Google Raises Privacy Bar with Its Crowdsourced Tracking Service
Google will raise the ante for privacy-preserving and anti-stalking features with the launch of its long-expected Find My Device network service in May 2024. Like Apple’s almost identically named Find My network, Google’s Find My Device network crowdsources device locations by relaying encrypted identity signals through supported Android phones and tablets. The search giant’s Find My Device network supports Android devices and compact trackers from companies like Chipolo and Pebblebee. Google has three distinct privacy improvements that aren’t found—yet—in Apple’s Find My network approach.
Lost Item Tracking Background
As a quick review, crowdsourced location tracking leverages network-connected devices (Android or iOS/iPadOS) that know where they are from GPS, cellular, and Wi-Fi positioning. Items without a network connection—including compact trackers like an AirTag or a temporarily offline Mac, Apple Watch, Android smartphone, etc.—broadcast an anonymized Bluetooth signal that contains an encrypted payload identified with the registered owner.
The network-connected devices relay the Bluetooth signals from transmitting gear to a central server run by Apple or Google without inspecting the data, which is encrypted. Only the registered device or item owner can use software—Find My for Apple devices and Find My Device for Android gear—that lets them query for location information from those central servers. Once retrieved by the lost item’s owner, the payload is decrypted locally on that owner’s device.
Because of the encryption, neither the Apple nor Android users whose devices are relaying location data can identify owners of lost items or even which items are broadcasting; likewise, whoever owns the devices being tracked can find out nothing about the equipment through which the signal was relayed. (Items update their Bluetooth identifiers to new, non-repeating values at intervals throughout the day to prevent someone from building a database that tracks the trackers.)
That all sounds well and good, and the approach has worked remarkably well in practice over Apple’s first three years of AirTags and the Find My network. The danger comes in how compact trackers can be used to track people without their knowledge and consent, with people abusing AirTag tracking for theft and stalking.
AirTags initially provided fewer protections than advocates for victims of domestic violence and privacy experts believed were needed. Apple gradually revised AirTag warnings and alert sounds (see “Apple Explains How It Will Address AirTag Privacy Issues,” 12 February 2022). Without getting into the historical changes, the current anti-stalking feedback comes in two ways. If an AirTag is moving with you and the owner isn’t nearby, alerts pop up on nearby iPhones and iPads. As importantly, if an AirTag is static but the owner hasn’t been near it for a randomly chosen interval between 8 to 24 hours, it will emit a noticeable sound for several seconds and repeat that at future random intervals.
These alerts have formed the basis of an industry standard co-developed by Apple and Google with participation from companies making AirTag-like trackers. (See “AirTag in the News: NYPD Recommends, Apple and Google Propose Industry Tracking Standard,” 8 May 2023.) All Find My network-compatible trackers already beep at intervals; the cross-platform device-based warnings should roll out in 2024 for Android, iOS, and iPadOS.
Google’s Privacy Additions
Google has diverged with its Find My Device network by making additional choices that block ways that stalkers or other criminals might attempt to subvert crowdsourced location tracking for their purposes.
First, Google’s Find My Device network algorithm won’t relay location information about a broadcasting item unless there are multiple nearby Android devices. The thinking is that someone in their home or other private location is unlikely to have enough Android devices nearby to trigger location reporting. Google says, “Our research found that the Find My Device network is most valuable in public settings like cafes and airports, where there are likely many devices nearby.” Because the tracking data is sent via Bluetooth, Android (and Apple) hardware can use signal strength to determine nearness. Thus, being in an apartment building full of Android phones won’t automatically cross the “aggregation threshold,” as Google calls it—the devices would also need to be near enough. (Google doesn’t say—probably intentionally—how many are required to hit the threshold.)
Second, Android devices won’t relay crowdsourced location data from broadcasts they detect if you’re at home and you have specified your home address in your Google account. While this is privacy-forward with regard to tracking, ensuring you’re not revealing your location unintentionally with your own hardware being the relay point, it also means that you have to give your home address to Google and enable location tracking. Google wants location data so desperately to serve ads and provide other lucrative targeting that the company at one point tracked users even when they had ostensibly logged out of Google apps, an action that resulted in a $392 million settlement with 40 states last year.
Apple has a different home-based protection in Find My. Apple lets you define your home address in the Me card in Contacts but doesn’t transmit that information to itself. Apple also tracks what it calls Significant Locations, which it infers from your travels, stores only on devices, and encrypts end-to-end when syncing among your devices. When you arrive with an unknown AirTag or Find My item at home or a significant location, Find My will trigger an alert even if it previously has triggered one. However, as far as I know and Apple has disclosed, Find My network crowdsourcing continues to work when you’re at home.
Third, Google’s Find My Device network employs two different throttles to prevent misuse: how often an Android device relays the location of a nearby broadcasted item and how often the owner of that item can query its location. Google says most lost items are in static locations, but I think this approach may make it harder to track items stolen or left on a moving vehicle (bus, subway, train, and so on). In those cases, though, people nearby should be notified about unwanted tracking, potentially helping to find your stuff. It’s a tradeoff, and Google makes a reasonable case for standing on this side of the fence; Apple doesn’t disclose if it has similar limits and so appears to stand on the other side.
These three elements are thought-provoking. I’m not sure each has equal importance or value, and I worry about giving Google more information about my whereabouts to safeguard my privacy. But it’s good to see competition over privacy in the marketplace, particularly where safety is concerned, and I hope to see Apple learn from Google’s example.
It seems Google and Apple are working together on this. So I have to ask: what’s in it for Apple? Why would they have any interest in helping Google add to Android something that in iOS world has been working well for years already and has also been very popular. Is Apple collaborating on this standard because they see it as a means not to get into hot water with privacy/stalking issues? Or is the real benefit that now a bazillion cheap Android devices will also aid in showing us where our AirTags are? I realize around here where iDevice density is very high, it works great. Probably not so much in a place like Spain where there are few iPhones and even fewer iPads or Macs. Will AirTags there now benefit from so many more devices being able to aid in tracking AirTag location?
Google and Apple are working together (along with tracking device makers that work on Google and Apple Find My Device/Find My networks), but they aren’t collaborating on the basic feature set, which requires ownership of a given platform Android or Apple. So that’s where the lock-in and money is. So far and maybe never will you be able to buy a Find My item or Find My Network item and have interoperability, so you have to be part of one ecosystem or the other.
Where they two are working together is only on the anti-stalking initiative which provides alerts across ecosystems and a consistent behavior in tracking devices about when they make sound, etc.
I will be interested to see if the Google Find My Device can locate a supported tag device in the absence of wifi or cell service. I have lost things along a trail and while traveling in places without connectivity. I have two Apple tags for our key rings and I’ve tested it in the wild and an iPhone cannot locate a tag without service being available. I had bluetooth turned on. I can think of several situations where I’d want to find my keys when I don’t have any service or wifi.
I suspect that not tracking unless there are multiple Android devices nearby is potentially a problem. Say you are out hiking and drop something with a tracker in it. In all probability, there will be very few phones of any kind, and if an Android happens to pass by, it seems that it will not pass on the tracking information.
(Digression: what happens if an iPhone passes an Airtag while there is no phone reception? Does the iPhone save it up and transmit it when there is reception, or does it just ignore it?)
Not tracking at home is also a problem. Mostly, when I am looking for something, it is at home. “Where are my car keys?”
I think the aggregation threshold could be an issue if you are tracking things in more remote locations or using Air Tags for things like pets (I know its not recommended). I have one on my dog, and of course the dog moves, but if it runs off and only goes past singular people with only one phone on them, with Google approach doesn’t look like it will report a location, unless I have misunderstood.
That’s a related, but different feature. When you are actively looking for something, you use the app on your phone to actively turn on local location tracking. It’s a direct communication between the device and your phone.
I think the multiple-device threshold only applies to the automatic, remote relaying of the device’s location to central servers. I would also imagine that there’s some sort of exception to the threshold for devices that are registered to you, versus devices registered to other people.