Most of the modern smartphones, either with IOs or Android, adopt a privacy protection mechanism that uses a "randomized" MAC address during the probing phase, when they aren't associated with the AP yet.
Do the Meraki Location APIs include in the stream also the probed clients with a randomized MAC address?
When the client is connected, do the Location APIs consider only the probe messages or also other control-plane messages?
There is some research in this area which shows the real mac address can be captured even if the device uses randomized mac address.
Let me ask my question in another way, right now IOS is using randomization. As you said, Meraki APs cannot capture the real mac address of IOS devices while the device is not associated, right? So why in raw data collected by a Meraki AP there are so many IOS devices (with null SSID )?
Let me to share my knowledge and experience with you... because it is incredible that there is no detailed information in Cisco documentation and forum about this important issue (the most important for the KPI results and for our clients at least)
All smartphones with less than 4 years never send their real mac address when they are not connected to a Wifi network.Mac randomization it is not only related with iphones.
Android, iOS, Windows and Linux operative Systems have implemented in the recent versions with very different approaches. Only one iphone could emit 40 different random macs during the visit to a store, or hundreds of different androids could use the same mac in the same moment, and many other techniques are being used, even they are using real mac of real vendors... so it is imposible for a cisco AP or router to know the real mac address of any smarphone not connected to the wifi. CMX or Merak solution or any other provider (ArubaNetworks, etc..) can not filter the un-real Mac addresses, basically because it is too complex and the random schemes are different and changing constantly in any version of android, iphone, etc..
This is the reason because loyalty is false, strange data appears, flows and year by year comparation is imposible, etc... effects that make that cisco meraki cmx could not be used as professional solution for flow, behaviour analytics. They only professional solution you can use that can deal with the random macs is Seeketing technology. They have more than six year of experience with big projects (airport, shopping center, system transportation, retails, etc...). Seeketing technology is was the first tool in the world in 2011 providing not only offline behaviour, even online and simultaneous offline tracking user by user. You can send message by proximity using whatsapp, sms, email, push (with our without an App) and even you can change the content of screens depending on people behaviour in the store or in the ecommerce.
I know this is an old post but I've started delving into this problem and have not found any adequate response on this from Cisco/Meraki even though they are still pushing it as a key pillar in their sales motion for new WiFi technology. Very frustrating trying to sell Cisco but not having the full info on these types of issues and how they are handling them. If you have any info/links from Cisco on this I would be interested in seeing them.