The Weak Security and Privacy Warning on the iOS14 or iOS15

Updated 01-17-2022 07:48:00 AM 216461

issue Description/Phenomenon:

Ever since IOS 14 updates( ), Apple has made great changes on the security update on IOS devices. New Privacy features improve user transparency and control over how apps access your location, photos, microphone, and camera.

After that, sometimes you might get a "Privacy warning" or "Weak Security" on your Wi-Fi network.

Case 1: Weak Security 

The following security modes have been considered insecure by Apple. So when IOS devices detect any of them was used by your router, the weak security will pop out. )

  • WPA/WPA2 mixed modes

  • WPA Personal

  • WEP, including WEP Open, WEP Shared, WEP Transitional Security Network, or Dynamic WEP (WEP with 802.1X)

  • TKIP, including any security setting with TKIP in the name



Change your router security to be one of the following:
WPA3 Personal; WPA2/WPA3 Transitional or WPA2 Personal (AES)
Currently, All TP-Link routers supported changing wireless security, and please update to the latest firmware to improve your security.

Note: For the Archer C60 V2, please contact support.


1. For TP-Link Router

Please log in to your Router’s web interface, referring to How do I log into the web-based Utility (Management Page) of TP-Link wireless router?

On the web interface, please go to Advanced -> Wireless -> Wireless settings -> change the security type to WPA2-PSK -> click on the save button to finish the setting.

Archer Series (take Archer C9 as an example):


WiFi6 Series (take AX 1500 as an example):


TL-WR841N and Archer C50, C55:


2. For Deco Series

For the earlier firmware version of the Deco device, the security type is set defaulted as WPA2-PSK[AES]/ WPA-PSK[TKIP] mixed, which offers higher compatibility to ensure the network connection of various terminal clients.

We have released official firmware for the Deco devices to allow you to change the wireless security type in weeks, please check on your Deco app for the updates. At the same time, please update your Deco APP to the latest version.


1. For the Deco M9Plus with 1.2.12 or earlier firmware version, please download the upgrade file from our official website and install the upgrade manually.

2. If you have the Deco X20/X60 working together with the other model of devices that do not support the WPA3, or you have the Deco M3W in your deco network, you may update your Deco devices to this beta firmware as per your Deco models. Please click here for the beta firmware.

After upgrading to the latest firmware, you can select the security type for the network on Deco APP -> “More” tag -> Wi-Fi-> click on “Password” -> click on “Security” -> set security type as “WPA2-PSK[AES]” or WPA2-PSK[AES] + WPA-PSK[TKIP]” or None.

Take Deco M5 as an example.

For the models that support WPA3 security (such as Deco X20 and Deco X60), you can enable the WPA3 for your network via Deco APP. Please go to “More” tag -> Wi-Fi-> click on “Password” -> enable “WPA3”.


3. For Range Extenders

(1) it is recommended to change the encryption method of the front-end router or main AP to WPA2 + AES;

(2) then upgrade the firmware of the Range Extender to the newest in the official support page;

(3) then reset and reconfigure the Range Extender after upgrading to the newest firmware. Set the SSID of the Range Extender to a new one for checking, it's more recommended to configure through the webpage. Then Reboot the router and Range Extender together after that.


4. For MiFi products

1) M7200 V2&V3, M7450 V2, M7650 V1.1:

The latest official firmware has already set AES as the default encryption, please upgrade the firmware to the latest version, no need to change security manually.

2) M7650 V1, M7450 V1, M7350 V5, M7200 V1, M7000 V1, M7300 V3:

The default Wi-Fi security setting is WPA-PSK/WPA2-PSK Auto, please change it to WPA-PASK/WPA2-PSK AES. If you cannot see this option, please make sure you are using the latest firmware

3) M7350 V3&V4, M7310 V1&V2, M7300 V2

The default Wi-Fi security setting is WPA-PSK/WPA2-PSK Auto, there is no option to set AES only.



The default Wi-Fi encryption on our products is set to Auto, which supports AES as well, the secure encryption method, and also supports TKIP encryption to be compatible with the devices that only support TKIP encryption.

It doesn't mean Apple must use the weak encryption method when it says weak security. If set the encryption to AUTO or  TKIP mix AES,  iOS devices will actively choose the secured encryption method WPA2+AES, but still give you a warning. So please don’t worry about its security.


Case 2: Privacy Warning about private WLAN address being turned off.

Cause: It happens because the iOS uses its real MAC address to communicate.


To improve privacy, Apple suggested keeping private addresses enabled all the time so that your device would use a different MAC address with each Wi-Fi network. ( )

Note: Though It will stop someone from tracking your network activity, some users reported that their IOS devices were “unknown” to routers since the random MAC address could not be recognized by the manufacturer anymore. The related issue has been discussed already, such as:


Case 3: Privacy Warning about not supporting encrypted DNS.

Cause: This iOS privacy feature is meant to be used where the router and the router's handling of DNS cannot be trusted, so it is designed to circumvent whatever the router is doing.


Deco has a special way to deal with its DNS requests, and when you had this notification.

Please set the DNS server to and manually in Deco App > More > Advanced > IPv4, then go to the WiFi setting of your IOS devices, forget/delete the Deco’s network, and reconnect to it again.

Please refer to the FAQHow to change DNS server settings on my Deco?


Looking for More

Is this faq useful?

Your feedback helps improve this site.

SubscribeTP-Link takes your privacy seriously. For further details on TP-Link's privacy practices, see TP-Link's Privacy Policy.

Be The First To Get Exclusive Deals & News