Introduction
The Apple and Google companies have developed new functionalities that provoke changes in the way devices access Wifi networks, specifically with the launch of new versions of Android 10 and iOS 14 Operating Systems. With this new implementation, by default, when devices connect to a new Wifi network and automatically, a random MAC is generated that is not the real one on the device, being the one visible on the network. With more detail:
On Android 10, the option "Use random MAC address" is enabled by default, although there is a possibility to set "Use device MAC address". On this operating system a different random MAC will be used per network and will not change by default. More information can be found at: https://source.android.com/devices/tech/connect/wifi-mac-randomization
On Apple iOS 14, iPadOS 14 and watchOS 7, it also has the "Private address" option active by default and is configurable. These operating systems use a random MAC per network, but also rotate every 24 hours for each network (as long as you are not active on the network). More info: https://support.apple.com/en-us/HT211227
Other operating systems such as Windows 10 and MacOS have the option, but it is not enabled by default:
Operating System | MAC Randomization Support | Enable by default | Enable by SSID | Daily MAC Randomization |
|---|---|---|---|---|
Windows 10 | Yes | Yes | Yes | Optional |
iOS 14 / iPadOS / WatchOS 7 | Yes | Yes | Yes | No |
Android 10+ | Yes | Yes | Yes | Optional (Android 11) |
macOS | No (from 9/20) | No | No | No |
This has important implications for Wifi networks both legally and technically and is what will be discussed in the paper.
Data Conservation Law Compliance
In the Octopus Wifi Platform there is a possibility to configure multiple access methods in the captive portal to validate the wifi service. For each of these methods, at least one unique user-id is defined to identify the traceability of user connections and this way comply with the regulations "Law 25/2007 of 18 October on the conservation of data relating to electronic communications and public communications networks".
Below is a table with the different access methods and associated identifier.
Access Methods | ID |
|---|---|
User Registration | |
ID Social Network | |
ID Social Network | |
Google+ | ID Social Network |
ID Social Network | |
ID Social Network | |
Voucher | ID Emisión Ticket |
PMS | Nº of the room |
SMS | Telephone number |
Click-through | Device MAC |
Payment | |
User external Account | User Account |
Special Integrations (APPs) | Database ID |
Due to the new versions of operating systems launched by Google and Apple with the objective of protecting the privacy of users, access through Accept Terms or Click-through is clearly affected, since in case the user has configured on his device the random MAC in access to the Wifi network, the connections would be without reliable and real identification.
MAC Authentication
This random MAC configuration measure adopted in new operating system versions also affects MAC Authentication validation on Radius servers, on which the MAC Caching functionality offered by Octopus Wifi is based.
On a technical level, there is not much of a problem with Android 10 devices, since the random MAC does not change within the same network or SSID, and the connection would be functionally cached so that users are automatically validated without going through the captive portal. However, in iOS 14 it would rotate this random MAC daily, then functionally the connection would only be cached for days.
Recommendations to be implemented
Blue Octopus recommends adopting a series of measures in the configuration of access in the captive portals for Wifi Guest access:
Avoid the use of the "Accept Conditions" or "Click-through" validation method, since on the affected devices, the connections will not have a reliable user identification and consequently it is proposed to use other self-service access methods that leave some other type of user information, such as access via form (with or without pre-registration), social networks, vouchers/tickets, etc.
As far as possible, avoid the use of the same ticket for massive groups without identifying users individually. Also promote the use of sponsored access, user accounts, etc.
The accesses configured with Mac Caching, especially in corporate or very recurrent connections, inform users with iOS 14 to disable the random MAC functionality in the network of interest, otherwise the network access credentials must be entered daily.
This October 26, 2020, Blue Octopus publish the update to version 1.20 of the Octopus Wifi platform. The update window will be between 08:00 and 10:00 and in principle does not affect the service.
NEW FEAUTURES
Mail and SMS campaigns. New activation "survey qualification": New activation criteria for Mail and SMS campaigns. They can be activated according to a range in the rating of the survey received. This functionality, for example, can enhance positive opinions on public opinion platforms.
Alarms in case of surveys with negative rating: Within the edition of surveys, notifications are activated, so in case of a total score lower than the configured value, send a notification via email. The objective is to be able to avoid loss of customers and negative opinions on public platforms where opinions are reflected.
Huawei Cloud Campus Integration: New integration with the Cloud Campus solution of the manufacturer Huawei, which covers all the functionalities of the platform.
Octo.blue URL Shortener: New URL shortener service for platform services, so as not to depend on external ones. Applies to surveys, digital content, etc.
PMS Queries - Full Visibility: In PMS queries all "checkin-checkout" data produced in hotels now appears and not just those logged in to the platform.
Date creation in user interface element listings: The creation date (with the possibility of filtering) is added to all platform element lists.
Set owner configuration for users with WifiArea permissions: The selection of owners in different elements of the platform disappears if only one selection is possible for the comfort of users.
Digital Content - Maximum PDF file size: It is more clearly indicated when a file size is uploaded above the maximum allowed
Digital Content - WIFI type in some manufacturers: In addition to selecting the WLAN, the associated SSID is pre-configured, but it is now possible to change it, as in some manufacturers the tag on the WLAN does not have to match.
Obligation to select role when creating users: The creation of users is blocked if a role has not been selected, since the one assigned by default did not make sense in some cases.
Select Role with permissions "All wifiareas of the tenant": When creating users, selecting a role with the option "All wifiareas of the tenant" activated, the selection of wifiarea and wifiareas groups does not make sense. Therefore this selection is removed for simplicity.
MAC Caching filtering improvements: New filter options are incorporated.
Improved WifiArea listing and filtering > Portals: A delete icon has been added to the individual listing options and new filter options.
Improvements in filtering and exporting Registered Users: New filters are incorporated in registered users and new fields are added in the export.
Improvements in filtering and exporting Global Users: New filters are incorporated in global users and new fields are added in the export.
Top Users > Default Filter: Change default filter in TOP Users to USE / Recurrent, as it makes more sense if you only have one WifiArea.
Rename "Wifiareas" to "List of WifiAreas": Rename for more clarity of submenu content.
Create another selector for dates in the "Birthday" filter: Possibility of selecting the year in the date selectors.
Traffic Limit and Quota - Order DOWN/UP: Change order in speed limits and traffic quotas and symbol in column for clarity.
BUGS
Surveys - Negative rating always displayed: When editing a survey, it is resolved that it will not be displayed even if there is no configuration
Wifi Sponsor - Session time with maccaching: It was resolved that by saving session time greater than maccaching, it was not correctly saved in the database.
WLAN > legal documents configuration: When changing the legal documents configuration and accessing another submenu of the WifiArea edition, the configuration is not saved. This is corrected.
WLAN preview with PMS access only: If only login via PMS is selected in the WLAN preview, it is not displayed. Corrected.
PMS login translations: The default translations of the login method are changed through integration with PMS.
SMS campaign, include survey: It is corrected that the box to include survey is not always checked when having one selected.
Survey reports - Date range: No customised date range applied. This has been solved.
Messages without domains WifiAreas and WLAN groups: Messages where it is not possible to create WifiAreas or WLAN groups are clarified, as there are no domains
Survey Filter > number of deliveries: Corrects filter for number of deliveries in surveys.
Template Mail > Owner filter and associated campaigns: Corrects owner filter and range of associated campaigns.
Error when trying to clone a Template mail, Survey or Digital Content: With the latest updates with some combination, errors were produced in the cloning, they are corrected.
Error when cloning Porta, SMS and Mail campaigns: With the last updates with some combination, errors were produced in the cloning and they are corrected.
Translation "Thermal printer": The text was not translated into English.
Text "Guest category" in PMS query filter: Corrects mistranslation.
Roles created by admin partners "All WifiAreas of the tenant": Not displayed correctly and is corrected.
Roles and users Tenant permissions: Not displayed correctly and corrected.
Digital Content Listing > Print update: The updating of prints in reports is corrected.
Digital Content - PDF files in different languages: Corrects that when you edit the digital content in some language, it is deleted in the other languages (except for default).
This September 01, 2020, Blue Octopus publish the update to version 1.18 of the Octopus Wifi platform. The update window will be between 13:00 and 13:30 and in principle does not affect the service.
NEW FEAUTURES
Digital content management: New functionality in AdinWifi module that allows to manage different contents, to which a personalized QR code can be created and downloaded for printing. These contents would be: PDF files, gallery images, external URLs, Surveys and Wifi connections.
Digital content reports: With reference to the previous point, it will be possible to view a report on the number of prints that these contents receive.
Extra fields form in ticket validation, in each portal login: Third way to obtain extra fields from users in validation by the ticket access method: "Captive portal. User on every login". This would be through the captive portal and each time a login is made through the portal.
Priority management of portal campaigns in AdinWifi: Previously, if two portal campaigns coincide on the same WLAN, the one with the highest priority appeared. With this new functionality, the priority is used to define the percentage of possibility of appearance of the campaign.
Possibility of ordering access methods in WLAN: In the WLAN section it is now possible to sort the order in which we want the access methods in the captive portal to appear in the graphical interface. You simply need to drag the method to the desired position.
Configuration and translations of links legal terms: Possibility of editing the text in each language of the links to the legal documents that appear in the portal, as well as changes in the interface for a more intuitive configuration.
Differentiate between user registration and payment: Both in registered users, statistics and segmentation of campaigns in AdinWifi, appeared together the method of access ticket / payment. With this new development they become independent.
Access method "Accept Conditions", shared session option. In this access method, possibility to configure shared session if mac-caching functionality is not used.
BUGS
Radius Tracker- Extensive values in Attributes: When displaying the information of the Radius Authentication packages, in the case of very extensive attributes, carriage return is performed so that the information is not misplaced.
Global Users > Default item selected. When clicked on global users, it loads the last domain associated with the user and not the WifiArea as before.
Bug when showing a Template Mail: The images and logos were saved in a different route than the sample and therefore some images did not come out. It is corrected so that it does not happen again.
Order in survey question: Sometimes they were not displayed in the order configured in the interface. This is corrected.
Downloading registered user files: When a user has the % character in the name, it did not allow the file to be downloaded. This is corrected.