Let’s say, I sit down in a mall, open my laptop and connect to a secured mobile hotspot. Then I do it again next week after a reboot. What information would a nearby shop or a passive malicious hacker be able to find about my device? Does my device send out identifying information before joining, like a MAC address? Is this persistent, or randomized?

I intentionally haven’t specified a distro, so if something only applies to some network managers, give some details.

Bonus points: what about Android phones?