A simple loudspeaker is the most important component in Apple’s AirTags to protect people from unwanted tracking by intrusive admirers, violent spouses or extremist political opponents. Because the visual warning of unwanted tracking advertised by Apple is only available on iPhones, whose market share is below 30 percent. Thus, the largest part of the population is dependent on an AirTag recognizing itself by tone sequence, but this happens after several hours or days at the earliest and what can easily be prevented permanently, as c’t found out.
The AirTag is not a new product. Locating tags, for example for key rings or suitcases, have long been available from various manufacturers, with Apple adding UWB (Ultra Wide Band) to the close-range search and also integrating NFC into the AirTags so that the owner can send the finder a message. The functionality of the tags from different manufacturers is similar at greater distances; they work as radio beacons and send an identifier (beacon, beacon) via Bluetooth at regular intervals, which can be used to identify them. If a nearby smartphone receives the transmission, it links the data with its own current position and forwards it to the manufacturer. The owner can call up the position data stored in the cloud with a special app in order to find his or her tag.
But while other manufacturers rely on as many smartphone owners as possible to install their proprietary app, Apple has integrated the function directly into iOS: Every Apple mobile device that can be found using the “Where is?” App routes the broadcasts of the AirTags to Apple. This feature is enabled by default on all Apple mobile devices and requires iOS 14.5. For example, Apple has a dense network of around one billion devices worldwide to determine the position of AirTags, while other manufacturers only have a few hundred active participants even in large cities – these are mostly owners of such tags.
So that AirTag users cannot be tracked by strangers, AirTags constantly change their individual features such as the Bluetooth MAC address and encrypt their data so that ultimately only the owner can identify them. Even Apple doesn’t know which AirTag belongs to whom. But that makes it impossible to identify the perpetrator in the event of abuse.
Due to their small size and the long service life of up to a year, AirTags can be easily hidden in the lining of a jacket, rucksack or handbag in order to monitor people unnoticed: As long as the AirTag keeps appearing near its owner, For example, because you live in the same household or regularly bump into each other at work, no message appears on the monitored person’s iPhone. The AirTag also remains silent.
Only when it is separated from the owner for a longer period of time, at the time of going to press, the time limit was at least three days, does the AirTag give an acoustic alarm. However, only when you touch it or accelerate it strongly – in our tests, the movements of a normal car ride were not enough to trigger the alarm.
One should not expect much from the promised iPhone warning of an unnoticed companion: In one of our tests it took over 8 hours for the iPhone to report a strange AirTag, in several other cases we did not receive a single warning even after weeks. When asked, Apple does not reveal which iPhones display a warning under which circumstances and after what time. It can therefore be assumed that, in addition to Android owners, a large number of iPhone owners will not receive any warning about third-party AirTags.
Apple needs Google
In a statement to c’t, Apple announced that it intends to provide an Android app in the course of the year with which AirTags and other “Where is?” -Compatible devices can be found that accompany another person away from the owner. This would at least give Android users a chance to discover an AirTag at an early stage. In addition, the AirTag should in future already be audible after 8 to 24 hours and not just after three days. That is a step in the right direction, but it is not enough: It still takes too much time to carry the AirTag home unnoticed.
In order to effectively keep its data protection promise, Apple needs support from Google: Just like iOS, Android should automatically warn of nearby tracking devices without a special app. Both manufacturers have been cooperating for a year for corona contact warnings, which also use Bluetooth. How about a further cooperation so that in the future all Android and iOS users will be informed about third-party trackers? Data protection and privacy may not play a role in other markets, in Europe and especially in Germany they are good sales arguments.
A function for actively searching for external tracking devices is not provided for either iOS or Android, so AirTags will only be able to be discovered in the future if you have carried them around with you for hours. This means that the AirTag’s loudspeaker remains the most important warning device for noticing an unfamiliar AirTag. But the loudspeaker of all things can easily be silenced.
In order to silence an AirTag forever, you don’t need a lot of skill or special tools: A cordless screwdriver and a drill are enough to cut through the loudspeaker coil built into the AirTag with a single drill hole in a few minutes. Confronted with the details, Apple Germany came to the assessment in the official statement to c’t that “drilling out would not be seen as a very simple deactivation option”. The structure of the AirTag facilitates this modification; if Apple had soldered the speaker connections on the back of the circuit board, the AirTag would inevitably be destroyed when drilling open.
A silent AirTag continues to report its presence to all Apple devices in its vicinity and can therefore be located remotely. Apple failed to detect manipulation and then switched off the AirTag. This is not rocket science, a simple continuity test or the observation of the power consumption of the amplifier would immediately expose a severed loudspeaker coil. Without such protective measures, the door to stalking is open – and the perpetrator does not even have to fear criminal prosecution.
Regardless of possible civil law claims, according to our research there are doubts about criminal liability if, for example, the jealous man monitors the whereabouts of his partner with an AirTag: Stalking Paragraph 238 of the Criminal Code only covers contact, data theft or orders in someone else’s name – to monitor the whereabouts and creating movement profiles is not punishable.
The Federal Ministry of Justice has already recognized this loophole and formulated the aim of filling it in the planned amendment to Section 238. However, the current draft law of March 24, 2021 still does not provide for a ban. The GDPR does not offer any concrete handling either, because the jealous man could try to invoke the “budget exception”. It explicitly allows the processing of personal data for the exercise of exclusively personal or family activities. In addition, the man would have to act with intent to harm in order to realize the offense of the applicable data protection criminal norm.
This clearly shows the potential for abuse of AirTags: Anyone who leaves the apartment as a result of domestic violence and seeks refuge must expect to be tracked down by their partner within hours – thanks to an AirTag hidden in a suitcase, handbag or jacket. And even if it is an unmodified copy, as the acoustic warning and a possible display on the iPhone are only triggered after many hours, after you have long since revealed your new whereabouts.
The AirTag is also likely to become the favorite toy for political extremists, with which they can cheaply and extremely efficiently monitor the whereabouts of unpopular local politicians. Simply glued behind the bumper, you always know where to spot the victim. And even if the AirTag is discovered by the State Security: Unless he has left his fingerprints on it, there is no trace of the perpetrator.
With the AirTag, Apple has launched a powerful, highly developed location technology that can be easily modified and misused. The standard data protection promised by the manufacturer actually does not exist: The loudspeaker as the most important protective feature can be easily disabled and Apple overslept to take precautions against manipulation and then render the AirTag harmless.
Even the promised iPhone warning of unfamiliar AirTags does not work reliably, and anyone who uses a different smartphone has even less chance of discovering an AirTag that has been misappropriated. But even if you happen to discover a strange AirTag on yourself, you can hardly do more than switch it off: Not even Apple knows the owner.
In c’t 14/2021 we show you how you can surf without being bothered by cookies and trackers. c’t editor Mirko Dölle found out how Apple’s AirTags can be remodeled as a stalking kit. We have also upgraded the Raspi as a backup server, shed light on the technology and infrastructure for card payments and explain what you should pay attention to after UMTS has ended. You will find issue 14/2021 from June 18th in Heise shop and at the well-stocked newspaper kiosk.