How to handle randomized MAC addresses on Android 9+ and iOS 14+

Previous versions of Android and iOS already used randomized MAC addresses prior to joining a WiFi network. This proved to be a great privacy addition as it disabled passive MAC address “following” just because the WiFi radio was on.

Modern Android and iOS take MAC address randomization one step further by generating MAC addresses even when connected, never revealing the real MAC address. This new setting is now the default, which is a positive move for when you join someone else’s hotspot.

However, in your own network, there’s no advantage to a privatized MAC address whatsoever, assuming you (or people you trust) manage your network.

adam:ONE uses MAC addresses as unique identifiers so the dashboard administrator can assign policies based on the MAC address. Note that little “home network” privacy is gained because the NAME of the device is still visible on your own network in any case.

On a per-network basis, you can turn off MAC address randomization by navigating to Settings -> WiFi -> Click on the (i) beside your connected WiFi and disable the Private Address like this:

On Android, choose your WiFi Network -> Advanced -> Privacy and choose Use device MAC like this:

Note that you don’t need to do this to any other WiFi network except the SSIDs that utilize adam:ONE for security.

References:

iOS feature: https://support.apple.com/en-us/HT211227
Android feature: https://source.android.com/devices/tech/connect/wifi-mac-randomization

Users that don’t like filtering or just passive users won’t have any incentive to do this. It’ll have to be a one policy fits all approach.

Our recommended default policy is a kind of Holding Tank. This is the case with every managed deployment, in any case.

If you deploy the same approach, users will be incentivized.