A MAC address, short for media access control address, is a unique identifier that is tied to the network interface card or network adapter of a device. It’s a 12-digit hexadecimal number that is usually separated by colons or hyphens per two digits. For example: 4c:0d:54:05:88:c9.
In 2017, Android 8.0 introduced the use of randomized MAC addresses in lieu of the burned-in or physical address of a smartphone’s network adapter when scanning for new networks. Android 10 in 2019 then expanded MAC randomization for Wi-Fi connections. iOS have a similar feature since 2014.
Using a random MAC address has its pros and cons. Here’s how you can enable or disable randomized MAC addresses in your smartphone.
How to Enable/Disable Random MAC Address Per Network Connection
Many operating systems that support the random MAC address feature have it enabled by default. Here are where you can find the settings in different operating systems:
In Android, go to Settings > Network & Internet > Wi-Fi. Find the wireless connection you want to configure and tap the gear icon next to it. Go to Advanced > Privacy and select Use Randomized MAC.
In iOS, go to Settings > Wi-Fi. Find the wireless connection you want to configure and tap the “i” icon next to it. Toggle the Private Address option.
Note that enabling or disabling MAC randomization on one network won’t affect the setting in other networks.
How to Disable Random MAC Address by Default
If you don’t like the enabled-by-default randomized MAC address behavior in Android, try checking the Developer Options and see if there’s a feature flag called settings_wifi_mac_randomization you can toggle. Do be careful when toggling experimental features in Developer Options.
There doesn’t seem to be a similar option for iOS.
Why Enable Random MAC Address
A random MAC address is primarily used to improve your privacy and security and help you avoid being tracked across different Wi-Fi networks. A bad actor in the network will have difficulty of correctly associating histories of activities to your devices that use MAC randomization, thereby improving your privacy. Apple heavily uses MAC address randomization to enhance user privacy while performing Wi-Fi scans, peer-to-peer data transfers, and various functions.
The original or factory MAC address isn’t a random set of alphanumeric characters. Each hardware manufacturer has a designated prefix in MAC addresses. If a network adapter has a MAC address that starts with F8:27:93, for instance, it’s from Apple Inc. Some companies can have multiple prefixes. There are online tools (such as Wireshark.org OUI Lookup Tool) to identify the vendor using the MAC address prefix code.
It’s for this reason that concealing the original MAC address can help prevent your device from being exposed to bad actors. With the right tools, identifying the MAC address along with other network details can lead to identifying the device.
Why Disable Random MAC Address
Because of the advantages, it provides in terms of privacy and security, MAC address randomization should be left enabled. There are however cases in which the opposite is the better, more convenient option.
In private home and office networks, randomizing MAC addresses may seem redundant as it’s presumed all connected devices in the network are known and trusted. The feature can actually be a possible cause of devices being unable to remain connected on the network, hence the need to disable it.
If you’re familiar with how the network was set up, remember if static addresses or MAC address filtering was implemented. If it is, then a whitelisted set of known MAC addresses are only allowed to connect, which means randomizing your MAC address will prevent you from connecting. But if the network has a blacklist instead, then randomizing can be useful.
Random MAC addresses don’t work well in networks with captive portals either. These are networks often found in hotels, airports, and cafés that redirect newly connected users to a web page where authentication is required before the users gain Internet access. These networks also rely on MAC addresses to remember clients who are already authenticated.