Apple’s Android App to Scan for AirTags is a Necessary Step Forward, But More Anti-Stalking Mitigations Are Needed

Fight Censorship, Share This Post!

We’re pleased to see Apple has come out with an Android app called Tracker Detect that addresses some of the serious threats to privacy and safety we identified with Apple AirTags when they debuted.  Quarter-sized Bluetooth-enabled homing beacons marketed as a way to track lost luggage or keys, AirTags can easily be exploited by stalkers to track and locate their victims.

As we explained in May, AirTags can be slipped into a target’s bag or car, allowing abusers to follow their every move. While there are other physical trackers such as Tile and Chipolo on the market, AirTags are an order of magnitude more dangerous because Apple has made every iPhone that doesn’t specifically opt out into a part of the Bluetooth tracking network that AirTags use to communicate, meaning AirTags’ reach is much greater than other trackers. Nearly all of us cross paths with Bluetooth-enabled iPhones multiple times a day, even if we don’t know it.

We called on Apple to create an Android app that alerts users to nearby tracker. Tracker Detect, released on the Google Play store this week, allows people using Android devices to find out if someone is tracking them with an AirTag or other devices equipped with sensors compatible with the Apple Find My network. If the app detects an unexpected AirTag nearby, it will show up in the app as “Unknown AirTag.” The app has an “alarm” of sorts—it will play a sound within 10 minutes of identifying the tracker, a big improvement over the time it takes for an AirTag to start beeping when it’s out of range of the iPhone it’s tethered to: up to 24 hours, plenty of time for a stalker to track a victim without their knowledge.

While not perfect, Tracker Detect is a win for privacy. It gives victims of domestic and intimate partner abuse who exist outside of the Apple ecosystem a fighting chance to learn if they are being tracked or followed. EFF supports a harm reduction approach to privacy, and this app fills an important gap. It will be important to do outreach to domestic violence shelters and other service providers to familiarize them with AirTags and how to use Tracker Detect to run a scan.

At this time, Tracker Detect does not appear to available to download outside of the U.S. and Apple has not said when they intend to roll the app out internationally. Furthermore, the app is only available for Android 9 and higher, which rules out many of the devices at the cheap end of the Android ecosystem which are often used by vulnerable populations.

In September, researchers at Technical University of Darmstad’s Secure Mobile Networking Lab released an app called Air Guard, which is available in the Google Play Store. The app claims to be able to detect AirTags on an Android device while running in the background, but EFF has not yet tested Air Guard’s functionality. This may be an additional option for Android users who are concerned about physical trackers.

Having an app to download is a step forward, but it is not enough. We’re calling on Google to take this one step further and incorporate background AirTag tracking and detection of other physical trackers into the Android OS. Unlike the functionality Apple has incorporated into the iPhone, which operates constantly in the background, Tracker Detect requires the user to run a scan. Having your device automatically detect trackers will put it on par with the stalking mitigations that iPhone users already have. That mitigation can only be accomplished if Apple and Google cooperate in order to protect users against physical trackers.

We hope that both Apple and Google take the threat of ubiquitous, cheap, and powerful physical trackers seriously enough to work together to help their users know when they’re being stalked.

 


Fight Censorship, Share This Post!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.