TL;DR: If the second character of the MAC address is 2, 6, A, or E, it’s a private address.

Locally administered MAC addresses are commonly used by Apple devices (and some others) to reduce tracking of the MAC address accross networks. Locally administered MAC addresses are defined by having the least significant bit of the most significant byte (the second character when expressed in hexadecimal format) set to 1. This gives us the options (in Hex format) for the second character to be 2, 6, A, or E.

• x2-xx-xx-xx-xx-xx
• x6-xx-xx-xx-xx-xx
• xA-xx-xx-xx-xx-xx
• xE-xx-xx-xx-xx-xx

On the other hand, universally administered MAC addresses (the “normal” type) have this same bit set to 0.

It’s worth noting that this randomisation does not guarantee the device can’t be tracked – it’s entirely possible for the device to reveal it’s true MAC address, and various other techniques other than MAC address tracking can be used to monitor the movement of hosts across networks.