[javl]

Thanks for your in-depth comment.

As you found out, this whole things is pretty unclear and it really depends on the phone/vendor (or combination vendor and software version) . While testing I've noticed some phones use their own MAC address every time (like my Nexus 5), while others change their MAC address. Changing the MAC address doesn't really help if they send the full probe request though, as you can still use the combination of ESSIDs a device is looking for as a way of fingerprinting them (the chances of someone else asking for the exact same list are quite small).

Also, in one of the cases where I noticed a device using different MAC addresses, it only changed the last part of the address, keeping the vendor ID the same, making identifying a device easier.

[kordless]

Thanks for taking note the entire thing was being presented as irrational. I determined my phone was not leaking this data, so decided to say as much. I appreciate puddintane's work in collecting this information for us. Unfortunately, I decided to not assume to unknown amount of work for myself which would be required for determining a rational outcome for the rest of us. Their work here helped with that immensely.