First of all, please note that this is not an easy problem to address.
And as far as I'm concerned, I will recognize "public address" mentioned above as "Public Device Address", which is used officially to denote "a combination of a company ID and a company-assigned ID per device following the IEEE 802-2001 standard".
Last but not least, the following opinion only represents my point of view.
I can't say the Public Device Address is mandatory, but I should say it's highly recommended when your product is widely used. If you need to make each of your devices a unique one around the world according to your technical and economic concerns, then you must use Public Device Address. Otherwise, you can improvise.
And I think I can say that "Static Device Address" (which I think you're referring to as "static random address") is the cost-down version of "Public Device Address" and it's defined and supported officially.
And in your use case, I will recommend you use Non-resolvable Private Address.
Sincere regards from C. L.