Category: Technology-facilitated abuse

Anti-stalking features part of major Bluetooth item-location platforms

Apple AirTag press image courtesy of Apple

Apple AirTag – one of the main item-location platforms that are supporting anti-stalking measures

Apple and Tile implement item-location platforms that are based around Bluetooth-driven locator tags that can be attached to the items that need to be located. They also work with software that “pings” these tags in order to locate them on a map or make them sound an audible signal so you can locate the object attached to them.

But some people use these tags for nefarious purposes. Typically this is about tracking people who don’t want to be tracked, typically as part of stalking or as part of abusive one-sided relationships.

But Apple and Tile have answered this problem through adding logic to their first-party mobile-platform to detect unknown or unrecognised Bluetooth trackers. It is based around the idea of a tracking device or tag that is not associatedd with your “universe” of mobile computing devices moving in the same direction as you or your mobile computing device.

In the case of Apple, this is built in to the iOS operating system and in to a first-party mobile-platform app for Android. This software identifies if the AirTag or other “Find My” device is moving with you that isn’t registered to your device or Apple ID and is separate from the registered user. As well, the AirTag makes a sound if it isn’t with its owner for a significant amount of time. It also has NFC to allow a person to use a suitably-equipped mobile platform device to identify whether the AirTag is lost, including how to contact the device’s owner and return it. This also yields instruction on how to disable the device by removing the coin-size battery.

With Tile, the software is part of their first-party companion mobile-platform app and identifies if the unknown Tile device is moving with you and separate from the registered user. But it requires that you use the mobile-platform app to instigate a “scan” process.

As well, Google has baked in to their Google Services update package for Android 6.0+ the necessary software code to detect unknown tracker devices that are following you. This includes the necessary user interface to warn you against unknown tracker devices following you and help you identify or disable these devices.

This is part of an Apple and Google initiative to establish an Internet Engineering Task Force draft specification that mandates particular anti-surveillance features in Bluetooth-driven item-location platforms that work with iOS or Android smartphones. It avoids the need for companies who want to build item-location platforms to design them responsibly without needing to reinvent the wheel.

What needs to happen to prevent covert surveillance with item-location platforms

Once the IETF specification regarding anti-surveillance features for item-location platforms is set in stone. there has to be some form of legal mandate regarding its implementation in computing platforms and computer-assisted item-location platforms. This could be through other international standards regarding radiocommunications and telecommunications devices or customs and other legislation and regulation regarding the trade in goods.

The anti-surveillance features in these item-location platform would need to be able to perform well within a crowded location especially where multiple devices of the same platform and owned by different owners are likely to be there. Think of, say a busy bar or nightclub where many people are likely to be moving around the venue.

Similarly, these features would need to work properly with situations where a passenger’s luggage is transported in the baggage hold of the same transport as its owner. This is because some passengers may use an AirTag or luggage with integrated item-finding technology in order to avoid losing their baggage.

The devices need to support universal platform-independent NFC “touch-and-go” technology to allow someone to identify lost tracking devices. This would then show up contact details about who own the device or how to return it to its owner. This is more so where a computing device that has or is connected to an NFC sensor but doesn’t run iOS or Android is used to identify the tracking device’s owner, something that would be common with laptop or 2-in-1 computers. Such a situation would come in to its own with a lost-and-found office who uses regular computers running desktop operating systems as their main office computer equipment.

As well, item-location devices should be easy to disable like removing the battery or enforcing a factory reset on the device. This would come in to its own if the device was being used to track someone and such a device was discovered by its target or someone assisting the target.

Let’s not forget that wearables like smartwatches and fitness trackers, along with headphones and similar personal-audio devices are being equipped with location-tracking functionality. This is to allow people to locate lost smartwatches or earbuds or premises owners, lost-and-found offices and the like to return abandoned devices to their owners. Here, they would have to be part of an established platform and be subject to the same conditions as tag-style devices.

There could also be one or more innovation challenges for manufacturers of various third-party devices in one or more sectors that work to detect covert surveillance of people using item-location devices. Such devices like, perhaps, turnstile-type devices could be designed to provide augmented signalling of tracker devices unrelated to a user’s smartphone but moving with the user or their possessions.

Add to this education programs for third parties like IT support, the security sector, the social-work sector and similar groups to help staff work against covert surveillance of people they work with using item-location devices. This could be about assisting with locating and defeating unwanted devices or configuring users’ personal technology for privacy.

Similarly there has to be action taken about the sale of devices that are modified to avoid detection by the person who is being tailed. This is more so where there have been AirTags sold through online marketplaces like Etsy that have their speaker removed or disconnected to avoid audible “pinging” and detection by the stalking victim. Such action could be in the form of statutory action like radiocommunications regulations regarding such devices sold on the secondary market or customs regulation regarding devices that are imported or exported.


What I see of this effort by Apple and Google is a significant step towards responsible secure design of item-location platforms and an example of what responsible design is about.