LE Privacy

What Is LE Privacy?

LE Privacy is a BLE feature that prevents device tracking by periodically rotating the device's advertised Bluetooth address. Instead of using a fixed public address that an observer could correlate across time and locations, a privacy-enabled device broadcasts a Resolvable Private Address (RPA) that changes at regular intervals -- typically every 15 minutes.

Resolvable Private Addresses (RPAs)

An RPA is a 48-bit address with a specific format. The most significant two bits are set to 01, indicating a resolvable type. The remaining bits are computed by encrypting a 24-bit random number (prand) with the device's Identity Resolving Key (IRK) using AES-128, then truncating the result to 24 bits. The final address is the concatenation of the hash and the prand.

A device that possesses the IRK (received during bonding) can resolve the RPA back to the originator by performing the same AES-128 operation and checking for a hash match. Devices without the IRK see a random-looking address that changes periodically, preventing long-term tracking.

IRK Distribution

The IRK is exchanged during Phase 3 of pairing as part of the key distribution step. Each bonded peer stores the other's IRK alongside the LTK and other bond information. When the controller receives an advertising report with an RPA, the host's bond manager iterates through stored IRKs, attempting to resolve the address. If a match is found, the advertising report is tagged with the resolved identity, and the application sees the familiar bonded peer despite the changing address.

Rotation Interval

The RPA rotation interval is configurable in most BLE stacks. The default is 900 seconds (15 minutes), but it can be set anywhere from 1 second to 65,535 seconds. Shorter intervals provide better privacy but increase the computational load on central devices that must resolve RPAs more frequently. The Bluetooth SIG recommends 15 minutes as a reasonable balance.

Controller vs. Host Privacy

BLE supports two privacy modes:

• Host Privacy -- the host software generates RPAs and passes them to the controller. This is portable but adds latency and CPU overhead.
• Controller Privacy (LL Privacy) -- the controller hardware handles RPA generation and resolution autonomously, using an IRK list programmed by the host. This is faster and allows the controller to filter advertisements by resolved identity without waking the host, which is critical for power savings.

Privacy Modes per Peer

Bluetooth 5.0 introduced two per-peer privacy modes:

• Network Privacy Mode (default) -- the device only accepts RPAs from a bonded peer. If the peer sends its identity address instead of an RPA, the advertisement is ignored. This enforces strict privacy.
• Device Privacy Mode -- the device accepts both RPAs and the identity address from a bonded peer. This is necessary for interoperability with older devices that do not implement LE Privacy.

Practical Implications

LE Privacy is enabled by default on iOS and Android for outgoing advertisements and connections. iOS has used RPAs since iOS 8, and Android since Android 6.0. Peripheral firmware developers must ensure their devices handle RPA resolution correctly and store IRKs reliably, or reconnection with bonded phones will fail after the phone's address rotates.