had partner companies (malls, airports, etc.) whose routers would triangulate your position based on Wi-Fi signal strength and share information like "John is in the food court near McDonald's."

All of this happened without you even needing to connect to their Wi-Fi, because your phone used to broadcast its MAC address if the Wi-Fi was simply on. But now your MAC is now randomized, but it took a lot of time for Google / Apple to this.
1 comments
fluoridation 208 days ago
What do you mean? The MAC address is used to identify the device within the same network segment. A program running on the device cannot derive location information just from the MAC address. It's a meaningless number. What the MAC address can do is make you visible to other devices in the same network segment. So for example, a wireless router can know you're nearby because your known MAC address has joined the network, but this is a problem regardless of what apps your phone is running.
link
sampullman 208 days ago
That's what the GP was saying, I think. Once they get the MAC address, they can find you. Not via software on the phone, from exfiltrating and using shady third parties that collect data from access points, etc.
link
fluoridation 208 days ago
Okay, but if there's collusion between the app developers and external routers then it doesn't matter if the MAC is randomized. The app can still see the current MAC address and report it, and you can still be located, if nothing else, to within the range of a wireless router. Nothing is solved by randomizing the MAC address.
link
antonvs 208 days ago
They started randomizing MAC addresses for privacy reasons, particularly for mobile devices, to prevent tracking of devices across networks.
link
fluoridation 208 days ago
I understand that. I'm saying it has nothing to do with apps on the device itself using the MAC for location.
link