As far as I know some android phones today can act as BLE beacon (this feature is usually disabled in most devices ) . When an android device is acting as a beacon and is discoverable , is it's MAC address randomised ? Can we in any way not show the actual MAC id when the device is discoverable ?
Asked
Active
Viewed 5,113 times
2 Answers
1
Most newer Android devices with 5.0+ have support for Bluetooth LE peripheral mode, meaning they can transmit as beacons. The feature is present in Android 5.0+, but some manufacturers have chosen to disable support on certain models, especially older models. You can see a list of devices known to support and not support this feature here: http://altbeacon.github.io/android-beacon-library/beacon-transmitter-devices.html
When the feature is enabled, the MAC address is not randomized during transmission, and the transmission includes the device's actual bluetooth MAC address, allowing receiving devices to read this MAC address.
EDIT: Subsequent testing has proven to me that the above statement is incorrect. The MAC address is randomized each time the transmitter is restarted. You can see a proof of this here.
There is no mechanism in Android to change this.
When scanning on Android, the actual MAC address from the transmission is returned. To prove this, I started an iOS beacon transmitter using the Locate app on an iPod Touch 5th Generation with iOS 8.3, and simultaneously scanned for the device on both a Linux device as well as a Nexus 5X with Android 6.0:
Android Locate Beacon App on Nexus 5X with Android 6.0: MAC address: 60:35:48:79:D8:08
Linux Bluez sudo hcitool lescan:
MAC address: 60:35:4B:79:D8:0B
As you can see, both devices read the same MAC address, proving that it is not spoofed on scan in either Android or Linux.
Two more notes:
The Bluetooth MAC address reported by the iPod Touch with iOS 8.3 in Settings -> General -> Bluetooth reports 2C:FF:EE:xx:xx:xx (last three octets blanked out) differs from the address transmitted. This suggests that iOS randomizes the MAC address when transmitting.
The Bluetooth MAC address detected by Linux and Android does not change when you stop and restart advertising on the iOS device, suggesting iOS retains the same randomized address across restarts. After rebooting the iOS device and restarting transmission, both Linux and Android detected a different MAC address: 46:59:C9:CB:0C:D5. This suggests that the randomized transmitted MAC is changes across restarts on iOS.
Community
- 1
- 1
davidgyoung
- 63,876
- 14
- 121
- 204
-
Thanks for clarifying.. I have read in some articles that since marshmallow when Android does a background Wi-Fi and Bluetooth scan, (for finding open networks or Eddystone Bluetooth beacons) the scan spoofs the MAC address and identifies as a randomized value . So it randomizes mac address while scanning but does not when it is discoverable ? One more question - I was reading about Bluetooth LE Privacy feature (https://blog.bluetooth.com/bluetooth-technology-protecting-your-privacy) which says that randomizing mac addresses is done in hardware itself , so is this only enabled in peripheral? – clearb Jan 18 '17 at 19:18
-
Bluetooth chipset support for MAC randomization is a common hardware feature, but to my knowledge there is no way to enable this on Android because there are no API bindings. And yes, as of Android 6.0, BLE APIs will return a spoofed MAC address for detected packets (internally Android maps the spoofed address to the real address). This is purely a mapping on receipt. CoreBluetooth APIs on iOS do something similar. Android 5.x will not do this, allowing you to read the actual MAC. The same is true for Windows and Linux APIs that return the actual MAC during device scanning. – davidgyoung Jan 18 '17 at 19:56
-
Could you please elaborate or provide a link explaining - 'And yes, as of Android 6.0, BLE APIs will return a spoofed MAC address for detected packets (internally Android maps the spoofed address to the real address)'.... So the spoofing happens only while bluetooth is scanning not while advertising ? Is it the same with IOS ? http://stackoverflow.com/questions/28602672/android-5-static-bluetooth-mac-address-for-ble-advertising this questions seems to point to the opposite..Sorry if my questions are naive – clearb Jan 20 '17 at 08:49
-
I have updated my answer with corrections that confirms that both Android and iOS randomize on transmission and Android does not spoof on detection. – davidgyoung Feb 09 '17 at 15:43
-
@davidgyoung : I need more detail regarding this. Can you please share your knowledge in this question : https://stackoverflow.com/questions/60504133/randomize-mac-address-in-ble – Shweta Chauhan Mar 03 '20 at 09:36
0
Android Locate Beacon App on Nexus 5X with Android 6.0: MAC address: 60:35:48:79:D8:08
Linux Bluez sudo hcitool lescan: MAC address: 60:35:4B:79:D8:0B
As you can see, both devices read the same MAC address, proving that it is not spoofed on scan in either Android or Linux.
Do you not see the difference?
lolz
- 1
-
As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Apr 24 '22 at 01:55