AirTags are dangerous — here’s how Apple could fix them
Source: https://www.theverge.com/2022/3/1/22947917/airtags-privacy-security-stalking-solutions

When Apple launched the AirTag last spring, many marveled at how effectively the coin-shaped trackers could locate lost items. But many early reviewers also sounded an alarm: an AirTag’s incredible accuracy also makes it an effective stalking tool. We’ve spent the past month testing these devices to see their potential risks for ourselves.

There’s no question that AirTags can be — and have been — abused. Sports Illustrated model Brooks Nader recently reported finding a stranger’s AirTag in her coat. One Connecticut man was arrested for placing an AirTag on his ex-girlfriend’s car; a Texas man admitted to doing the same to his estranged wife last month. A New York Times reporter successfully used them to track her husband’s every move (for a story).

But it’s also true that AirTags don’t exist in a vacuum. The item tracker market is filled with competitors — many of which lack the anti-abuse safeguards that AirTags have. In this investigation, we set out to identify two things: the unique risks that AirTags pose and the specific steps Apple could take to make them safer.

The prospect of key trackers being used to stalk people exploded into the tech media sphere last April when AirTags were released and reviewed for the first time. But the problem of tracker stalking long predates AirTags, and a dedicated network of advocates has been working on the issue for years.

Erica Olsen, director of technology safety at the National Network to End Domestic Violence, sees AirTags as a fairly small part of a much larger conversation. “Five years prior to AirTags, we started hearing about tiny location trackers being found in teddy bears that had been ripped open and then sewn back up, in the lining of purses,” Olsen says. “We’ve been hearing from advocates for years about them.”

But it does seem, from both our testing and our conversations with advocates, that AirTags pose a somewhat unique risk. As we discovered, the sheer accuracy of Apple’s network could allow an abuser to pinpoint a victim’s location more precisely than they could with, say, a Tile.

Some experts also fear that the Apple logo on a tracking device may make an abuser less cognizant that they’re engaging in criminal activity. “It’s not a spy tool marketed as a spy tool, because it’s marketed as an AirTag, and it’s Apple,” Adam Dodge told The Verge. Dodge is the CEO of EndTab, which trains victim-serving organizations about tech-enabled stalking and harassment. “People sometimes don’t think there’s anything wrong with it, apparently, and use it to track someone’s location because, to them, it’s a natural use of the technology.”

There’s a certain nonchalance to AirTag incidents, Dodge notes, that he doesn’t see in other stalkerware cases. Dodge has worked with people, for example, whose well-meaning parents have hidden AirTags in their vehicles. “It’s like, ‘Yeah, what’s wrong with this ... I just wanted to make sure they were safe,’ or ‘Well, I thought they were cheating on me,’” he says. “From the outside looking in, it’s stalking.”

Illustration by Kristen Radtke / The Verge, Shutterstock

This is crucial because stalkers, as research has shown, are rarely strangers — they are very often current or former partners. “The AirTag is never the first point of abuse or an isolated incident,” Dodge says. “It’s typically part of an existing pattern of power and control, abusive relationship, or existing stalking dynamic. But the AirTag does allow them to level up and increase the sophistication and accuracy of their efforts.” While some of AirTags’ current safeguards may be suitable for stopping a stranger on the street, the existence of features like Find My and Family Sharing adds another layer of complication to many cases. As we’ll detail later on, these situations are where we believe Apple should focus its efforts.

In a forthcoming software update, Apple recently announced that anyone setting up an AirTag will see a privacy warning stating that “Using AirTag to track people without their consent is a crime in many regions around the world.” Such a notice could perhaps mitigate Dodge’s concern, and it’s purportedly been spotted in the iOS 15.4 beta.

AirTags aren’t GPS trackers, and they don’t have their own internet connection. Instead, they send out a Bluetooth signal that gets picked up by other Apple gadgets. Those devices then ping the “lost” AirTag’s location to Apple’s iCloud servers and let you see its last-known position on a map. There are a billion iPhones out there, and that makes for an extraordinarily fast and accurate network for locating things.

Although other item trackers like Tile exist, they don’t have as many beacons to help broadcast their location, and we found it hard to pinpoint someone and follow them in real time. Tile trackers could only give us an idea of the general neighborhood someone lives in. Paid Tile subscribers can view location history, but again, it’s not as accurate or revealing.

This is why reviewers and domestic abuse advocates sounded the alarm about stalking fears shortly after AirTags were released. An AirTag is potentially much more accurate than its competitors. However, Apple has put thought into protecting privacy. The company is quick to point out that every step of the item tracking process is both anonymous and encrypted. The company has also emphasized that it includes safeguards against unwanted tracking — something competitors like Tile and Chipolo lack. Apple recently published a personal safety guide, which included a page on how to “Stay safe with AirTag and other Find My accessories.” Apple also recently pledged to change its notifications and alert sounds. While this is good news, Apple hasn’t said how much it will change them or when these changes will roll out beyond “later this year.”

An AirTag Photo by Vjeran Pavic / The Verge

AirTags have two main anti-stalking features. First, you’ll be notified when an unknown AirTag or Find My accessory is found to be traveling with you over a period of time if you have an iPhone with iOS 14.5 or later. The notification includes instructions on how to find and disable the tracker. Apple spokesperson Alex Kirschner told The Verge that you’ll get these notifications when you arrive home, or if the Significant Locations feature is enabled on your phone, you may get notified at places you frequently visit.

Second, if an unknown AirTag is away from its owner for a long time (Apple doesn’t specify how long but says between eight and 24 hours), it’ll play a chime-like sound when it’s moved so that the AirTag can be found. This works regardless of whether your phone runs Android or iOS or if you have a phone at all.

Third, Android users who suspect they’re being tracked can download a Tracker Detect app to manually scan their surroundings for an unknown AirTag or Find My device.

But these anti-stalking safeguards fall short in specific ways. They’re most effective against strangers, but as noted, a stalker is frequently somebody the victim knows or lives with. We wanted to see how well Apple’s AirTag safety alerts held up in both scenarios.

For this next part, I (Victoria) am going to get personal. To test the AirTags, I enlisted a close friend — I’ll call her “B” for privacy — and my husband. I had B carry around an AirTag registered to me, while I carried one belonging to my husband. We recorded every time we heard a sound or notification. We also took screencaps of Apple’s unwanted tracking alerts to see how effectively Apple advises users to find, dismantle, and report unknown AirTags. Finally, I had B carry around a Tile tracker to get a sense of how the Find My network stacks up against the competition.

When it comes to tracking a person’s whereabouts, AirTags are eerily accurate. I had B go for a walk, and every few minutes, I’d text her last known location to her. Each time, I was about a block off. The Find My app refreshed about every two to four minutes, so I didn’t have a hard time keeping up. The exception was when she took the subway — probably because there isn’t reliable connectivity underground to ping the AirTag’s location to the Find My app. It was also much easier to find B’s exact address when she was in an area where buildings are spaced out, like a strip mall. While B was running errands in Midtown, I couldn’t narrow down her destination beyond the street she was on. Better, but I still felt uncomfortable that I now knew intimate details of B’s schedule and the neighborhoods she frequented.

This is the notification you’ll get if an unknown AirTag is detected traveling with you for a period of time.
Victoria Song / The Verge

As freaky as it was to track B so closely, I also wanted to see how long it took to get an initial safety alert. Early on, reviewers criticized the fact that a potential victim wouldn’t get an alert until their abuser’s AirTag had been separated from its owner for 72 hours. Apple later cut that down to what it currently is.

While I got a notification that I’d left my AirTag behind within minutes of leaving B, she didn’t get a sound alert until 17 hours later. Her first phone notification came seven hours later, more than 24 hours after I’d left. According to B, she didn’t hear the sound alert until she physically picked up the bag the AirTag was in. She’d walked past that bag several times earlier in the day but heard nothing.

I had a different experience. My husband stuck his AirTag in my work bag — I work from home most days, so I wouldn’t get notifications unless I went into the office. He planted the AirTag on a Sunday, and I didn’t commute until the following Tuesday. I got my first notification when I arrived back home Tuesday evening, about eight hours after I’d left. A few minutes after that, I heard my first sound alert. In my case, the delay makes sense because I live with my husband. Technically, his AirTag was never separated from him. Another issue: after I got the first alert, it was easy to dive into the settings and pause the safety alerts. Pausing alerts makes a lot of sense for families sharing items, but it can also be misused when a stalker has access to the victim’s phone.

If phone notifications fail, Apple’s backup is sound alerts. It’s meant to alert you to the AirTag’s presence, as well as help you find where it might be. The AirTag chime is roughly 60 decibels. That’s about as loud as a normal conversation between two people or background music. The first time B heard it, she actually texted to ask me what it sounded like. While she was fairly sure it was the AirTag, the sound was easy to confuse with all the other beeps and boops gadgets make these days. It also stopped playing long before she was able to find it.

Tracking B in real-time.
Image: Victoria Song / The Verge

Whether you hear the AirTag chime feels like a crapshoot. B and I only heard it at home when there wasn’t a lot of ambient noise. Hearing also varies from person to person, and your proximity to the AirTag is a factor. I compared both the Tile and AirTag sound alerts in a quiet room, the two trackers side by side. Tile’s tracker was louder and played a wider variety of tones. More importantly, it doesn’t stop ringing until you tap a button confirming you’ve found what you’re looking for.

Forcing an unknown AirTag to play a sound isn’t 100 percent reliable. When you get an unwanted tracking notification, you’re presented with the option to “Play a Sound.” The idea is to help you find the AirTag. When I came to pick up the AirTag from B, we tried playing it. The AirTag was literally inches away from B’s phone, but it wouldn’t connect. We tried multiple times. Nada. The same thing happened to me when I was trying to find which pocket of my bag my husband had stashed his AirTag in. My phone was in my hand. My bag was in my other hand. Nothing. This is obviously an issue, as it’s hard to get rid of an unknown AirTag if you can’t find it. Another problem is that sound alerts may not be helpful if a victim is trying to find the tracker discreetly without tipping off their abuser.

I was relieved by a few things, however. The Find My app doesn’t notify you when the AirTag is on the move. It only tells you the last known location if you toggle the “Notify when found” feature on. You’re also not privy to the AirTag’s location history. This might not be enough to put off a determined stalker, but at least they have to jump through a few hoops.

Apple lets you know a person may see your location, but not when.
Image: Victoria Song / The Verge

At the very least, Apple’s notifications are persistent. You’re going to find out you’ve been tracked. B’s parents even got notifications when she visited them. But this is only the case if you have an iPhone. Unlike an Airtag, a Tile tracker won’t announce itself. Instead, Tile uses a safeguard that’s similar to the Tracker Detect app, where anyone can download the Tile app to scan for trackers in their vicinity. It wasn’t helpful. In fact, B completely forgot she had a Tile tracker in her bag.

So, to an extent, Apple’s safeguards work, and improvements have been promised. However, in their current form, they’re not enough. I tested these features in a safe environment, with consent built into every step of the process. Even in my bubble, these safeguards had too many loopholes. These obviously need to be fixed, but if there’s one thing I’m sure of, it’s this: any solution, if one even exists, needs the input of those who understand abuse best.

AirTags, like many categories of personal technology, have costs and benefits. Key loss is easy to dismiss as a funny inconvenience, but it has led to documented cases of drastic, dangerous, and even fatal behavior. But AirTags also, as we’ve illustrated here, can be incredibly harmful.

A few of the experts we spoke to feel that any possible risk of abuse is unacceptable: AirTags shouldn’t exist. “I don’t know that there’s an acceptable level of risk for technology like this,” said Mary Beth Becker, domestic violence community educator at Women’s Advocates. “We’re talking about people’s actual lives.”

But based on our findings here, we think it’s too early to make that kind of assessment. While our testing, research, and expert input gave us quite a few anecdotes and important insight into possible use cases for AirTags, their systemic impact is currently not clear on either side.

It’s easy to see how a device that prevents key loss could be a non-trivial benefit to seniors. GPS technology, in general, is used in disabled communities. But we weren’t able to find evidence that this is currently a widespread use case for AirTags in particular. We reached out to a number of organizations focused on Alzheimer’s and elder advocacy, who mostly weren’t aware of broad adaptation among their constituents yet. AARP conducted a survey for us, and many of its respondents don’t use item trackers of any kind.

The case against AirTags is in a similar boat. We spoke to six prominent advocates about their personal experiences with AirTags. Many have worked on cases of tracker abuse themselves (“I’m getting calls every day,” Becker says), and some have been in conversation with Apple about the devices — but the majority haven’t encountered an AirTag abuse incident specifically. Dodge was the only member of our panel who outlined experience with AirTag abuse — he’s heard about incidents and court cases secondhand but doesn’t have a comprehensive sense of how common they are.

But while we don’t yet have a clear picture of AirTags’ costs and benefits, we do have a number of recommendations for making AirTags safer.

Pausing safety alerts makes sense for families, but it’s a feature that can also be easily abused.
Image: Victoria Song / The Verge

First: while stalking and domestic abuse are incredibly complicated issues, the problem that AirTags pose is fairly straightforward. Once a potential target is alerted to the fact that a foreign AirTag is with them, the person can report the AirTag to authorities, disable it, or, at minimum, leave it somewhere else. But the longer it takes from the time an AirTag is planted to the point when it alerts the victim, the more information an ex or spouse can potentially collect about their victim’s daily activities. Currently, that timeframe is too large.

As Victoria experienced, and as experts highlighted, the more time an abuser has to monitor a victim before they pull the plug, the more of that victim’s calendar they’re able to reconstruct for future use. “You’re usually in work nine to five; I ping at nine to five — now I know where you work. You’re usually home in the hours of eight to 10PM; I ping it — now I know where you live,” says Kathryn Kosmides. Kathryn is CEO of Garbo, a nonprofit dedicated to preventing tech-enabled abuse. “If they’re pinging at the opportune moments, at the right time, you can start to put patterns together. The ways someone walks to work, you know, all of these different things, which can be super, super weaponized.”

And abusers really are that relentless, says Becker. “They are tracking it while they’re in Zoom meetings; they’re tracking it while they’re checking their email or looking at memes. It is a full-time job to be an abuser, to be a stalker, and they take that job very seriously.”

What would an acceptable window be? That gets tricky. Advocates who have worked with Apple on AirTags noted that the device still needs to be able to accurately identify that it’s moving with someone rather than just near someone, which can take time to assess. “We actually don’t want people completely terrified that they’re being tracked when they’re not because they just happen to be sitting at a cafe with somebody who’s got an iPhone or an AirTag,” Olsen says.

And too many false alarms could put people in more danger — if someone develops a mindset that AirTag pings are usually errors, they could be quick to dismiss a real one. “We don’t want people to start ignoring these as noise,” Dodge said.

Still, all the advocates agree: the current arrangement does not work. There’s “a pretty significant valley between a few seconds and eight hours,” Dodge said.

The second problem here is that Apple’s alerts will only be helpful to iPhone owners. Android phones do not get proactively notified at all, regardless of how many hours have passed; the AirTag’s tiny chirp is the only way a person who doesn’t have a smartphone — or an Android owner who hasn’t downloaded a manual scanning app — might be notified of a foreign AirTag. Kirschner told us that the company is “continuing to evaluate ways to make unwanted tracking features stronger for Android users.”

That brings us to the third major problem with AirTags: the chirp is neither loud enough nor unique enough to catch someone’s attention in a noisy area. Dodge has tested AirTag alarms extensively, and his results mirror Victoria’s and B’s: the chirp is easy to miss. In particular, Dodge has found that it’s not loud enough to be heard while driving. Vehicle tracking is a common way people abuse AirTags, in Dodge’s experience. “If it’s behind your license plate and you’re driving, you’re never going to hear that,” he says.

Even a loud chirp may be inaudible to users who are Deaf and hearing-impaired. A vibration could be useful here. But this also underscores how much Apple needs to get Android users support for the same features that iOS users have. As few people as possible should be reliant on the chirp — it will always be imperfect.

The fourth significant problem we have is with the “pause alerts” feature, which is most pernicious in domestic abuse situations. While this feature has utility for families, it could also be a help to individuals attempting to stalk a family member or significant other. It’s very possible that an abusive spouse might have their victim’s passcode and regular access to their phone.

There should be a way to discreetly disable AirTags.
Image: Victoria Song / The Verge

Currently, a user is only able to mark a device as “borrowed” for a certain period of time after they receive an unwanted tracking alert. This is, Apple spokesperson Alex Kirschner told us, meant to safeguard against abuse. Despite this precaution, Victoria found in her testing that she could easily pause alerts on her husband’s phone without his knowledge. At minimum, someone who is borrowing an AirTag should have to periodically reconfirm that they’re borrowing it — alert pausing should not be indefinite, even among family members.

In that vein, our fifth concern is that it’s too hard to deactivate a malicious AirTag — also a major concern among partners and spouses. Currently, a victim’s options are to remove the AirTag’s battery or to dispose of the device. As multiple experts noted, these could both be difficult to do discreetly outside of an abusive partner’s view. If a person receives a foreign AirTag alert and does not confirm that they’re borrowing it, they should be given an option to stop it from reporting its location.

“If you’re in an abusive relationship, are you going to go to your abuser and say, ‘Hey, you’ve been stalking me, what’s up with that?’ No, you’re not going to,” Becker says. She added, “Apple’s got to figure out some sort of way for people to say, ‘Hey, look, I’m being stalked with this AirTag. Shut it down, do something about it.’ And it doesn’t sound like they have that yet.”

Apple declined to sit down with The Verge to discuss our findings, but on February 10th — 10 days after we reached out — the company announced it will begin to notify users earlier about unknown AirTags and change how they sound later this year. Apple directed us to this blog post in response to our questions about the vulnerabilities we’ve highlighted here. Apple declined to say whether the sound alerts will get louder or how much sooner AirTags will alert people and did not address questions or offer any new solutions for Android users.

The reality, though, is that there is no intervention that will make AirTags abuse-proof. These are devices you can track — they will, to some extent, be able to track people as long as they retain that functionality.

But despite this fact, many of the advocates we spoke to do feel that the release of AirTags is a net positive. Their hyper-accuracy makes them more effective than any key tracker has been before — but there’s also a huge amount of scrutiny on Apple that there isn’t on the myriad other companies selling such products on Amazon. The safeguards we recommend won’t just make AirTags safer; they’ll push competitors like Tile to follow their lead.

As the experts emphasized, key trackers are upon us. They have been for years. They’re getting more and more accurate as time goes on. But as companies innovate and improve on consumer tracking technology, accuracy shouldn’t be the sole or even primary focus. Safety is worth investing in, too.



Source: https://www.theverge.com/2022/3/1/22947917/airtags-privacy-security-stalking-solutions

Leave a Reply

Your email address will not be published. Required fields are marked *