Here’s How Apple’s Find My Feature Will Keep Your Device Location Private

WWDC 2019 Find My
Text Size
- +

Toggle Dark Mode

Earlier this week, Apple unveiled a redesigned and much more powerful Find My feature while debuting macOS Catalina at its WWDC Keynote. While Apple has offered Find My iPhone since 2010, the revamped Find My feature takes the whole system up a huge notch with the ability to locate a user’s devices even if they’re powered off or have a dead battery.

While the feature is incredibly cool on the surface, it’s raised more than a few privacy concerns, as WIRED observed in a new report. Since the new feature will have Macs and iOS devices constantly broadcasting their identities over Bluetooth, it’s raised the spectre of the technology being misused for invasive tracking by stalkers, criminals, and other ne’er-do-wells.

However, it should come as no surprise that the extremely privacy-focused Apple has already thought of this, and has in fact built the system from the ground up with an incredibly clever encryption system that’s so sophisticated that even Apple itself won’t be able to track your devices.

How Find My Works

Once iOS 13 and macOS 10.15 Catalina are out in the wild, iPhones, iPads, Macs, and possibly other devices will start broadcasting Bluetooth signals even when devices are offline or shut off. Other devices running the new OS versions will be able to pick up those signals and relay the location of any nearby devices to Apple’s cloud.

In other words, no matter where in the world your iPhone, iPad, or MacBook is, you’ll be able to locate it as long as it’s in range of somebody’s iOS device or Mac. Its a technology that Apple has been working on for at least three years, and similar in concept to that used by Tile’s personal item trackers, but with a massively larger crowdsourced network, and by all reports Apple plans to expand the technology with its own personal item tracking tags too.

The Problem Apple Needed to Solve

It should be obvious from reading the above, however, that the new feature could stand to be a privacy nightmare — and in the hands of the wrong company, it almost certainly would be. Essentially, what Apple has created is a way of locating almost every single Apple device on the planet… even those that are completely shut down.

If this sounds like a problem of Orwellian proportions, that’s because it really is. While device tracking is nothing new, in the past it’s required that the computer or mobile phone in question at least be powered on, which didn’t seem nearly as invasive, and of course was coupled with the fact that it relied on your own device transmitting its location directly back to the mothership, not simply broadcasting its identity to everybody in the vicinity.

Further, even aside from the potential for a centralized map of every Apple device in the world, there’s the more grassroots risk of individual devices being easily identifiable. Even if the information in the Bluetooth beacon is encrypted, it can still be used as a “fingerprint” to track or follow a specific device — if a device always broadcasts the same encrypted blob of data, hackers and stalkers can directly associate that data blob with a known device in their vicinity and then use it to follow the user around.

Apple’s Solution

Fortunately, however, Apple has extremely high standards for privacy, so the company has taken all of these fears into account, building an end-to-end encryption system that’s so secure that even Apple itself won’t be able to track your devices.

Following the introduction of the feature during this week’s WWDC Keynote, Apple provided more detail to WIRED about exactly how the feature will work, and one interesting factor right off the bat is that it turns out that you’ll need to own TWO Apple devices in order for it to work.

This isn’t just a transparent attempt by Apple to get you to buy more of its hardware. There’s a method to the company’s approach, and it’s based on the use of regularly changing encryption keys on all of your devices. The goal is to not only keep the information about a user’s device securely encrypted, but also to anonymize that signal so that it can’t be used for localized tracking as it’s constantly changing, and ensure that you’re the only one who can use that data.

If Apple did things right, and there are a lot of ifs here, it sounds like this could be done in a private way. Even if I tracked you walking around, I wouldn’t be able to recognize you were the same person from one hour to the next.

Matthew Green, cryptographer at Johns Hopkins University

Two devices are needed because both of the ephemeral keys must be kept in sync using a system that’s exclusively under the individual user’s control. Without the second device, Apple would need to store the keys, which would allow Apple itself to identify and locate the user’s devices.

For those interested, WIRED provides a more detailed overview of how the cryptographic system works, as explained by Apple:

  • When you first setup Find My, an unguessable secret key is created and securely exchanged between all of your devices, using end-to-end encryption. Only your own machines will ever possess that secret key.
  • Each device also gets a “public key” that’s used to transmit its identity via Bluetooth. This public key changes on a regular and frequent basis (Apple apparently refused to say how often) in order to protect the device’s privacy and anonymity, but it remains cryptographically linked to the original secret key.
  • This public key can be picked up by any nearby iOS or macOS device, which transmits that information securely to Apple’s servers, along with the necessary location data.
  • Since Apple doesn’t possess the secret key, what it gets is just a blob of data that could represent any one of well over a billion possible Apple devices. Apple simply stores that data for later retrieval.
  • When you want to search for your stolen or lost device, the other Apple device that’s still in your possession sends a unique encrypted lookup request to Apple to retrieve the public key data, which is then decrypted locally on your own machine.

While this explanation is a huge oversimplification of a very complicated technology, it provides enough detail to demonstrate that Apple has put together a very impressive solution in principle, and security researchers seem to agree.

I give them nine out of 10 chance of getting it right. I have not seen anyone actually deploy anything like this to a billion people. The actual techniques are pretty well known in the scientific sense. But actually implementing this will be pretty impressive.

Matthew Green, cryptographer at Johns Hopkins University

Of course, the trick will ultimately be in the details, and there are still a lot of unknowns, such as whether Apple will constantly be storing massive amounts of data for billions of devices — even in encrypted form — or whether this will only be triggered once a device is actually flagged as lost or stolen. The report also says nothing about the Tile-like Bluetooth tags that Apple is reportedly working on, so it’s unclear whether they’ll be equipped with the same ephemeral keys or use an entirely different technology. Apple also told WIRED that the system is still a work in progress and could change by the time macOS Catalina and iOS 13 debut later this year.

Social Sharing