How Did My Phone Number Get Leaked?

A recent "3.15 Evening News" broadcast on China Central Television (CCTV) highlighted a small device, a shopping mall, and over 100 million user data in a year. This is the "Probe": it broadcasts the MAC address of a phone, collects it, and compares it with a database to obtain the user's phone number, creating a user profile through big data analysis. When a phone is on WLAN, it actively broadcasts its MAC address to connect and communicate with the router behind each SSID, but the "Probe" can collect these MAC addresses and gain additional data, such as the phone model (often due to App leaks) and the approximate location from the collection device. Its primary function is actually to locate. Once the MAC address is collected, the next step is comparison; buying a database of phone numbers, IMEI, and MAC addresses from various App developers (users have granted it permission, and the first two can be exchanged through many channels without authorization). This way, it knows your phone number, and by comparing it with the user database (simply allowing a machine to make a call for direct marketing), a general profile of the customer emerges. Is this terrifying? While CCTV may have exaggerated at this point, it doesn't mean the harm is small or that you can prevent it. Can phones be protected against this? Of course, they can. Starting with Android O (P), Google added an option in developer settings to "randomly select MAC address on connection," which can avoid some risks, but unfortunately, most manufacturers have disabled it, as seen in the examples of EMUI 8 and MIUI 9 during the CCTV live broadcast. However, you still need to enable it (assuming you have this feature available)! Starting with Android Q Beta, Google provided an option in the separate WLAN settings to choose whether to randomly select a MAC address on connection, which also needs to be manually enabled. On iOS, the situation hasn't improved significantly compared to five years ago. Starting with iOS 8, Apple provided a random MAC address feature, but its triggering conditions were strict; you had to lock the screen, turn off location services, and disable mobile data to use the random MAC feature, and it required two generations of iPhones to use it. Fortunately, four years ago, Apple made a minor modification, and starting with iOS 9, this feature began to be gradually improved, initially supporting random MAC address when WLAN was idle and then supporting all iPhones and iPads after iPhone 5. Starting with iOS 10, full-time random MAC addresses were provided for all devices, regardless of whether they were connected. Subsequent iOS versions also made some improvements. In this issue, we once again see Apple's forward-thinking approach to user privacy. Apple also automatically generates random IMEI and other identification codes to prevent them from being used to track. The solution is simple: use a device with an original Android system, and it needs to be Android O or later or Q Beta, with the option for random MAC address in developer settings (Sony and Nokia do not have this option). Alternatively, use an iPhone 5 or later with iOS 10 or higher to completely eliminate the risk, as higher iOS versions offer more anti-tracking features, such as random IMEI identification codes and the ability to prevent web pages from reading all user data. Because iOS doesn't allow Apps to read IMEI and other identification codes or phone numbers, making it harder to obtain user privacy. Most domestic smartphone users will have to wait for updates; currently, EMUI, Flyme, and MIUI have all been compromised, and this is not related to pseudo-cell towers! There are domestic UIs with the "randomly select MAC address on connection" feature, such as some test versions of OnePlus H2OS, vivo's Android P version, and MIUI 10 kernel for Android P development versions. The late Windows 10 Mobile had a similar feature, but unfortunately, it couldn't be enabled during connection. Why would using an iPhone still be at risk? Because personal privacy leaks are inevitable, and no one can stop them. Next time, always read the privacy terms. Of course, if you've used an Android phone and been collected, you might need to change your number. Ensuring the security of your connected Wi-Fi is necessary. While the "Probe" is probing our privacy, the home router does not pose a security risk! Don't overreact!