The hardware MAC address of a WiFi device is exposed to sniffing devices in an RF environment. When the user of a mobile device uses that device to connect to a WiFi network at a public place such as a cafe or a shopping complex, the user can be tracked on the basis of the device MAC address. Along with the current location, the number of last visits, time spent at a particular location can also be derived easily.
MAC randomization was introduced by OS vendors to address these privacy concerns. Randomizing MAC addresses in Probe Requests to SSIDs was introduced as a first step towards maintaining user privacy. An increased awareness of mobile privacy concerns has encouraged the growth and adoption of randomized MACs. In recent times OS vendors have enhanced this feature further to randomize MAC addresses not only in the Probe Requests of a wireless connection but also for associated clients. While this makes tracking WiFi users much more difficult, it also impacts normal operations of a WiFi network where client MAC addresses are used for legitimate purposes such as access control, roaming, etc. This impact is not limited to a particular WiFi vendor and affects the WiFi industry in general.