Recently, Apple announced that it has released an Android app to allow Android users to check if an AirTag has been around them for an extended time. What are Apple AirTags, why are they a cause for concern, and what should engineers consider when creating devices designed for tracking?

What are Apple AirTags?

The Apple AirTag is a small 32mm diameter tag with a thickness of 8mm and a weight of 11g that allows for accurate tracking and positioning. Powered by a single CR2032 coin cell, the tag is designed to be attached to objects of value so that if they become lost, the user can use Apples Find My network to locate it. Not only does the tag allow for tracking, but it can also produce an audible tone to help with locating the device.

The Apple AirTag takes advantage of multiple wireless technologies to connect with an AirTag, take ownership, and locate. Bluetooth is used for data communication with the AirTag, while Ultra-Wideband (UWB) tracks the tag at a distance.

Why are Apple AirTags a cause for concern?

By far, the biggest concern with Apple AirTag technology is its ability to track an item with great precision. An individual can have an AirTag affixed to them or their property, and the tag owner could use that to track the individual. When Apple released their AirTag system, the public immediately picked up this issue, and Apple immediately made changes to ensure that users would have their privacy protected.

One protection method that has been incorporated is that Apple products will detect tags near them that are not owned by them. After a predefined interval (10 minutes), user devices (such as the iPhone) will warn the user that a tag near them may be used for tracking. Another protection system that has been put in place is that Apple AirTags will start to beep after being away from a user’s network between 8 to 24 hours. This gives people the opportunity to find hidden devices on their persons or property.

However, as the Apple AirTag is an Apple product, only Apple products can work with AirTags. This means that those using different platforms (such as Windows and Android) have no way of knowing that a tag is near them before it starts to beep.

In light of this, Apple has now released an Android app that will allow users to find AirTags that have been near them for more than 10 minutes. Considering that many Android devices do not have UWB capabilities, it is most likely that detection will utilise Bluetooth. Furthermore, the app allows Android users to initiate a beep sound from the device to help locate the device and then instruct the user how to disassemble the tracker to disable it. This will counteract the need for UWB tracking and help users protect their privacy.

What should engineers consider when creating tracking technologies?

One of the bigger blunders from Apple when releasing the AirTag was making it a product that only works inside the Apple ecosystem of products. It doesn’t matter how many privacy features are integrated into AirTags because users using competitor products will be left vulnerable. Apple releasing the app is a good demonstration of how engineers can consider all users in a market and not just customers specifically.

As the world becomes more concerned with security and privacy, engineers must consider how their devices may be exploited and used. For example, engineers may be able to create a system that automatically turns a car’s engine on and off for convenience, but this could quickly be used maliciously to disengage the engines of victims while driving. Another example would be car-to-car communication; it may help identify nearby vehicles and coordinate traffic, but it could also be an entry point for hackers to access vehicles remotely.

Could tracking devices also be a platform to launch an attack? Could such a device have a name that is actually a piece of executable code so that devices that scan it suddenly become targets? Such questions are becoming increasingly important, and if engineers do not act now, governments may have to step in as they did with IoT and device security.