Wi-Fi MAC Randomisation on Android: How It Protects You

Every time your smartphone scans for a Wi-Fi signal, it broadcasts a unique identifier known as a MAC address. In the early days of mobile connectivity, this hardware identifier was static, meaning your device sent the exact same "fingerprint" to every router you hovered near. For marketers and data brokers, this was a goldmine; they could track your movements across a shopping centre or a city just by seeing which public hotspots your phone pinged. This created a significant privacy loophole where your physical location could be mapped without your explicit consent.

To combat this, modern versions of the mobile operating system use mac randomisation android protocols to hide your true hardware identity. By swapping your permanent hardware address for a temporary, randomly generated one, your phone makes it much harder for third-party networks to build a profile of your habits. In this guide, I will break down exactly how this technology functions on your device, how to manage the settings on Pixel, Samsung, and Xiaomi hardware, and the subtle differences you will encounter between Android 13, 14, and the new Android 15 update.

What a MAC address reveals

A Media Access Control (MAC) address is a 48-bit identifier assigned to the network interface controller of your device. Think of it as a social security number for your Wi-Fi chip. Unlike an IP address, which changes based on the network you join, a traditional MAC address is burnt into the hardware at the factory. Under default settings in legacy versions of Android, your device would announce this permanent ID to any access point within range, even if you never actually clicked "connect" or entered a password. This provided a consistent way for sniffer hardware to identify that "User A" who was at the coffee shop at 9:00 AM is the same person now entering a department store at 10:30 AM.

The privacy risks extend beyond mere location tracking. Because a hardware MAC address is unique, it can be linked to other data points. If you once signed into a public Wi-Fi network using your real name or email address, that venue (and any data partners they share with) could theoretically associate your identity with that specific hardware ID. From that point forward, your movements could be tracked across any other venue using the same analytics provider, regardless of whether you signed in again. This "passive tracking" happens in the background, making it one of the most persistent threats to mobile privacy.

On Android 13 and 14, the system has become increasingly aggressive at masking these identifiers. When mac randomisation android is active, the data collected by these third-party trackers becomes fragmented. Instead of a long-term history of your movements, a tracker only sees a series of disconnected, "random" devices that appear once and never return. This effectively breaks the chain of data collection, ensuring that your physical journey through the world remains your own business rather than a product for advertisers.

How randomisation works

The technical implementation of a wifi mac random system involves the Android framework generating a mathematically randomised string of characters that mimics the format of a genuine MAC address. This dummy address follows specific IEEE standards to ensure it isn't rejected by routers, but it lacks any connection to your actual hardware. When your phone sends out "probe requests"—the signals used to find available networks—it uses this rotating, temporary address. This ensures that even if you are just walking down the street with Wi-Fi turned on, the "pings" your phone sends out cannot be used to build a persistent profile.

Android 14 introduced further refinements to how these addresses are rotated to prevent "fingerprinting" based on timing or signal strength. The system ensures that the locally administered bit (a specific part of the MAC address) is set correctly so that routers recognise it as a private address. In Android 15, Google has further optimised the power consumption of this process. In the past, generating and managing these addresses could marginally impact battery life when scanning for networks, but modern chips in Pixel 8 and Pixel 9 devices handle this at the firmware level with negligible impact on your daily usage.

It is important to understand that there are two layers to this protection: scanning and connection. Scanning randomisation happens when you aren't connected to anything; your phone effectively "whispers" different names to different listeners. Connection randomisation happens once you actually join a network. Android ensures that the address you use for the "Blue Coffee Shop" is different from the one you use for "London Underground Wi-Fi." This prevents different network owners from collaborating to track you across their respective infrastructures.

Per-network vs persistent

Android primarily uses what is known as "per-network" randomisation. This means that when you connect to your home Wi-Fi, your phone generates a private mac and sticks with it for that specific network. If you disconnect and reconnect later, the phone will typically use that same randomised address for that specific router. This is a deliberate design choice. If the address changed every single time you reconnected to your home router, features like parental controls, static IP assignments, and device blacklisting on your own router would break constantly. By keeping the random address "persistent" for a specific SSID, Android balances privacy with local network stability.

However, once you move to a different network, such as a public library or a gym, Android generates a completely different randomised address. To the library's router, you are "Device X." To the gym's router, you are "Device Y." There is no way for the two entities to know that the same physical phone visited both locations. This per-SSID (Service Set Identifier) approach is the default behaviour from Android 10 through to Android 15. It ensures that your identity is siloed; what happens on one network stays on that network.

For users seeking even higher levels of anonymity, some Developer Options in Android 13 and 14 allow for "non-persistent" randomisation, though this is rarely needed for the average user and can cause significant headache with captive portals (those login pages you see at hotels). For 99% of people, the per-network model is the "sweet spot" of privacy. It hides your real hardware ID from everyone, while ensuring that the Wi-Fi at your office or home doesn't treat you like a total stranger every time you wake your phone from sleep mode.

Where to configure it

On a Pixel device running stock Android 14 or 15, managing your MAC settings is straightforward, though the options are tucked away within the specific details of each saved network. 1. Open Settings > Network & internet > Internet. 2. Tap the cog icon (Settings) next to the name of the Wi-Fi network you are currently using or a saved network. 3. Scroll down and tap "Privacy." 4. Here, you will see the choice between "Use randomised MAC (default)" and "Use device MAC." On most modern devices, the randomised option is already selected by default for all new networks you join.

If you want to check the status for all networks, you can use the Permission manager to see which apps have access to your network information, but the actual MAC controls remain within the Wi-Fi sub-menus. For Android 15, the interface has been slightly streamlined, but the path remains essentially the same: Settings > Security & privacy > Privacy > (more settings) is where you can find global privacy controls, but for wifi mac random settings, you must still go through the Internet menu. This is because MAC addresses are handled on a per-connection basis rather than as a global "on/off" switch.

For those who want to see the "Developer" side of things, go to Settings > About phone and tap "Build number" seven times. Then go to Settings > System > Developer options. Here, look for "Wi-Fi non-persistent MAC randomisation." Enabling this will force the device to change its MAC address every time it reconnects to the same network, not just when switching networks. Use this with caution, as it will likely result in you having to re-authenticate or sign into hotel and airport Wi-Fi over and over again every time your phone's screen turns off.

Samsung and Xiaomi differences

Samsung’s One UI (versions 6.0 and 6.1 based on Android 14) handles these settings with a slightly different visual flair. In One UI, the path is: 1. Settings > Connections > Wi-Fi. 2. Tap the gear icon next to your current network. 3. Tap "View more." 4. Tap "MAC address type." Samsung gives you the same "Randomised MAC" and "Phone MAC" options but labels them more explicitly. One UI 7 (Android 15) is expected to maintain this path but may integrate it further into the "Security and privacy" dashboard that Samsung has been promoting as a one-stop shop for all safety settings.

Xiaomi’s HyperOS (and the older MIUI) can be a bit more elusive with these settings. To find them on a Xiaomi device: 1. Open Settings > Wi-Fi. 2. Tap the arrow icon next to the connected network. 3. Scroll to the bottom to find "Privacy." 4. Select "Use randomised MAC." A notable quirk on Xiaomi devices is that "Battery saver" mode can sometimes interfere with the frequency of background scanning randomisation, so if you are in a high-security environment, you may want to ensure your battery profile is set to "Balanced" or "Performance."

Both Samsung and Xiaomi have also added "Data usage" and "Privacy" warnings if you switch back to your "Phone MAC" (hardware MAC). They will often show a small pop-up warning you that your privacy is at risk. This is a helpful touch for users who might have changed the setting for a specific troubleshooting reason and forgotten to switch it back. In my testing on the Galaxy S24 and Xiaomi 14, the randomised MAC is remarkably stable and rarely causes the connection drops that were common in the early days of Android 10 and 11.

When to disable for compatibility

While mac randomisation android is excellent for privacy, there are specific scenarios where you must disable it. The most common is a "Whitelisted" network. Some corporate offices and university labs use MAC filtering as a security layer, only allowing pre-registered hardware IDs to access the internet. If you have "Randomised MAC" turned on, the router will see an unrecognised ID and block you, even if you have the correct password. In these cases, you must switch to "Use device MAC" so the router sees the specific 48-bit identifier you provided to the IT department.

Another common issue arises with older home routers. Some legacy hardware from the early 2010s struggles to manage a pool of dynamic addresses and might "freeze" or refuse to assign an IP address to a randomised MAC. If you find your phone is stuck on "Obtaining IP address," the first troubleshooting step should be: 1. Go to the network settings. 2. Change Privacy to "Use device MAC." 3. Toggle Wi-Fi off and on. If the connection suddenly works, you know the router's DHCP server was the bottleneck. This is frequently seen in older hotel systems or cheap "range extenders" that don't follow modern networking protocols accurately.

Finally, some "smart home" setups require your phone to be on a static MAC for initial device pairing. If you are setting up an older IoT bridge or a specific brand of smart bulb, the setup app might need your device's true MAC to verify the handshake. Once the setup is complete, you can usually switch back to the private MAC without issues. As we move into the era of Android 15 and Wi-Fi 7, these compatibility issues are becoming rare, as router manufacturers have finally adjusted to the reality that a permanent hardware ID is a thing of the past. Privacy by default is the new standard, and your Android device is more than capable of keeping your digital footprint small.