I created an account while in the store with an email of fuckyou@thisisstupid.com and a basic password and surprisingly didn't have to verify the email. Then turned on a VPN to my house.
I plan on just creating a new account every time I go in just to fill up their database with nonsense.
You do realize that they are actually tracking the device itself by the hardware MAC address and other device fingerprints.
The email is just a bonus to let them legally spam you. Anti-spam laws have an exemption. If there's a prior business relationship like shopping in their stores, they can put you on their spam list unless you opt out.
Bogus email only helps for spam but doesn't do anything about tracking.
EDIT: For Android when there's a Captive Portal like the screen shot. devices will use Persistent randomization which while not the hardware MAC will remain the same for the same network where they can track your visits.
randomize the MAC address everytime they connect to a network
+1, had issues using Android devices for presence detection because of this very useful privacy feature. Even on your home network, the MAC address and device hostname get randomized, unless disabled in the settings
When there's a Captive Portal like the screenshot, many devices use a random but persistent mac for that network avoid reauthorization after any network drop. This will make your access to the specific network trackable.
It's not at the packet level - by default on gOS (and a dev option on stock pixels), every time you connect to a network, even ones you have connected to prior, you get a new random MAC. The standard aosp/pixels do one random but persistent MAC randomization. This only helps marginally from a privacy standpoint. Per-connection makes this data point useless, thereby increasing privacy.