That's why I caveated the MAC, but if you managed to catch a non randomizing device or a randomizing device that hasn't disconnected (dumped in trash outside for instance) or which was powered down on network and not powered on until after arrest, you can still hit paydirt.
The IMEI and advertising ids are the more pressing ones though. Never underestimate the deanonymyzing power of someone else's UUID you aren't even aware you have.
Another angle is that devices that randomize will “reuse” the random address for the same SSID, afaik. So even the random Mac may be of value over time.
The IMEI and advertising ids are the more pressing ones though. Never underestimate the deanonymyzing power of someone else's UUID you aren't even aware you have.