The “Where’s?” App allows devices to be found even when they are not connected to the Internet. For this purpose, macOS and iOS devices send an encrypted Bluetooth signal (beacon), which can be received by other Apple devices in the vicinity and forwarded to Apple’s servers for “Where is it?”. This is of course practical to find the lost Apple Watch in the swimming pool or the stolen notebook, even if the hardware is walking in the trunk of a car – it just has to be another device that has a radio connection to the lost device. Apple puts the sophisticated encryption process in the foreground – the device from which the location information ultimately comes cannot be traced.
According to Apple, the goals are:
Only the user can get an insight into the location of his device (encryption)
Data cannot be used for monitoring third parties or even for marketing by profile companies. Apple itself has no insight (anonymity).
This is to prevent strangers from identifying or even tracking a device based on the Bluetooth signal. According to Apple, this also prevents, for example, the threat from marketers who could track Bluetooth signals from Apple devices. Thanks to the way Apple built this feature in, marketers would bite their teeth at it.
When you set up the “Where’s?” App on your Apple devices for the first time, a randomly generated private key is generated that applies to all of your Apple devices. So that only your devices have this key, this is transmitted to them via end-to-end encrypted communication.
Each device also generates an individual public key based on this key. As with other encryption methods based on a public key, data can be encrypted in such a way that nobody can decode it without the corresponding private key. To ensure anonymity, the public key changes frequently. Thanks to some mathematical functions, each new public key does not correlate with previous versions. The “beacon” now being broadcast is this public key. Every device in the vicinity can now see it.
If your device is lost or even stolen, this beacon can also be received by a third-party (Apple) device. This Apple device, which can be several, now uploads two things to the Apple server:
the location, encrypted with the received public key
and a hash of the public key used for encryption
Since Apple does not have the private key, Apple’s location cannot be decrypted or determined. If you want to find your lost device now, you need another Apple device on which the private key is also available. Due to the uniform mathematical procedure, this device is now also able to generate the same series of public keys.
To find your missing device, send “Where’s it?” now the hash of the public key on Apple. The servers at Apple then check whether a data record is available for this information. If this check is successful, the data record is sent to the “Where is?” App. Thanks to the private key, the app can now decrypt the data and display the location.
With hundreds of millions of Apple devices worldwide, advanced end-to-end encryption and anonymity, users can find their lost products in the “Where’s?” App, with the certainty that their privacy remains protected.
Accessories and device manufacturers can now also use the network behind it. This gives these manufacturers the opportunity to participate in the encrypted but also fully anonymous network. Apple hopes that this step will enable users to find other devices such as bags, school bags, keys, wallets or photo cameras efficiently and reliably.
At developer.apple.com/find-my, Apple presents a way for third-party manufacturers to view the core concepts of the “Where’s?” Network. But also (preliminary) hardware and software requirements for the development of network-compatible accessories from “Wo ist?” are explained. The final specification is expected to be available later this year. The whole thing is rounded off with a detailed documentation of the network accessory protocol. This information is only available for use with commercial accessories. Private use is (currently) excluded. I personally expect manufacturers of Bluetooth tracking products like Tile, Adero, Pixie and similar companies to be interested in this network.
As soon as the technology and the necessary unlocks are released at the turn of the year, third-party manufacturers must take part in Apple’s MFi program to develop and certify their network-compatible “Where’s?” Accessories.
The term “airtags” has long been rumored by the scene. At the latest since 9to5Mac in the iOS 13 beta found some screens in the “Where is?” App, the rumor mill has been bubbling. It should be a compact tracking device that can be attached to a keychain, suitcase or bag as a pendant The spreaders of the rumors are not sure whether it is a technology based on Bluetooth or the U1 ultra-wideband chip that Apple has so far only installed in the iPhone 11 and iPhone 11 Pro (Max).
If Apple really does release these devices, the opening for third-party manufacturers would come as a bit of a surprise. It is also surprising to me that the icons shown at the “State of the Union”, the WWDC session, at which Apple spoke about opening the “Where’s?” Network, correspond exactly to the icons identified by 9to5Mac. Either Apple will no longer launch its own products and enable the market for third-party manufacturers – based on their network – or Apple will break new ground and open all the interfaces that do not really have to remain closed. Especially when looking at the many (legal) skirmishes where manufacturers complain about the app store and the closed ecosystem as such – this could be a tactical move. It will be exciting to see whether Apple will also gain a foothold in this market (in the short term).
As with the introduction of differential privacy, Apple is raising the bar for the competition. The “Where is?” Infrastructure not only guarantees functionality and anonymity on iOS / iPadOS / macOS devices, it is now also being extended to many devices. It will be exciting to test the functionality of this technology with the appearance of third-party devices and to check its suitability in practice. (Macworld)