Apple Airtags – Apple moves to improve privacy, but is it enough?
14-06-2021 | By Robin Mitchell
Recently, Apple announced that it will be taking measures to improve the privacy of its AirTag products. What are Apple AirTags, why do they pose a serious privacy concern, and are we becoming too dependent on tracking technologies?
What are Apple AirTags?
Apple AirTags are small radio devices that owners can use to track items that have been misplaced. For example, a key chain can have an Apple AirTag connected to it and if the user misplaces their keys, an app on an Apple iPhone can be used to locate the AirTag.
Previous tracking systems generally utilise GPS, but Apple AirTag uses Ultra-wideband which presents multiple advantages. The first, and most important, is that ultra-wideband, compared to GPS, uses far less energy. AirTags are powered by a single CR2032 battery (similar to a watch battery), which lasts for a whole year without the need for charging. The second advantage to using ultra-wideband is that this can provide better tracking as ultra-wideband offers positional accuracy in the tens of centimetres. In contrast, GPS is limited to meters (the inaccuracy of GPS is intentional as to prevent military use).
The method in which tracking is done is by using a collective of Apple iPhone devices that are all near the AirTag. Simply put, ultra-wideband signals are sent from the AirTag, and nearby iPhone devices detect these pings. Each device also pings itself to the network so that the collection of data can determine the distance between the user and their AirTag. Ultra-wideband has the ability to provide positional accuracy thanks to the use of a wide range of frequencies during transmission. Since different frequencies react differently to their environment (some may diffract around objects while others may simply ignore objects), phenomena such as multi-path and reflections can be easily ignored.
Why do AirTags present a serious privacy concern?
The most obvious concern surrounding AirTags is that they are tracking devices by nature, and as such can be used maliciously to track individuals. The small size of the AirTags means that they can easily be slipped into a bag or pocket, and from there an individual can be tracked.
To get around this concern, Apple implemented a feature that alerts users of nearby AirTags if the distance between the user and the AirTag (which they do not own), doesn't change within a certain time frame. However, this only occurs after a certain time (approximately one day) meaning that a user could be tracked for around 24 hours before being notified of the tracking device. Apple have also implemented a feature where AirTags emit a sound when away from their user, but this only occurs after three days.
Recognising the major privacy issues, Apple has now developed two solutions to help prevent AirTags from tracking individuals. Firstly, devices away from their owners will now generate chirp sounds after a randomised time period between 8 and 24 hours. Secondly, an Android app is now available which will alert Android users of AirTags that may be on their persons (remember that Android phones will be completely oblivious to Apple products).
Are we becoming too dependent on tracking technologies?
There is nothing more frustrating than losing car keys or misplacing your wallet, and this pain is amplified by orders of magnitude when cancelling bank cards only to find them after making the call to the bank. While tracking technologies offer relief from such anguish, is the use of such technology really essential?
As technology becomes more integrated into modern life, greater care should be taken when deploying technology. For example, the introduction of radio into people's homes enabled the broadcasting of live news and events, which proved to be massively beneficial. However, the introduction of IoT cameras has arguably proven to be more of a headache than an advantage with the potential to spy on occupants and control their networks. A classic example of such “over-technoloigification” would be the use of an IoT thermostat in a fish tank in a casino. Hackers identified the IoT thermostat, gained control of it, and then used it to access sensitive information inside the casino's network.
Deploying cheap tracking technologies that utilise other devices connected to a global network provides the perfect fuel for a tacking-related privacy disaster. A flaw in the network could allow attackers to identify the location of all connected AirTags, and from there could find a way to either control individual devices, create a nuisance for users on the network, or track individuals of interest.