MAC randomization behavior

The MAC randomization feature lets devices use a randomized MAC address when connecting to a Wi-Fi network. For implementation instructions, see Implement MAC randomization. This page describes the behavior of MAC randomization in Android.

MAC addresses are used by devices when connecting to a Wi-Fi network or an access point. Because these MAC addresses are transmitted without encryption, they can be captured and used to potentially track a user's location. Historically, devices use the factory MAC address to associate to a Wi-Fi network. The factory MAC address is globally unique and static, letting the device be tracked and individually identified.

The MAC randomization feature increases user privacy by using a randomized MAC address when connecting to a Wi-Fi network.

MAC addresses are 48 bits long and usually represented by 12 hex digits (6 octets as each octet is 8 bits) such as 00:11:22:AA:BB:CC. The MAC randomization feature randomizes the address by setting the locally administered bit to 1, and the unicast bit to 0. The other 46 bits are randomized.

For devices running Android 10 or higher, the framework uses randomized MAC address by default. Users can enable or disable MAC randomization for individual networks through an option in the Network details screen in Settings, as shown in Figure 1. If a user disables MAC randomization for a network, the framework uses the factory MAC address (globally unique address).

MAC randomization option

Figure 1. MAC randomization option.

MAC randomization types

The Android framework uses two types of MAC randomization: persistent randomization and non-persistent randomization. If the user disables MAC randomization, the factory MAC address is used.

Android determines which MAC randomization type to use when the device associates to a Wi-Fi network. By default, Android uses persistent randomization. Starting in Android 12, Android uses non-persistent randomization in the following situations:

  • A network suggestion app specifies that non-persistent randomization be used for the network through the WifiNetworkSuggestion.Builder#setMacRandomizationSetting API.
  • The network is an open network that hasn't encountered a captive portal and the config_wifiAllowEnhancedMacRandomizationOnOpenSsids overlay is set to true. This overlay is disabled (set to false) by default.

Persistent randomization

Android uses the persistent randomization type by default when the MAC randomization feature is enabled. Android generates a persistent randomized MAC address based on the parameters of the network profile including SSID, security type, or FQDN (for Passpoint networks). This MAC address remains the same until factory reset. The MAC address does not get re-randomized if the user forgets and re-adds the Wi-Fi network since the MAC addressed depends on the parameters of the network profile.

Persistent MAC addresses are necessary in cases where networks rely on the persistence of the MAC address to provide useful functionality to the user, for example, to remember a device and let users bypass the login screen as expected, or to enable parental controls.

For Android 10 and 11, the framework uses persistent randomization for all networks when MAC randomization is enabled.

Non-persistent randomization

Under the non-persistent randomization type, which is used for some networks in Android 12 or higher, the Wi-Fi module re-randomizes the MAC address at the start of every connection or the framework uses the existing randomized MAC address to connect to the network. The Wi-Fi module re-randomizes the MAC address in the following situations:

  • The DHCP lease duration has expired and more than 4 hours have elapsed since the device last disconnected from this network.
  • The current randomized MAC for the network profile was generated more than 24 hours ago. MAC address re-randomization only happens at the start of a new connection. Wi-Fi won't actively disconnect for the purpose of re-randomizing a MAC address.

If none of these situations apply, the framework uses the previously randomized MAC address to connect to the network.

Developer option for non-persistent randomization

For devices running Android 11 or higher, users can enable non-persistent MAC randomization globally for all Wi-Fi networks (that have MAC randomization enabled) through the developer options screen. The option to enable non-persistent MAC randomization for all profiles is found at Settings > Developer Options > Wi-Fi non-persistent MAC randomization.

Wi-Fi non-persistent MAC randomization option

Figure 2. Wi-Fi non-persistent MAC randomization option.