Android can do this by default, no need to significantly increase attack surface by loading third-party code with elevated privileges. GrapheneOS, probably the most private and secure mobile OS out there even has per-connection randomization, the strongest form of MAC address randomization, built in and enabled by default for all networks.