Могу предположить, что речь вот об этом:

Bluetooth Specification Core Version 4.2

"9.2.2 Non-Discoverable Mode

9.2.2.1 Description

A device configured in non-discoverable mode will not be discovered by any
device that is performing either the general discovery procedure or the limited
discovery procedure.

9.2.2.2 Conditions

A device in the non-discoverable mode that sends advertising events shall not
set the ‘LE General Discoverable Mode’ flag or ‘LE Limited Discoverable Mode’
flag in the Flags AD type (see [Core Specification Supplement], Part A, Section
1.3). A Peripheral device in the non-connectable mode may send nonconnectable
undirected advertising events or scannable undirected advertising
events or may not send advertising packets."

"2.3.1.3 ADV_NONCONN_IND

The ADV_NONCONN_IND PDU has the Payload as shown in Figure 2.6. The
PDU shall be used in non-connectable undirected advertising events. The TxAdd
in the advertising channel PDU header indicates whether the advertiser’s
address in the AdvA field is public (TxAdd = 0) or random (TxAdd = 1).

The Payload field consists of AdvA and AdvData fields. The AdvA field shall
contain the advertiser’s public or random device address as indicated by
TxAdd. The AdvData field may contain Advertising Data from the advertiser’s
Host."

И так, слушая такие кадры можно узнать AdvA - данное поле может содержать два типа адреса:

"1.3 DEVICE ADDRESS

Devices are identified using a device address. Device addresses may be either
a public device address or a random device address. A public device address
and a random device address are both 48 bits in length.

A device shall use at least one type of device address and may contain both.
If a device is using Resolvable Private Addresses, it shall also have an Identity
Address that is either a Public Device Address or Random Static Device
Address type."

То есть, очевидно, что в ряде случаев устройство даже находясь в режиме предотвращающем его обнаружение, всё равно посылает кадры, которые содержат его адрес.