“To help recover your stolen iDevice, Find My will use Bluetooth on devices, encrypt all data and use a rotational key to protect your device identity”
At WWDC 2019, one of the new features that Apple introduced to iOS 13 is the joint location tracking service — Find My. It combines the erstwhile Find My iPhone and Find My Friends apps to present location tracking for yourself and others through a single app. While that is more cosmetic, what is more significant is Apple’s claims of tracking your missing device even when it is offline, all the while emphasising on protecting your privacy.
Basically, with the new update, Apple will turn all of its iPhones into Bluetooth-beaming beacons. When you lose your iPhone, tracking on Find My issues a sort-of ‘search warrant’ for your missing iPhone, and any Apple device that is near you can detect a ping off it and report it to you. This will happen even when your stolen phone is offline — the Bluetooth beacon will work like a one-way transponder, which relays its location to the closest Apple device, which then uses already available network traffic to relay the information to cloud servers.
Apple claims that while security issues in this process is obvious, the company has a workaround. For one, all the information that is relayed is encrypted end to end, wherein users are preferably required to own at least two Apple devices. The end-to-end encryption gives rise to two keys — one private identifier key for the device, and another rotating public key that is constantly changing. When the tracking of lost devices is requested through the Find My app, the hash of the rotating public key is uploaded to the Apple servers, which then matches the data against millions of other keys to find the right match, and hence, help recover your phone.
Such a process, Apple says, prevents anyone from locating, tracking, and using your geolocation data in any way, including Apple itself. Given that all iPhones will be Bluetooth transmitters going forward, this aspect is highly important in order to maintain the sanctum of privacy that Apple has always claimed itself and its hardware and services to be. Apple has also stated at WWDC 2019 other such privacy measures, such as ‘Sign in with Apple’, which prevents cookie-based tracking of your web activity by other companies.
Given the scope of the new privacy measure, this may well be a breakthrough innovation in terms of data security by Apple, while making it easier for the end-user to track their own devices, in case of emergencies.