I understand I need to disconnect/forget the wifi network and reconnect to get. New randomized Mac address
My question is, is my Mac address different for each profile I am using in the pixel 6, or are they the same and it could lead to identifying the device location when I am using a different more secure profile bc my Mac address is the same as the mc address I was using in a less secured ' Google apps' profile?
d9780 I need to disconnect/forget the wifi network and reconnect to get. New randomized Mac address
That is true on regular Stock Android. On GrapheneOS, the default is a new MAC address per connection, i.e. if you disconnect then connect again, your phone will use a new randomly generated MAC address.
d9780 is my Mac address different for each profile
I believe the same MAC and IP address are shared globally. If you want to get a new IP for a new profile, maybe use airplane mode before switching.
d9780 My question is, is my Mac address different for each profile I am using in the pixel 6, or are they the same and it could lead to identifying the device location when I am using a different more secure profile bc my Mac address is the same as the mc address I was using in a less secured ' Google apps' profile?
User installed apps can't get hardware IDs, so if you have Google apps installed, just use a VPN and then as long as another profile uses a different IP / VPN server then there's no way they can correlate one profile's traffic with another's.
All they can see is the public IP address you're connecting to their servers with. So, even if different profiles used different MAC addresses, your public IP would be the same. So, still, a VPN would help you isolate different profiles' traffic.
I would like to confirm this information: Can an ordinary app see your real I address if you are using a VPN? Or will the app see just the VPN IP address?
JohnPrivacy as long as the app is routed through the VPN and especially if connections without VPN are blocked, the app can only see your VPN IP.
JohnPrivacy The VPN public IP is the IP that will be seen. Apps won't be able to see the ISP IP as all the traffic is sent to the VPN server. That is assuming you are not using split tunneling.
If by real IP you mean the local IP (the IP between the phone and WiFi router), I am not entirely sure. The FAQ mentions that apps can not access the MAC address.
https://grapheneos.org/faq#hardware-identifiers
By real IP I mean the IP used to communicate with the VPN server, that is the IP address that would show up if I would not being using a VPN.
JohnPrivacy Gotcha, then the real IP = the ISP public IP. What n3t_admin said is the answer your are looking for. Apps can't see your ISPs public IP if routed over a VPN.
The option to randomise mac on every user switch would be excellent. And a security boost.
Network should then reconnect on every user change.
Is this planned ever to be a part of gos?
user539 this would require an entire rework of the Wi-Fi implementation because Wi-Fi is shared across users. Since this change would require heavy modifications to the AOSP code, I don't really see a chance of this happening.
The other possible problem this would introduce, is DHCP starvation, especially in SOHO-type networks. You could easily flood a /24 address range in a matter of a few hours just by switching between users.
That is true on regular Stock Android.
Not quite, because they use persistent per-network MAC randomization based on a keyed hash so forgetting the network doesn't cycle it. We're considering changing the per-network mode from this to a less persistent mode matching how people would expect it works. It's much less important since we add the per-connection MAC randomization mode which is used by default.
user539 That doesn't match how profiles work. They have a shared Wi-Fi connection underneath and multiple profiles can be running at the same time. It doesn't make sense to implement that.
n3t_admin Networks should gracefully handle running out of addresses to give out by reusing the least recently used ones. It doesn't cause any harm and clients will get another one if the one they had is taken. Routers unable to handle this are horribly broken and can't even handle being used in a small coffee shop as a network for customers which is embarrassingly bad.
GrapheneOS they should and you'd be surprised how often manufacturers completely ignore that. Although sometimes network admins are to blame when they decide that a 7 day lease is perfectly acceptable.
