How To Disable MAC Randomization In Wifi Clients

What is MAC randomization? An illustrated summary of how MAC addresses are used to identify devices to networks, may also be used to identify people, and how randomization has been introduced to counteract the latter on public networks. On home networks, randomization may hinder legitimate services and uses, including technical support from ISP and parental controls.

MAC randomization aims to improve privacy in shared networks. At home, it may be better to disable it–we explain why and how.

What Is MAC Randomization And Why Is It Suddenly So Common?

Every Internet-connected device has one or more MAC addresses–-a 12-digit string that is used as a unique identifier for the device. A MAC address is not personal in itself, but very easily becomes personally identifiable when combined with other data.

Anatomy of a MAC address, illustrated

MAC randomization is a feature that has been introduced on connected devices in recent years to help ensure privacy, especially when connecting devices to public wifi networks. It is most commonly used on smartphones.

Randomization conceals the real MAC address of the device and creates an artificial one that is transmitted to any surrounding wireless access points. The goal is to make it harder to track a device based on its MAC address.

Why Turn MAC Randomization Off?

Many wifi network services still rely on permanent client MAC addresses for authentication and security.

For example:

  • Parental control or malicious content blocker services on Internet gateways or wifi access points (APs) typically require MAC addresses to perform blacklisting and whitelisting. Therefore, parental control of mobile phones or tablets at home may not be practical, if MAC randomization is enabled so that each client receives a new MAC address every day.
  • In the case of wifi band steering and traffic offloading, wireless routers and accesss point that cannot identify demanding clients that are, for example, streaming 4K video on the network by using the device MAC address, may not be able to steer the client to the best SSID or frequency band.
  • MAC randomization also hinders device detection and monitoring in wifi, which makes it easier for malicious actors to use their own MAC addresses.
  • Last but not least, service providers rely on MAC addresses to identify wifi network issues such as legacy technology, greedy clients, or clients with poor coverage. Correctly identifying legacy clients and connectivity issues makes it significantly easier for service providers to provide effective guidance and recommendations to customers.

In most cases you can turn off MAC randomization for one or more specific networks, like your home wifi, while keeping the feature enabled for any other wifi networks you might connect to.

How To Turn Off MAC Randomization, Step by Step

Here are the steps to turn off MAC randomization on wireless clients for different devices.

Note that depending on the manufacturer and version of operating system, some devices may have different settings or differently worded options.

iOS (iPhone/iPad) Steps To Disable MAC Randomization

  1. Go to Settings > Wi-Fi .
  2. Tap the (i) icon next to the network for which you want to disable MAC randomization.
  3. Turn off Private Wi-Fi Address.

Android: How To Disable MAC Randomization

  1. Go to Settings > Wi-Fi .
  2. Tap the icon next to the name of the network for which you want to disable MAC randomization.
  3. Under Privacy, select Use device MAC address .

Windows: How To Disable MAC Randomization

Note that randomization is disabled by default in Windows, so you only need to disable it if it has actively been enabled in the past. The steps are mostly the same for Windows 10 and 11.

If randomization is generally enabled for all networks:

  1. Go to Settings > Network & Internet > Wi-Fi .
  2. Turn off Random hardware addresses.

If randomization is turned on for one or some networks:

  1. Go to Settings > Network & Internet > Wi-Fi .
  2. Click “Manage Known Networks”.
  3. Select the network for which you want to disable MAC randomization. In Windows 10, you must also click Properties.
  4. Turn off Random hardware addresses.

MAC Randomization On Mac OS X

In Mac OS X, MAC randomization is currently only used for AirPlay and AirDrop, and there are no settings to turn this off.

MAC Randomization On Linux

Linux operating systems do not have MAC randomization by default and require additional packages such as the “macchanger” package on Ubuntu to enable MAC address randomization.

More On The Two Main Types Of Randomization

All operating systems use similar randomization concepts, but implement them differently, and not all randomization is equally disruptive to services.

Persistent Randomization

Persistent randomization means that the client generates a single randomized MAC address per wifi network it signs into. Persistent MAC addresses are necessary for use cases such as parental controls.

These randomized addressed may be based on network profile parameters such as SSID and security type and remains the same as long as the client device is not factory reset.

Systems that use persistent randomization:

  • Android versions 10 and 11
  • Windows 10 and later use the same randomized MAC address for all connections to the same SSID unless the user allows the client to “forget” the network. Windows users can also choose to turn on a permanently randomized MAC address.

Non-Persistent Randomization

Non-persistent randomization causes the client to generate a new, randomized MAC address with every new connection. For long lasting connections, new addresses will be generated at regular intervals.

These addresses are usually fully randomized. Apple has stated that iOS generates MAC addresses that neither they themselves nor wifi manufacturers are able to predict.

Systems that use non-persistent randomization:

  • Starting with iOS 14, iPhones and iPads generate one new MAC address per network every 24 hours.
  • Starting with Android 12, Android devices create a new MAC address when DHCP lease has expired or device has been disconnected for more than 4 hours or when the last address for the network was generated more than 24 hours ago.

Article by Dr. Maghsoud Morshedi Chinibolagh and Jorunn Danielsen