10

I'm doing some simple scanning + advertising testing on bluetooth LE feature for Android using this sample-code

I'm testing it using a Samsung 6 and a Nexus 9, and for some reason if I leave the app running on the Samsung and restart the app on the Nexus, the next time the Samsung devices finds the other device, it has a different address.

In code:

enter image description here

On the device:

enter image description here

The funny thing it doesn't happen the other way around. (Samsung always has the same address when discovered from the Nexus 9)

  • Is this a common behavior between devices?
  • Is there another way to identify a specific device besides it's mac address?
Omer
  • 5,470
  • 8
  • 39
  • 64
  • 2
    Quoting [the documentation](http://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-hardware-id): "When a device running Android 6.0 (API level 23) initiates a background Wi-Fi or Bluetooth scan, the operation is visible to external devices as originating from a randomized MAC address." – CommonsWare Mar 23 '16 at 14:07

1 Answers1

14

As CommonsWare mentioned, as of Android 6.0, Android has removed access to the hardware address programmatically, and made it so that the address appears to be randomly generated to scanning devices. The change log can be found here:

http://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-hardware-id

The fact that scanning devices see a random Bluetooth address rather than the actual one is a highly useful privacy feature. It was adopted by the Bluetooth specification as of BTv4.0 and is known as LE privacy:

"This feature causes the MAC address within the advertising packets to be replaced with a random value that changes at timing intervals determined by the manufacturer. Any malicious device(s), placed at intervals along your travel route, would not be able to determine that the series of different, randomly generated MAC addresses received from your device actually relates to the same physical device. It actually looks like a series of different devices, thus, it will not be possible to track you using the advertised MAC address"[1]

You can find a similar question here:-

Since marshmallow update Bluetooth discovery using BluetoothAdapter.getDefaultAdapter().startDiscovery(); is broken

[1] http://blog.bluetooth.com/bluetooth-technology-protecting-your-privacy/

Community
  • 1
  • 1
Youssif Saeed
  • 11,789
  • 4
  • 44
  • 72
  • 7
    Thanks for the detailed response. So the answer to my second question would be that there is no way to id a device twice unless the device sends me some kind of identifier? if so, it sounds weird to have to connect to a device each time I'm looking for it when targeting specific device with the same service. – Omer Mar 28 '16 at 01:57
  • 1
    Nice to know, so what's the unique identifier proposed by to change this behavior? How do i pair devices? – Thecave3 Nov 06 '18 at 11:33
  • The now happens on the iPhone. I'm debugging a BLE app I created and find my new iPhone 11 to be changing MAC address every few minutes. Not sure now how to get BLE beacons in my house to work. – Paul Allsopp Jan 26 '20 at 23:24
  • @CrazyMerlin did you reach any conclusions here? What was your solution in this case? I've now hit very similar issue with Android 9 ( mac address changing every now and then even if devices are bonded!). Wondering which development path I should explore :) – Pawel Klapuch Mar 06 '20 at 18:15
  • @PawelKlapuch My approach was incorrect initially as I was trying to combine a beacon with interaction, where a beacon should be purely passive. Also, work got heavy for a while so I had to put the project on hold for the timebeing. – Paul Allsopp Mar 09 '20 at 13:42
  • Does scaned id changed only on BLE or It changed even if i used classic bluetooth? – naima May 19 '20 at 04:12
  • 1
    "Improve privacy by making BTLE unusable" - good job, Android – Glenn Maynard Aug 15 '20 at 04:46