AirTags: can Apple’s beacons to find lost items be used to spy on someone?

Available since last month, Apple AirTags are small connected beacons that allow you to geolocate your objects. Practical for people with their heads in the air, some see this new gadget as a new tool to spy on their spouse or even their employee.


 

It’s small, round, white and gray and it sounds. The AirTag is Apple’s newest connected gadget. Presented at the last keynote of the apple brand, this little tag aims to prevent you from losing your items. Remote control, bag, keys, children’s blanket … people with their heads in the air no longer have to worry, everything can be geolocated. Of course, the Californian company is not the first to offer this type of solution. Samsung, its main competitor, released the SmartTag in January 2021 for a price similar to AirTag and the American company Tile, or the French company Wistiki, have been offering this type of connected object for almost ten years.

But where Apple stands out is by the technology used: ultra wideband (or ultra broadband in French). Just like wifi or bluetooth (the option chosen by other beacon designers), ultra wideband (UWB) is an electromagnetic wave. But it differs in its precision and scope. It is thus able to indicate the position of an object to within 5 or 10 centimeters and the range of the signal emitted by the AirTag can go up to 150 meters.

The Apple device network at the service of AirTag

So how do you find your object if you move away more than ten meters from your beacon? This is where the strike force of the Apple device network comes in. If you forget your bag containing your AirTag at the pool or at a friend’s house, for example, all you have to do is go to your application. Locate, automatically installed on all iPhones. Your little beacon will have been connected beforehand to all the iPhones, Macs or even iWatch present nearby via an encrypted and anonymous bluetooth signal. It will become locatable and you can then find its trace.

If, however, none of the hundreds of millions of Apple devices in circulation crosses the path of your AirTag and it therefore remains untraceable, you can still activate “lost mode”. This feature does two things: receive a notification as soon as your AirTag connects to an Apple device, making it trackable, and enter your details. A person with an Android phone passing through there will only have to connect to the AirTag by NFC (the same technology used to pay without contact). She will then be able to see your number and call you to return your beacon. After that, it is still necessary that the people finding the beacon know how to interact with it and want to return it to you.

Good protection of personal data

So a tool that works well, but what about privacy? This is a stock that Apple regularly prides itself on being a staunch defender. As we have seen, the bluetooth exchange between your AirTag and other Apple devices is done in an encrypted and anonymous way. So you can’t tell which iPhone, Mac, or Apple Watch tracked your AirTag, and owners of Apple devices crossing the path of your beacon also can’t locate or identify you. In addition, no data is stored directly on the AirTag. If you have your beacon stolen, the thief will not be able to know who it belongs to or access your location history, for example. On matters of personal data protection, Apple seems to have concreted its tool. The company is clear: the AirTag has only one goal, that of no longer losing your items. The tracking of animals or human beings is therefore in principle excluded from its use. But is it really impossible to divert an AirTag from its main use to trace relatives?

Sufficient safeguards for tracking?

To discourage a suspicious spouse or a boss curious to know if his employee is at home when he telecommutes for example, Apple has provided safeguards. If you have an iPhone and someone unwittingly slipped an AirTag into your bag without its owner being nearby, a notification will be sent to your phone (within a period of time not specified by Apple), letting you know that ‘a beacon that does not belong to you is near you. You can then ring it to find it. If you don’t react to notifications, the AirTag will eventually ring on its own.

During our various tests, the iPhone of the people to whom we had slipped our AirTag, warned them of the presence of the beacon after 8 hours for the first and after more than 24 hours for the second. The time it takes for the iPhone to notify its owner of a possible follow-up therefore seems to be random.

Still in the same situation, but this time for the owner of a phone from another brand, the beacon will start ringing by itself after 72 hours. A feature confirmed by our test, even if we had to strain our ears to hear it.What should also be borne in mind is that each time the AirTag is nearby again on its owner’s phone, the amount of time it takes to notify you that you are being tracked is reset to zero. Thus, in the event that your spouse has placed a beacon in your bag, when you come home each evening, your spouse’s phone will automatically reconnect to their AirTag, at the same time resetting the 72-hour period.

In any case, despite all the precautions taken by the brand, locating a person without their knowledge remains possible, whether in 24 hours or in 72 hours. A practice made possible nowadays by the proliferation of applications making it possible to geolocate a person but which can constitute a violation of privacy and secrecy in the eyes of the law.

Monitoring that has limits

Tracking is therefore possible, but not easy for all that. First, because the localization technique proposed by Apple is based on ultra wideband and bluetooth, two technologies which do not allow a localization as precise as GPS. Then the application Locate takes several minutes to refresh, so it is impossible to follow a person in real time, second by second. Finally, if you are in the countryside and have a non-Apple phone, it will be much more difficult for a spy.

The geolocation technology chosen by Apple based on its network of devices, you will logically come across much less iPhone in the countryside than in the city. In our rural test, tracking a person with an Android phone who had an AirTag in their bag turned out to be very complicated: their position only updated two to three times a day. It is therefore impossible to know his movements in a precise and exhaustive manner. On the other hand, if you live in the city or have an Apple device, keeping up will become easier. An ease, however, offset by a warning triggered randomly.Last protection and not the least, iPhone owners who find an AirTag that does not belong to them in their belongings will be able to see where and at what time their iPhone and the AirTag. unknown logged in for the first time.

In summary: possible espionage … but complicated

If the AirTag seems to tick all the boxes in terms of protection of personal data, on the side of protection against espionage, improvements could be made. Apple’s beacon can be used in a roundabout way to follow someone without their knowledge because today, the safeguards provided by Apple are not sufficient to warn a person quickly enough that they are being tracked. However, espionage remains complicated if the person being tracked has a smartphone from another brand than Apple and lives in a rural area, because they would see fewer people and therefore fewer iPhone users than in the city. In this market where competition is fierce, the Californian company is nevertheless the only one to offer solutions to make it more complex to monitor human beings using its beacons. Aware of the inadequacy of its protection system, Apple said it was considering reducing the 72-hour delay in a future update.





 

Other news