A new report from the Washington Post looks at the security features of Apple's new AirTag and concludes that the device and its associated Find My service do not have adequate anti-stalking safeguards.
When it unveiled the AirTag, Apple went to great lengths to deflect criticism of its tracker. During the event and in subsequent interviews, the company touted protections against stalking, or “unwanted tracking” in Apple jargon, that include iOS notifications and audible AirTag alerts. A casual study by the Washington Post, Geoffrey Fowler, claims that Apple's efforts may not be enough to thwart stalkers, making AirTag a "new means of low-cost, effective stalking." He added that existing safeguards are "not enough" to thwart misuse of the tiny tracker. For example, Fowler asked a colleague to track him for a week using an AirTag placed in his backpack. During a bike ride, the device displayed Fowler's location every few minutes with an accuracy of about half a block.
AirTag: Alarm only goes off after three days
When he was at home, the AirTag could even give his exact address. Although Fowler was alerted that the unknown device was tracking his movements - both through iOS notifications and an audible alarm played through the AirTag speaker - the alerts were not as effective as hoped. Specifically, Fowler notes that the alarm only starts after three days and then plays a "light chirp" for 15 seconds, measured at 60 decibels at a distance of one meter. As previously described by Apple, the AirTag emits an audio signal when it is away from its owner for three days. This time period is a concern for privacy advocates. Fowler also criticizes compatibility with the operating system. Since the "Find My network" is currently limited to iOS, Android users cannot easily discover and be notified of an AirTag that is with them on the move.
Apple: “It’s an intelligent and configurable system”
Paired with a speaker that can easily be muted or disabled, AirTag becomes a powerful tool for tracking people who don't have an iPhone. It's important to note, however, that Android devices can read an AirTag's "Lost Mode" message via NFC. But finding someone else's AirTag is also made difficult on iOS, Fowler said. While there is an option to force the tracker to play a sound, users can't track the device using the Precise Find feature. Apple's Vice President of iPhone Marketing, Kaiann Drance, addressed some of Fowler's concerns in an interview:
These are the industry's first strong proactive deterrents. It's an intelligent and configurable system and we can continue to improve the logic and timing so we can optimize features.
Fowler asked Drance if Apple consulted domestic violence experts when designing AirTag's deterrents, but Drance declined to answer. Drance explained:
We have no further details to share, but of course we are open to hearing everything from these organizations.
Apple is one of the first competitors in the still young market for trackers that offer protection against stalking. But as Fowler showed, the solution is not perfect. The company is forced to find the happy medium between powerful tracking functions and privacy protection - a difficult balancing act considering AirTag's raison d'être. (Photo by Unsplash / Jonas Elia)
