Last week, as we reported, Apple made a tiny technical change that could make it more difficult for marketers to spy on you. The company changed a setting that broadcasts an iPhone’s Media Access Control (MAC) address to any Wi-Fi network within range. Businesses use this to identify a phone and figure out how many times its owner has been in a shop and for how long, or where in the shop she is browsing. The change is that in iOS 8, the iPhone’s new operating system due out later this year, your Apple device will broadcast a random “fake” MAC address, which will make tracking somewhat more difficult, unless you actually connect it to a Wi-Fi network.
But Apple’s moves may not be all about consumer protection. The company is meanwhile also pushing retailers to adopt its iBeacon technology, which helps them provide location services and ads to smartphone users via Bluetooth. Making Wi-Fi tracking harder means companies that relied on it are more likely to concentrate their efforts on Bluetooth instead. This would suit Apple nicely, but it worries companies that make their money tracking your movements for retailers. (We have requested comment from Apple, and will update this post if we hear back.)
“Apple is a bit disingenuous when they say they say they are protecting users from being tracked,” says Geary Eppley, head of engineering at Point Inside, a firm that tracks people (see update below) to provide indoor maps and retail analytics to big-box retailers such as Lowes, a hardware store in the United States. “It would be more honest to say that they are protecting users from being tracked by anyone but Apple.”
And it’s been doing this for years:
“The first to go was Wi-Fi fingerprinting,” says Eppley, referring to a process by which apps identify the Wi-Fi network they’re on, helping them figure out where they are. Apple started disallowing such apps on its operating systems in 2010, but Apple itself knows exactly where the world’s Wi-Fi routers are, first through a deal with Skyhook, a company that drove around major cities mapping Wi-Fi signals, and later with its own data. (Google has similar knowledge, thanks to its Street View cars, which, as well as taking pictures, track Wi-Fi signals to help pinpoint map locations.)
Next, Apple removed the ability of apps to see the MAC address of the devices they’re on. That made it even harder for companies such as Point Inside to figure out where a phone is inside a shop. The latest change makes it so that retailers can only figure out where shoppers are if they connect to the shop’s Wi-Fi network, and Eppley says fewer customers are likely to connect that way as faster mobile broadband spreads in the US.
“The other two blows were bigger,” Eppley says of the latest change. “But there’s been a pattern of Apple shutting down access” to data gleaned from Wi-Fi connections, he says. Companies such as Point Inside fear that they are at the mercy of Apple as it changes its focus to Bluetooth.
Indeed, Apple already turns Bluetooth on by default when system updates are installed on the iPhone, and Bluetooth connections also broadcast the phone MAC’s address. If Apple really cared about user privacy, it would presumably obscure users’ addresses for Bluetooth receivers as well. Instead, the company seems more intent on controlling access to those location services.
Eppley argues that Apple’s behavior is anti-competitive. “Apple still gets all of that information,” he says. “They still know where you are. They’re building these incredible maps based on what they see from the phone. And their announced goal is to provide an indoor-location service. Our biggest concern is that it takes the competition out of this space.”
Update: Point Inside requested that we clarify that it provides its tracking technology to stores to use in their apps, but that this does not track shoppers unless they consent to use the app and its location services.