ssid.aiAPI

Learn

Randomized (private) MAC addresses, explained

If a MAC lookup came back blank, the address probably is not unknown — it is randomized. Modern phones, tablets and laptops invent a private hardware address per network. Here is what that means, how to spot it, and how to identify the device anyway.

Last updated 2026-07-13 · compiled by SSID

The short version: a randomized MAC is a valid address the device generated itself for privacy. It has no manufacturer to look up. That is not an error — it is the design. Check an address →

What a randomized MAC actually is

Every network interface has a MAC address. Historically the first half (the OUI) was assigned to the manufacturer by the IEEE, so a lookup could tell you “this is an Apple device” or “this is a Samsung device.” A randomized (or private, or locally-administered) MAC is one the device makes up itself instead of using its factory address. There is no manufacturer in it, because no manufacturer assigned it.

Devices do this so networks and trackers cannot follow them from place to place. Your phone presents a different MAC to the coffee shop, the airport, and your home — so none of them can link those visits by hardware address.

How to tell in one glance

The clue is a single bit in the first octet — the locally-administered bit (the second-least significant bit of the first byte). If the second hex digit of the address is 2, 6, A, or E, the bit is set and the address is locally-administered — almost always a privacy MAC.

DA:A1:19:5F:2C:88 → private (randomized)
44:38:39:FF:EF:57 → universal (Cumulus Networks — real vendor)

Which devices randomize — and since when

  • iPhone / iPad — on by default since iOS 14 / iPadOS 14 (2020). A fresh private address per network.
  • Apple Watch — watchOS 7+.
  • Android — randomized per network by default since Android 10; Android 11+ can rotate periodically.
  • Windows 11— “Random hardware addresses” available per network.
  • macOS — recent versions randomize on supported networks.

This is why plain OUI lookup has been quietly breaking on phones since 2020: on a typical home network, a growing share of the “unknown” devices are just modern clients with privacy on.

How to identify the device anyway

The vendor is gone, so you fingerprint from everything else the device broadcasts:

  • DHCP hostname — the name the device gives your router (e.g. Janes-iPhone). Usually the fastest answer; check your router's client list.
  • DHCP option fingerprint — the specific set and order of DHCP options requested maps to an OS/device class.
  • mDNS / Bonjour & UPnP — Apple, Chromecast, printers and smart-home gear announce model and service info.
  • Traffic pattern — which cloud endpoints it talks to often reveals the platform.

SSID's MAC lookup flags a randomized address explicitly — so you know immediately to switch to these signals instead of chasing a vendor that does not exist.

Is it a problem?

On your own network, almost never — it is a phone or laptop protecting its owner's privacy. It only matters when you rely on MAC address for access control or device tracking, which randomization is specifically designed to defeat. If you need stable identity on a network you control, ask users to disable “Private WiFi Address” for that one network, or move to certificate/account-based identity instead of MAC.

FAQ

Why did my MAC address lookup return nothing?
Because the address is a randomized (private) MAC generated by the device itself, not one assigned to a manufacturer by the IEEE. There is no vendor to look up — the address was invented locally for privacy. It is a valid, working address; it just does not map to a maker.
How can I tell if a MAC address is randomized?
Look at the second hex digit of the address. If it is 2, 6, A, or E, the locally-administered bit is set, which means the address was generated by the device rather than assigned by the IEEE. Example: DA:A1:19:… — the D-A first octet has that bit set, so it is a private address.
Is a randomized MAC address a security risk?
No — it is the opposite. MAC randomization is a privacy feature that stops networks and trackers from following a device across locations by its hardware address. A private MAC on your network is almost always just a phone, tablet, or laptop with the default privacy setting on.
Which devices use randomized MAC addresses?
Effectively all modern client devices by default: iPhone/iPad (iOS 14+, 2020), Apple Watch (watchOS 7+), Android (10+), Windows 11, and recent macOS. They rotate a fresh private address per WiFi network (and some rotate periodically), so the same phone shows a different MAC on each network it joins.
How do I identify a device if its MAC is randomized?
The OUI vendor is gone, so you fingerprint the device from other signals: the DHCP hostname it announces, its DHCP option fingerprint, mDNS/Bonjour and UPnP advertisements, and its traffic pattern. On your own router, the assigned hostname (e.g. 'Janes-iPhone') is usually the fastest identifier. SSID's MAC lookup flags the randomized address so you know to switch to these signals instead of chasing a vendor that does not exist.
Can I turn randomization off?
Yes, per network. On iOS: Settings › WiFi › (i) next to the network › turn off 'Private WiFi Address'. On Android: long-press the network › Privacy › 'Use device MAC'. Do this only on networks you trust — it re-exposes your real hardware address to that network.
Try the MAC lookup →Browse the OUI vendor directory