Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes
18th September 2020
Well, it was inevitable… you won’t be getting any prizes for guessing what the topic of this week’s Byte is!
You may have heard that Apple had this little event this week! Or, come to think of it, you may not have heard about it at all since the days of Apple getting acres of free press coverage for their latest and greatest innovations are definitely on the wane and the lack of a new iPhones to talk about definitely puts a dent in the hype that we usually see in September.
So, let’s talk about iOS 14
The really big news for me is that iOS 14 has finally landed. It feels like I’ve been banging on about iOS14 for a while now thanks to the Beta programme, but Apple still managed to pull one massive surprise on everyone this week…
Usually, the event announces all the cool new features and then it’s made available a week or so later. As with all things Apple this was never a formal timeline, but over time everyone has got used to the pattern. This time Apple decided to push it live the next day! As with any major update to an operating system (OS), it is inevitable that some things will break and to a certain extent I do feel developers have had plenty of beta time to get ready, but all the same, there were a few stories of developers complaining and users being warned not to update.
It happens every year but holding back the tide is almost impossible (again, hello supervised devices if you want to control this). Once users get the little red dot on the settings app, you know they won’t be able to resist.
Of course, I’m running it! It works pretty well for me and widgets on the home screen is actually pretty cool – just like it has been on Android for over a decade now, but hey who’s counting!!
The biggest issues we’re starting to see are coming from enhanced privacy features in the new OS. Apple is all over privacy as we know and they’re definitely stepping things up a gear this year.
Now in the Enterprise space, I expect the biggest thing that’s going to cause headaches (if it isn’t already) is going to be the “Private Address” feature now available (and enabled by default) for all Wi-Fi networks.
A fundamental part of all networking is that each device has its own unique Identifier on the Network – the MAC address. This is a core part of how TCP/IP works. It’s a very long HEX value that has been pretty effectively managed over the years. Crucially, you could tell a lot about a device just from this value. Usually, you’d be able to see who made it and what type of device it was based on the value being in a range allocated to manufacturers.
This is also a core part of how network security is often put in place. One of the first controls you want to put in place is to ensure only trusted devices can connect and where they go on the network, and the MAC address is a very important part of this.
However, in the modern world of big data collection and privacy concerns the fact that your device shows up on every network with the same ID means it can be very effectively tracked (and it is). Private Address is simply a randomiser of the MAC address – from a privacy perspective, it’s a very effective way to reduce the digital footprint of the device.
Back in the Enterprise, this is about to break quite a bit of stuff. From the mundane to the major headache. We’re already seeing on our managed wireless networks that it’s harder to work out what type of device you’re dealing with. Our dashboards that used to show breakdowns by device type don’t recognise these new random MAC addresses and they’ve gone from iOS to UNKNOWN overnight.
More worryingly the device randomises every day. You can expect to see your DHCP ranges overloaded if you’re not careful or you run long leases…
And it gets worse – this isn’t just iOS 14 as Android 10 has a similar feature so you can expect all mobile devices to do this over time!
If your company has invested in something like Cisco’s ISE then that is basically broken by this! All kinds of network security and monitoring solutions are scrambling to see what they can do about this… it’s a major headache and only workarounds are likely for a while.
The potentially good news is that you can turn private networking off with MDM on corporate devices and ironically, you’ll do this in the name of security! Sacrificing user privacy for network security is possibly a bit of a lose/lose scenario though…
And don’t forget BYOD – all those devices are totally out of your control… if you provide network access to them then you will have a headache coming.
If you’re the Mobile Admin then expect a phone call from the Network team very soon, give us a call if you need help!