GrapheneOSuser74 When the device is connected to a network, it uses a random MAC address that changes with each connection.

Settings > Network and internet > Internet > The name of the network to which you are connected > Network details by selecting the gear > Privacy > Use per-connection randomized MAC (default).

This is an improvement on the original operating system which uses "per-network randomized MAC", this means that once your device connects to a network, the random MAC address it uses becomes static for that network, whereas on GrapheneOS, the MAC address changes with each connection to the same network.

      Xtreix Thank you for your reply. I knew what you mentioned. As we know randomizer MAC can be retrieved after WiFi connection, But I had a situation when MAC address is required in order to initiate a connection to a certain type of WiFi device, So I had to reveal the MAC address of my device.
      I wonder if it is possible to change the original MAC?

          GrapheneOSuser74 I wonder if it is possible to change the original MAC?

          I suspect it is as easy or as hard as changing the device's serial number (probably hard).

              GrapheneOSuser74 Yes, unfortunately, what you're asking for doesn't seem technically feasible, or at least I'm not aware that it is.

                As others have said you can't really change it permanently on the hardware level, so you can either ask the place you had to connect (I assume your work due to NAC doing the filtering) to remove your device from the db, or live with it and in the future don't connect to such networks.

                  It would be nice to have the opportunity to get a randomized MAC before we make WiFi connects.

                  • de0u replied to this.

                    • Dde0u

                      • Post #10

                      GrapheneOSuser74 It would be nice to have the opportunity to get a randomized MAC before we make WiFi connects.

                      The code should definitely be choosing the randomized MAC before making the connection, so presumably you are hoping to learn what it is at an earlier stage than was possible? Can you describe the steps you took and what went wrong?

                          de0u As I mentioned I had a situation when MAC address is required in order to initiate a connection to a WiFi router. It is impossible to get the MAC address in advance, so I had to use the Device's MAC.

                          • de0u replied to this.

                              • Dde0u

                                • Post #12

                                GrapheneOSuser74 I understand the general idea, but since the device was not identified and the steps tried were not disclosed, it is not yet clear that there was no way to make it work.

                                For example, it was not stated whether the device rejects the phone before or after the phone connected with a password (or 802.1X).

                                It is up to you whether or not to provide more detail (personally I'm not going to ask again). Or you could try posting an issue on the GrapheneOS issue tracker -- but if following that path I would suggest providing a lot more detail.

                                Best wishes!

                                    de0u the way I see it (just assumptions but there are some strong indications of it, but I agree with you, there could be more details provided) OP had to connect to a network at work and due to filtering MAC needs to be provided prior to successfully connect. Since you don't see your randomized MAC prior to initiating connection the only way was to provide the device Mac as it is always the same.

                                    E: also the reason why OP did not provide if the attempt would fail prior or after successful authentication is that maybe they don't know/did not test it. IT said it's like this and rarely people object.

                                        • Dde0u

                                          • Post #14

                                          0xsigsev If the MAC filtering happens before association, there might not be a workaround. But if association happens first and MAC filtering happens afterward, it might be possible to succeed at authenticating and fail by being filtered, but by that point there would be an entry in Settings for the network, so it would be possible to obtain and report a per-network randomized MAC. There is actually one network where I use that approach, so I know it can work.

                                          Meanwhile, if a feature request will be filed, I suspect the developers will want to know whether there is or isn't a workaround and also how many people might be affected by the situation as it stands.

                                              de0u My intention was never to disagree with you, I know it can be done with per network MAC and even if it would be rejected immediately, logs would show this attempt, so it could still be worked out, depends on the willingness of the IT team and knowledge of the user.

                                              I also don't see a reason to change current behavior as it would be very costly in terms of time and resources needed.

                                                0xsigsev the way I see it (just assumptions but there are some strong indications of it, but I agree with you, there could be more details provided) OP had to connect to a network at work and due to filtering MAC needs to be provided prior to successfully connect. Since you don't see your randomized MAC prior to initiating connection the only way was to provide the device Mac as it is always the same.

                                                I exactly mean the same thing.