Android 10 - Random MAC addresses seen by router

System
System Administrator Posts: 81
10 Comments Photogenic
admin
This discussion was created from comments split from: Android 10 & Fing App - Will Fing App work on Android 10?.

Comments

  • CreigS
    CreigS Member Posts: 1
    First Comment

    I am less concerned about the Fing app discovering the Mac addresses of other devices than about my router's ability to recognize my Android device via Mac address. My router rejects unknown Mac addresses, and at the same time assigns a fixed IP address per Mac address. A randomized Mac means the router won't allow access, and even if it does, it will assign a random IP address from the small range of IP addresses reserved for that.

    I don't want to configure Android for a fixed IP address since it would only work on the home network.

    You seem to imply that randomized Mac addresses can be overridden. I can see the advantage of randomization on public networks. But it would cause problems at home or private nets. Is there more info on how this is configured?

    As for access to the ARP, usually Android has a way to grant access via app permissions. Taking this completely away without ability to grant permission is likely to break similar apps as well. Is there a way to ask Google to back off on this? If they won't, I will hesitate to allow the upgrade (although lately Google hasn't allowed a choice over upgrades, even if you know it will break something) or to purchase an Android 10 device.

    VioletChepil
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Hi @CreigS,
    As far as I'm aware, your router would only be getting random MAC addresses from iOS devices running iOS 11 and Android devices running Android 10+. This is what I believe to be the case. Perhaps others like @pooh @kltaylor @marc can chime in and help me on this one especially in regards to the router's behavior. 

    We tried previously to petition Apple about this, without success. 
    A number of network tools and apps will definitely be impacted by this release too. 

    Let me know any other details I can provide to help on this.

    Community Manager at Fing

  • Pooh
    Pooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    @VioletChepil & @CreigS  I can't speak for Android, but AFAIK on iOS MAC Address randomization only affects Probes - in other words, once you are joined to an Access Point then your real MAC address is supplied.

    In practise I have to believe this is true because I've had that MAC address reserved on my Eeeo for quite some time and I've not had any issues with it changing.

    @kltaylor - you've got an Android - have you upgraded to Android 10, yet? If so, what's your experience with this feature?
    People say nothing is impossible, but I do nothing every day.
    VioletChepilHronos
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    Even Windows has the option to use "mac randomization on public networks" and you can set a "network" to be public or private.
    I have no experience yet with Android 10, but I am pretty sure the behavior of that feature is the same as in the iOS mentioned by @Pooh.
    The randomization feature came as a security measure to prevent the ability to identify completely a device NOT in your network, because is not "your business" to know while not in your network...
    When a device is in your network, and your network has a level of "security awareness", that device has the "obligation" to fully identify itself.  So the randomization must stop (or maybe you can choose not to, like in windows, and work with the issues it could bring to you, the device owner/user;  because of the "security level" the network has.  One device can't define the security of a network xD)
    Keep looking up!
    VioletChepil
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Thanks @Hronos and @Pooh for your helpful answers! 

    Community Manager at Fing

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Hi @CreigS
    We've got a new beta test for Android 10 up here.
    Would love you to give it a go too!
    https://community.fing.com/discussion/1636/beta-test-fing-app-for-android-10-with-mac-addresses

    Community Manager at Fing

  • R_1200_R
    R_1200_R Member, Beta Tester Posts: 4
    Photogenic Name Dropper First Comment
    At least Wahoo devices do MAC randomization as well. I had a discussion with Wahoo support. Here's a quote from that discussion: "We do not recommend using the ELEMNT computers on MAC-address filtered networks because they use MAC address randomization, so this address will change each time the ELEMNT is connected to WiFI. This is in line with the IEEE’s current guidance for security on WiFi connected devices. For more information on MAC address randomization please see the link below.
    https://www.csoonline.com/article/2945044/cyber-attacks-espionage/ieee-groups-recommends-random-mac-addresses-for-wi-fi-security.html
    I don't believe that there are any plans to address this in future firmware updates."
    So I guess a lot of other manufacturers will follow the false path of MAC address randomization without options to disable that "feature". How do we deal with that situation? How can we secure our networks? Setting up temporary un-white-listed WLANs?
    Any thoughts are highly appreciated.
    cu,
      R_1200_R 
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    I don't believe Mayor hardware companies (like Cisco, Google, or any other big company making NICs) will follow this path, because of the security implications.
    But, the only thing to do, that I can think now, with one of this devices is to punish it to a "DMZ" or "Guest" network, password protected, isolated, but with minor restrictions on how to connect to it...
    Keep looking up!
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    @R_1200_R - this is very interesting. Shall we start up another discussion on this topic specifically?
    Would you like to post a new discussion on this? Then we can get more people to chime in like @hronos
    Let me know what you think!
    Cheers,
    Violet

    Community Manager at Fing

  • R_1200_R
    R_1200_R Member, Beta Tester Posts: 4
    Photogenic Name Dropper First Comment
    @VioletChepil - yes, I agree that this could be of greater interest. I will start a new discussion on the topic of random MAC address handling
    cu,
     R_1200_R
    VioletChepil