Apple’s ‘Find My’ App Uses End-to-End Encryption, Requires a Second Device for Verification: Wired

As previous rumours suggested, Apple plans to merge its “Find My Friends” and “Find My iPhone” app into a new app called “Find My” with the release of iOS 13 and macOS Catalina, and some “clever cryptography” prevents people from abusing it for tracking purposes.

A new report from Wired details the privacy features baked into the new app. At first, the app may sound risky because it has Apple devices constantly broadcast a Bluetooth signal even when they’re offline. The purpose is so that, even when the device is hibernating, it will be possible to locate it.

The stronger privacy comes via end-to-end encryption, but rather than simply having a key that can be stolen, “Find My” requires a second Apple device to hold the decryption key. Owners who only have a single Apple device in their possession will have to settle for the older and less secure methods of verification.

Craig Federighi described the app and its functioning at WWDC 2019, explaining that the app uses an “end-to-end encrypted and anonymous” mechanisms that ensure that only you can track your device and not even Apple can identify its location.

“In a background phone call with WIRED following that keynote, Apple broke down that privacy element, explaining how its ‘encrypted and anonymous’ system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device,” reads the report.

“The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices,” the report continues. “Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations.”

The idea of the new system is to turn Apple‘s existing network of iPhones into a massive crowdsourced location tracking system. Every active iPhone will continuously monitor for BLE beacon messages that might be coming from a lost device, and when it picks up one of these signals, the participating phone tags the data with its own current GPS location. It then sends the whole package over to Apple’s servers.

Say someone steals your MacBook. Even if the thief carries it around closed and disconnected from the internet, your laptop will emit its rotating public key via Bluetooth. A nearby stranger’s iPhone, with no interaction from its owner, will pick up the signal, check its own location, and encrypt that location data using the public key it picked up from the laptop. The public key doesn’t contain any identifying information, and since it frequently rotates, the stranger’s iPhone can’t link the laptop to its prior locations either.

Read the entire (worthwhile) report over at Wired.