Apple announced a lot of new features for its suite of devices and software platforms at WWDC 2019, but one of the more interesting was its fresh take on Find My iPhone, now simply called ‘Find My.’
Oddities in the name aside, the new Find My service promises to use Bluetooth signals from Apple devices like iPhones, iPads and MacBooks to help users locate their missing electronics.
If you’re familiar with products like Tile or TrackR, the premise is the same. Find My broadcasts Bluetooth signals — even if the device is offline — that can be picked up by nearby Apple devices and relayed to the cloud. In other words, you should be able to use Find My to locate a stolen MacBook sleeping in a thief’s bag.
Handy as that is, the feature rightly has the privacy-conscious concerned. But unlike past Apple features that let the company track your location, like Find My iPhone, the new Find My accomplishes its task without compromising your privacy.
How Find My works without compromising your location
Apple described the Find My process to Wired, outlining how it does what it does without sharing your location.
First up, you’ll need two Apple devices to take advantage of Find My. When you first set it up on your devices, it generates an unguessable private key and shares it across all your Apple devices in end-to-end encrypted communications. In other words, only those devices have the key.
Then, each device also generates a public key, which can encrypt data so it can’t be decrypted without the private key. This public key becomes the ‘beacon’ your devices broadcast via Bluetooth.
To ensure that public key can’t be used to track you, Apple says it frequently changes — although the company didn’t say how often it does so. Further, Apple says each new public key won’t correlate to previous keys, but can still be decrypted by the private key. This makes it incredibly difficult for anyone to track you using the Bluetooth beacons.
If a device goes missing — say someone stole your iPad — it will emit its rotating public key via Bluetooth, even if it’s off and disconnected from the internet. Then, a nearby stranger’s iPhone, with no interaction from its owner, will pick up the signal, check its location, encrypt it with the public key from your iPad. Again, this key doesn’t have any identifying information and, since it rotates frequently, the stranger’s iPhone can’t link the iPad to its prior locations.
Then the iPhone uploads the encrypted location and a hash of the laptop’s public key, which serves as an identifier. Apple doesn’t have the private key, so it can’t decrypt the location.
How Find My finds your device
Now, when you want to find your missing iPad, you turn to Find My on a different Apple device, like your MacBook. It contains both the private and rotating public keys. When you open Find My to search for your missing iPad, your MacBook uploads a hash of the public key, which Apple uses to search through its stored, encrypted locations.
It’s worth noting that, since the public key regularly rotates, it’s possible that Apple’s record from the stranger’s iPhone is an older version of the key. While Apple didn’t explain how it gets around this, Matthew Green, a cryptographer from John Hopkins University, told Wired that one solution could be the MacBook uploads hashes of previous public keys so Apple can find the missing device.
Once Apple finds the matching hash, it sends the encrypted location of your iPad to your MacBook, which can use the private key to decrypt the location — data Apple has never seen. Moreover, hashing functions are designed to be irreversible, so the company can’t use the hashed public keys to collect information about a device’s location.
That all sounds really complex; how do I know it works?
Well, it is rather complicated. And Apple says the explanation is a simplified one as well. Plus, the system is subject to change before it rolls out as part of iOS 13 and macOS Catalina later this year.
According to Green, the actual security of the system will depend on its final implementation. However, he also said if the system works as Apple explained it, it could offer all the privacy guarantees Apple promised.
It’s worth noting that no one has really deployed a system like this on the scale that Apple will. Green says these techniques scientifically are sound but implementing them practically in this way would be impressive.