Android: MAC address randomization "per-network" is misleading

[alohapersona]

As said, the "per-network" statement on mac address randomization is misleading:

• Most OS have some way to change the behavior from per-network to per-connection. In AOSP that's typically provided in developer settings under the name "Wi-Fi-enhanced MAC randomization" or similar. The reason why it's a developer feature is that per-connection setting might lead to issues when the wi-fi is far away or some other reason sees frequent reconnects - as the change in MAC address would likely result in a new IP address and thus breaking TCP connections. For networks with captive portals you would likely also have to complete the captive portal again and again.
• On AOSP since at least version 11, when removing a wi-fi network from the list of known networks and adding it again, the per-network MAC address would be regenerated, allowing to easily get a new MAC address as the user sees fit.
• If per-network MAC address randomization happens, it's not actually per-network, but per-network-configuration. Which means if two networks are covered by the same network configuration (because they have the same SSID / name), the device will reuse the MAC address even if it's a totally unrelated network.

[eylenburg]

Thanks, that is very informative. I will have to update the table to include these information, including mentioning the downsides to "per-connection" when it comes to captive portals and such.

I think the current colours would be correct though, because if it's just in the developer options for AOSP, this setting will be reset after a restart, and it should remain light green for that reason.

[thestinger]

@alohapersona @eylenburg The information which was in the table is already accurate. It should be left as it was.

Most OS have some way to change the behavior from per-network to per-connection. In AOSP that's typically provided in developer settings under the name "Wi-Fi-enhanced MAC randomization" or similar. The reason why it's a developer feature is that per-connection setting might lead to issues when the wi-fi is far away or some other reason sees frequent reconnects - as the change in MAC address would likely result in a new IP address and thus breaking TCP connections. For networks with captive portals you would likely also have to complete the captive portal again and again.

This is not per-connection randomization. It does not choose a new MAC address for each connection. It chooses a new MAC address when the DHCP lease expires, which can take weeks. It may choose a new one during some reboots too.

On AOSP since at least version 11, when removing a wi-fi network from the list of known networks and adding it again, the per-network MAC address would be regenerated, allowing to easily get a new MAC address as the user sees fit.

That's not correct unless the developer option is enabled. The normal per-network MAC address randomization uses persistent values derived from the AP information. It gets the same MAC for the same network until factory reset. The developer option makes it work as you describe. It's still per-network randomization, not per-connection but it's just possible to get a new one.

If per-network MAC address randomization happens, it's not actually per-network, but per-network-configuration. Which means if two networks are covered by the same network configuration (because they have the same SSID / name), the device will reuse the MAC address even if it's a totally unrelated network.

This is what is meant by per-network randomization.

[thestinger]

I think the current colours would be correct though, because if it's just in the developer options for AOSP, this setting will be reset after a restart, and it should remain light green for that reason.

It doesn't get reset after a restart, but it's not per-connection randomization. It's less persistent per-network randomization: it gets a new MAC address if the network is forgotten, if the DHCP lease expires and may sometimes get a new one on reboot.