MacTalk
May 2024
Google Raises Privacy Bar with Its Crowdsourced Tracking Service
Google will raise the ante for privacy-preserving and anti-stalking features with the launch of its long-expected Find My Device network service in May 2024. Like Apple’s almost identically named Find My network, Google’s Find My Device network crowdsources device locations by relaying encrypted identity signals through supported Android phones and tablets. The search giant’s Find My Device network supports Android devices and compact trackers from companies like Chipolo and Pebblebee. Google has three distinct privacy improvements that aren’t found—yet—in Apple’s Find My network approach.
Lost Item Tracking Background
As a quick review, crowdsourced location tracking leverages network-connected devices (Android or iOS/iPadOS) that know where they are from GPS, cellular, and Wi-Fi positioning. Items without a network connection—including compact trackers like an AirTag or a temporarily offline Mac, Apple Watch, Android smartphone, etc.—broadcast an anonymized Bluetooth signal that contains an encrypted payload identified with the registered owner.
The network-connected devices relay the Bluetooth signals from transmitting gear to a central server run by Apple or Google without inspecting the data, which is encrypted. Only the registered device or item owner can use software—Find My for Apple devices and Find My Device for Android gear—that lets them query for location information from those central servers. Once retrieved by the lost item’s owner, the payload is decrypted locally on that owner’s device.
Because of the encryption, neither the Apple nor Android users whose devices are relaying location data can identify owners of lost items or even which items are broadcasting; likewise, whoever owns the devices being tracked can find out nothing about the equipment through which the signal was relayed. (Items update their Bluetooth identifiers to new, non-repeating values at intervals throughout the day to prevent someone from building a database that tracks the trackers.)
That all sounds well and good, and the approach has worked remarkably well in practice over Apple’s first three years of AirTags and the Find My network. The danger comes in how compact trackers can be used to track people without their knowledge and consent, with people abusing AirTag tracking for theft and stalking.
AirTags initially provided fewer protections than advocates for victims of domestic violence and privacy experts believed were needed. Apple gradually revised AirTag warnings and alert sounds (see “Apple Explains How It Will Address AirTag Privacy Issues,” 12 February 2022). Without getting into the historical changes, the current anti-stalking feedback comes in two ways. If an AirTag is moving with you and the owner isn’t nearby, alerts pop up on nearby iPhones and iPads. As importantly, if an AirTag is static but the owner hasn’t been near it for a randomly chosen interval between 8 to 24 hours, it will emit a noticeable sound for several seconds and repeat that at future random intervals.
These alerts have formed the basis of an industry standard co-developed by Apple and Google with participation from companies making AirTag-like trackers. (See “AirTag in the News: NYPD Recommends, Apple and Google Propose Industry Tracking Standard,” 8 May 2023.) All Find My network-compatible trackers already beep at intervals; the cross-platform device-based warnings should roll out in 2024 for Android, iOS, and iPadOS.
Google’s Privacy Additions
Google has diverged with its Find My Device network by making additional choices that block ways that stalkers or other criminals might attempt to subvert crowdsourced location tracking for their purposes.
First, Google’s Find My Device network algorithm won’t relay location information about a broadcasting item unless there are multiple nearby Android devices. The thinking is that someone in their home or other private location is unlikely to have enough Android devices nearby to trigger location reporting. Google says, “Our research found that the Find My Device network is most valuable in public settings like cafes and airports, where there are likely many devices nearby.” Because the tracking data is sent via Bluetooth, Android (and Apple) hardware can use signal strength to determine nearness. Thus, being in an apartment building full of Android phones won’t automatically cross the “aggregation threshold,” as Google calls it—the devices would also need to be near enough. (Google doesn’t say—probably intentionally—how many are required to hit the threshold.)
Second, Android devices won’t relay crowdsourced location data from broadcasts they detect if you’re at home and you have specified your home address in your Google account. While this is privacy-forward with regard to tracking, ensuring you’re not revealing your location unintentionally with your own hardware being the relay point, it also means that you have to give your home address to Google and enable location tracking. Google wants location data so desperately to serve ads and provide other lucrative targeting that the company at one point tracked users even when they had ostensibly logged out of Google apps, an action that resulted in a $392 million settlement with 40 states last year.
Apple has a different home-based protection in Find My. Apple lets you define your home address in the Me card in Contacts but doesn’t transmit that information to itself. Apple also tracks what it calls Significant Locations, which it infers from your travels, stores only on devices, and encrypts end-to-end when syncing among your devices. When you arrive with an unknown AirTag or Find My item at home or a significant location, Find My will trigger an alert even if it previously has triggered one. However, as far as I know and Apple has disclosed, Find My network crowdsourcing continues to work when you’re at home.
Third, Google’s Find My Device network employs two different throttles to prevent misuse: how often an Android device relays the location of a nearby broadcasted item and how often the owner of that item can query its location. Google says most lost items are in static locations, but I think this approach may make it harder to track items stolen or left on a moving vehicle (bus, subway, train, and so on). In those cases, though, people nearby should be notified about unwanted tracking, potentially helping to find your stuff. It’s a tradeoff, and Google makes a reasonable case for standing on this side of the fence; Apple doesn’t disclose if it has similar limits and so appears to stand on the other side.
These three elements are thought-provoking. I’m not sure each has equal importance or value, and I worry about giving Google more information about my whereabouts to safeguard my privacy. But it’s good to see competition over privacy in the marketplace, particularly where safety is concerned, and I hope to see Apple learn from Google’s example.
Contents
Website design by Blue Heron Web Designs