Apple AirTags rely on a billion+ devices globally in the company’s Find My galaxy to find your lost items. And Apple’s built in significant protections so you theoretically can't stalk someone by slipping an AirTag into their car or backpack.
But you still can.
At least, based on publicly available information to date.
Here’s how: be an iPhone user and only target people who use Android phones.
Apple’s privacy protections will notify iPhone users if an AirTag is following them repeatedly. But none of the software infrastructure that enables that warning lives on Android phones. Instead, Apple has built in additional security for Android-using spouses, kids, or stalking targets by disabling AirTags that do not connect with their paired iPhone within a three-day period.
After those three days, the AirTag will announce itself by beeping.
The idea is that if you’re being tracked, you’ll hear it and disable or get rid of the AirTag. (Of course, if it’s in the trunk of your car or under the seat of your bike, you may not hear it.)
In addition, presumably after some time frame, Apple will remotely disconnect devices from the Find My network. Apple can’t do it extremely quickly: that would defeat the findability of the AirTag. Apple needs to do it after some period of time, however, to prevent exactly this sort of digitally-enhanced stalking.MORE FROMFORBES ADVISOR
But there’s an easy hack to defeat Apple’ three-day timer.
If you’re an unscrupulous iPhone owner, you can buy a bunch of AirTags, place them wherever you want to track a significant other or defined target — perhaps, post-Covid, in a boss’s bag or briefcase, so you know when he or she gets near work — and simply do two things to ensure they will remain operational.
One: make sure they’re Android users.
Two: make sure that every few days you are in reasonably close physical proximity to the devices. You don’t need to be right next to them; they could be 30 or maybe even 50 feet away. But you need to be close enough so they sense your phone and reset the clock on time-away-from-home.
This isn't unique to Apple AirTags, of course. Virtually any kind of tracker could do the same.
But Tile, for instance, has a much smaller network: just phones running the Tile app. According to Apptopia, fewer than 20 million people have installed the app, and about 1.5 million people use the app on a monthly basis.
That’s a much small risk surface than perhaps 1.5 billion Apple devices literally in every corner of the globe.
There are almost certain security features that Apple has built into AirTags that it has not disclosed, and that could limit their use as digital stalking enablers. For example, if Apple sees that an AirTag is constantly being associated with and is near a specific Android phone, they could remotely disable it sooner than three days. Or, they could pop up a notification on the AirTag owner’s iPhone, mention this suspicious behavior, and ask for some kind of proof or evidence that the tag is not being used for nefarious purposes.
But they can’t be super-aggressive with them or the primary purpose of the AirTags — to find things — will fail.
If, for example, my wife borrows my AirTag-carrying backpack for a short overnight trip, and Apple disables the tag because it looks shady, but then she loses the bag and expects me to be able to find it ... Apple has a problem. Or if you and a friend use them to find each other — as Dieter John at The Verge has already done — and Apple fries the tag out of suspicious, neither of us will be happy.
This is not a simple space with easy answers. Technology is a tool, and tools magnify capability. Capabilities can be used for good or evil.
I don’t envy Apple’s choices and decisions in this space.
You could say that the Find My network is a necessary tool in an age of digital devices such as iPhones that can be lost or stolen. Extending that to any object you put an AirTag on or in, however, was a choice Apple made.
Perhaps the best option?
Work with frenemy Google to extend the Find My network so that Android phones also have built-in automatic notifications to warn against unwanted tracking.
I’ve asked Apple about additional protections that the company may have placed into AirTags or the Find My network to minimize misuse, and will update this post with any response a representative communicates.