Location trackers like Tiles and AirTags aren’t just a helpful way to find missing luggage or a misplaced wallet—they can also be easily slipped into a bag or car, allowing stalkers and abusers unprecedented access to a person’s location without their knowledge. That’s why we are enthusiastic about the effort between Apple and Google to release a draft specification on a detection protocol for these devices. We have been calling for an industry-wide standard for detection of this transient hardware to prevent stalking and other abuse, and this would greatly improve the ability of both Android and iPhone devices to detect unwanted trackers without additional apps.
While Tiles predate AirTags, Apple introduced a wider spectrum of trackers by integrating it within its Find My network (not to be confused with Android’s own Find My Device network). However, both networks work similarly to integrate a range of device peripherals such as earbuds and smartwatches. Tiles had a smaller network of users, but iPhones created a billion plus device network for AirTags to function in. Tile recently announced it will work with Amazon’s Sidewalk network, which means that there will be three major networks of location trackers. They’re also open to third-party developers; even more devices will be built with trackers in them in the future. We’ve seen some improvements in detection since the AirTag was released, but a world in which survivors of stalking and abuse need to download a separate app for every type of physical scanner is not a solution that scales well. We are glad two of the major players are taking steps to right this wrong.
Improved Tracker Detection Announced for Android
During the 2023 Google I/O Keynote, Google announced that Android will launch Bluetooth Tracker detection for devices that may be “following” you that you aren’t aware of. This is a big improvement beyond the subpar Tracker Detect app provided by Apple in response to Android users being susceptible to AirTag tracking without any tools to discover them. This also covers other devices such as Tile’s trackers. This was announced in tandem with Google’s Find My Device network expanding in ways similar to Apple’s Find My network AirTags expansion AirTags, but this time with safety measures.
What’s in the Specification?
The draft, Detecting Unwanted Location Trackers, contains two major details: a proposed Bluetooth Low Energy (BTLE) protocol for a respectful tracker to alert people about when it’s lost, and a collection of best practices. It looks at the present situation, where there are small trackers like Tile and AirTags, as well as considerations for other scenarios, like a bicycle, which is physically large enough that it’s unlikely to be used for spying. It also describes an alert protocol for non-Bluetooth trackers including those that use GPS, Wi-Fi, cellular location, and so on. Abuses from small Bluetooth trackers are a current concern, but the draft helpfully opens up the discussion to all trackers. In 2022, we published an investigation of a GPS tracker that a supporter found in a car they owned. Had this device been able to alert the car owner, it would have saved a lot of trouble and worry.
The specification was submitted to the Internet Engineering Task Force (IETF) as an Internet-Draft, which is its name for an in-progress document. When the specification goes through the process it will be a numbered Request for Comments (RFC). For example, the ACME protocol that Certbot uses to update TLS certificates is RFC 8555.
Internet Drafts also have their own version number. This is version 00, and is meant to open a conversation about what the specification should be when it’s agreed on. This is a good thing, because it means Google and Apple are not creating the specification without community involvement.They are inviting participation in the protocol.
Join the Conversation
We’re pleased that both Google and Apple are taking the threats posed by these devices seriously. We’re also pleased this proposed specification was not decided in a back room, and that the companies have published an early draft of the spec in an open standardization forum, with mechanisms for community participation. The IETF datatracker page also has a link for the discussion mailing list, and if you want to be part of the community that discusses the specification, you can join it yourself. We have comments and discussion about the draft, and look forward to participating in it.