Originally published at: Apple Opens “Find My” Crowdsourcing to Third-Party Accessories (For Real This Time!) - TidBITS

Apple has officially opened up Find My to third-party devices, including Vanmoof e-bikes, Belkin earbuds, and Chipolo item trackers. Could this presage the long-rumored release of Apple’s AirTags?

Many, many years ago I suggested that children could be tagged to help prevent driveway backover incidents. Maybe the technology is finally there! However for this application it would need a proximity alarm. Since then I have noticed that pet owners are also keen to have this technology.
http://users.tpg.com.au/users/mpaine/driveways.html

Most big vehicles now have backup cameras and collision alarms, which has hopefully helped.

Yes - I was one of the first researchers to investigate these devices, as reported on my web page. They are far from 100% reliable and I concluded “There is no substitute for close adult supervision of children near vehicles”. Many tragic cases involve toddlers “escaping” from the house for the first time. That is why I thought geofencing devices could be an extra countermeasure.

Interested in something like Chipolo One, but waterproof.

I’d like to have my wife able to find her glasses, and I’d like to be able to find my car when I park on big lots or unfamiliar streets—especially if it told altitude relative to mine so I could tell what level it was on.

I already have Tiles in my wife and son’s wallets and on their keys, as well as on my bicycle should it get stolen. Those rely on Bluetooth and other app users, and of course GPS would be better range.

Hopefully there’s much more to the security aspects of such tracking, to prevent bad guys from tracking you by tracking the key ring in your pocket. I can think of many scenarios that would need to be accounted for.

As a current tile user on my iPhones, that Apple have crippled the software for it is incredibly annoying. Now as well as repeated requests to enable location access, the locations it does give are several minutes out of date. Fine for when you’ve dropped your keys down the sofa - less so when you’ve been driving.

Would I replace them all with airtags at the Tile price point of £10*, probably. If they’re more than that or don’t have replaceable batteries then almost certainly not.

With reference to 3rd party products, the problem with Tile was the cost (of an integrated keyring for example) was several times the cost of buying the two items separately.

*part cost of a 4 pack of the basic 2020 model on regular discount on Amazon.

Find My has always suffered from really poor refresh rates. I suppose because Apple’s worried about power draw. And as usual, Apple does not give the user a big fat update button to force refresh. I’ve pretty much given up trying to use it to find my wife even when she’s just on foot because Find My refresh IMHO makes it useless for anything but static targets.

In regards to “Are there any devices in particular that you hope incorporate Find My compatibility?”, how about spider tracers shot from web shooters. Not that that is what I want, but sounds interesting that it looks like we can have little magnetic/stickable finders to slip in and attach anywhere and track their location. Does the opening up of “Find my” come with the ability to ensure there are none of these tracers on me?

We received some Tiles for christmas; didn’t really know what to do with them, as the thing I misplace tends to be my phone and that is the device I would use to find something with. Thought about putting one in my wallet, but it is not something I misplace in the house and where I tend to misplace it, bluetooth is not going to help, so on second thought, I like the spider tracer; again with the ability that I can ensure there are none on me, except for the ones I place.

In regards to “each approved device must meet Apple’s standards for privacy”, I guess we are talking about not on how the device actually works, but on who can access the information that the device is giving off. I track my wife. That could sound very creepy, but she likes to go metal detecting in the woods and likes to know that I know where her phone is (which basically is all that I know; the assumption is that the phone is on her). Which reminds me, she hasn’t texted me any finds in an hour or so, so maybe I should check to see if her phone is still in the woods.

Follow up on security aspects of “Find My” from today’s Cryptogram from Bruce Schneier

Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user’s top locations with an error in the order of 10 meters in urban areas. While we find that OF’s design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.

There is also code available on GitHub, which allows arbitrary Bluetooth devices to be tracked via Apple’s Find My network.