Finally, Apple has a real solution for Android users afraid of being stalked by an AirTag. And, fortunately, the solution will work for devices not made by Apple as well. In fact, it’ll work for trackers made for Android too. Any third party who is willing to participate in Apple and Google’s new joint standard will be able to make a safer tracker with tools built-in to each OS.
A new industry standard made in partnership between Apple and Google seeks to create a standard way for “Detecting Unwanted Location Trackers,” or “DULT.” The guidance will work across platforms and trackers, enabling users to know when a Bluetooth device location tracker is “following” them, without the owner present. These devices have been tools for stalkers for some time. A lack of diversity in tech is likely the culprit behind their release without protections for stalking victims. Women are most frequently the victims of stalking, and are woefully absent from tech, especially in leadership and decision-making positions. In a case of, “better late than never,” Apple and Google have worked together to solve a problem Apple created, with their Find My tracking network for lost devices and the AirTags they made for tracking just about anything, including people.
In the near future, it’ll be a lot harder for a stalker to track their victim, as it should be. It’s a shame Apple, Tile, and others couldn’t work that out earlier. An even greater shame that one of the largest names in tracking devices, Tile, has chosen so far not to participate.
DULT Guidance
The guidance lists several rules that all devices looking to track location will have to abide by. It’s quite detailed. The plan lays out how a device will figure out whether or not it has been separated from its owner (30 minutes), what constitutes an “easily discoverable” tracking device (such as a bike), and more. It stipulates that it should rotate its MAC address to protect the owner’s identity, be registered with a company for the purpose of tracking down people using them to stalk someone, and that they should all support at least one Bluetooth LE connection, to facilitate location information. The guidance, obviously, is a lot longer. It’s a dense 25-page document, after all. However, the rules are well defined and future-proof, made to allow new categories of trackers and devices.
This was something that should have been in place from the moment Apple released the AirTag. As it uses Apple’s Find My network, which piggybacks off of other devices, privacy should have been well-defined since day one. Every device becomes a part of this network, without an implicit choice in the matter. Privacy and security should have been Apple’s first consideration. No one should have been able to stalk someone using one of Apple’s trackers. Thanks to this new guidance, those using Apple’s Find My network or Google’s Find My Device network, which works similar to the Find My network, will comply with DULT guidelines. That means they’ll alert nearby users when a tracking device has been near them, but not the device’s owner, after 30 minutes, with some other optional conditions.
Notably absent from the deal is Tile. Tile had some of the original trackers, which used a connection to your own Bluetooth-enabled phone or device for tracking. It was more for finding keys in your house than finding the wallet you left back at the bar. However, Tile has since incorporated a large tracking network that uses Amazon devices as well as devices with the Tile app installed and allowing background location tracking. Tile, however, has not signed the DULT guidance yet. It’s unknown how well their trackers can alert other users of their presence, as they rely on an app on a user’s device for tracking. Perhaps the fact that they can only track people when they’re around a Tile or Amazon device user makes them a little safer. However, since they can still ping a location, all someone who is being tracked would have to do is be near a person who does use Tile’s trackers to be found, and that’s a common enough occurrence to allow stalking. Since Tile has their own network, they don’t have to use Apple or Google’s network to work, for now. Since it’s still using devices that rely on Apple and Google, however, they may be able to force Tile to add more safety features in line with the DULT guidance.
It’s clear these companies came up with a solution to a problem without thinking of the problems they’d cause. It’s a classic engineering mistake, inventing problems to solve them later. It’s why most teams now employ techniques like red-teaming, that is, having testers try to break a service or misuse it in some way, and pre-mortems, trying to figure out what will go wrong with a project before it goes wrong. Anyone could have told Apple their tiny discs would be used for tracking stalking victims if a single person worried about stalking was in the room. Unfortunately, Apple’s decision making leads don’t reflect the general population, and they released a stalking tool. Fortunately, that problem has finally, years after its initial release, been solved.
Until they make the next problem. I hear AI is all the rage now.
Sources:
- Apple Newsroom
- Google Security Blog
- Allison Johnson, The Verge
- Erik Kay, Google Blog
- B. Ledvina, Z. Eddinger, B. Detwiler, S.P. Polatkan, IETF
- Jennifer Pattison Tuohy, The Verge
- Chris Welch, The Verge