Apple AirTags are great gadgets to help you find your lost items. But small connected beacons can also facilitate cyberstalking and cybersurveillance, despite measures taken by Apple.
Apple AirTags are undeniably handy gadgets. Apple’s small beacons, marketed since the end of April 2021, make it easy to find your keys or wallet with only an iPhone in your hands. But AirTags are also an effective way to track your partner or your children, and possibly without their knowledge.
After several warnings by associations, Apple changed on Jun 4, 2021 the initial behavior of its AirTags. The sound alert to warn people without a smartphone or with an Android smartphone that an AirTag was tracking them has gone from 3 days to “8 to 24 hours”. This update began on June 3, 2021 in the United States. In addition, the Californian company said that an Android application dedicated to Locate, the network that detects AirTags and other compatible connected objects, will be available at the end of the year.
But why is a hijacking of the AirTags worrying?
On Android or without a smartphone, the alert took 3 days
Concretely, AirTags work thanks to the presence of Apple devices nearby. The beacon does not have a GPS chip, but can connect to any iPhone, iPad or Mac it encounters, in order to send an approximate location to its owner. In a large city, this makes it possible to have an extremely dense and precise network of relay beacons. It’s a boon for the heads in the air, but it can be hijacked by malicious people.
Technically, Apple has implemented specific features to prevent “stalking”, proof that the company was aware of the potential abuse that could allow this kind of accessory. But a few days after their marketing at the end of April, the NNEDV (National Network to End Domestic Violence), an American association for the fight against domestic violence, showed that the situation was still far from ideal.
If you have an iPhone, an alert will appear if an AirTag that doesn’t belong to you moves with you. On the other hand, if you have an Android phone, it was necessary to wait three days before the beacon manifested itself via a ringtone until June 4 – date on which the alert went from 8 to 24 hours. This remains a lot, especially since if the share of iPhone owners in the United States is quite high (almost 50-50 with Android), in France, three-quarters of users are running Android.
Is the beacon ringing sufficient?
Taken aback by this problem, we decided, at the editorial staff of Numerama to track (with his consent) one of our colleagues for a few days. We therefore slipped into Julien Lausson’s bag a tag linked to the iPhone of our editor-in-chief Marie Turcan. Note that our guinea pig did not have an iPhone, but an Android smartphone.
During the next few days, we were able to follow Julien’s movements during the day. It was possible for us to know when he returned home or when he came to the editorial staff of Numerama, by looking at the Locate application, the beacon taking care of connecting to the surrounding iPhones (in transport or other) to send us his position. .
It was only after three days that the AirTag manifested, as expected with a ringing tone. The volume, powerful enough for a machine of this size, can be heard in a calm environment, but by Julien’s admission, “ pas sure it can be heard on the train with headphones on, if the AirTag is in a pocket or bag. “After this first occurrence, the tag has” re-rang a few times with large time intervals each time Which makes it almost impossible to ignore it.
If we can only be pleased that Apple has thought of this sound system to warn Android mobile owners that they are being tracked, we can still note that the 3-day period coupled with a ringing not necessarily audible in everyday life complicates the situation. The new time frame is much more reasonable, but will still allow a person to be tracked for long hours.
More annoyingly, if an AirTag reconnects with its owner’s iPhone during this period, the counter is reset to zero. This means that if a person shares their apartment with a jealous spouse, the beacon will reconnect every day and the stalking can continue indefinitely. This is where the real crux of the matter lies.
Cyberviolence and conjugal cybersurveillance
« In most cases, cybersurveillance and cyberviolence take place at the same time as domestic violence within the couple »Explains Léa Bages, founder of the Equality Institute up to date. « In our culture, we tend to view strangers as the greatest danger to our security. We must remember that for many people it is the loved ones who pose the greatest risk. », Confirms a spokesperson for the NNEDV reached by Numerama.
« For many people, relatives are the greatest risk »
Cyberviolence and cybersurveillance are part of a continuum of violence within the couple which is far from new, explains Léa Bages. ” It started by reading the odometer in cars and then monitoring the GPS sensors. Now our phone is a walking beacon. “The NNEDV qualifies all the same:” technology by itself does not breed violence. Abusive partners are simply determined to use every tool possible to perpetuate their abuse. »
Without going back to the odometer, other companies have been offering beacons capable of tracking someone for a long time. On the Internet you can find GPS beacons for a few dozen euros. Why are you particularly worried about Apple accessories then? For Léa Bages, it is the fruit of the times. ” Today these are essential subjects. We are more and more vigilant to this kind of problem », Explains the former member of the Women’s Foundation.
Protect privacy at all costs
For Marie-Pierre Badré, president of the Hubertine Auclert center (a structure specializing in, among other things, topics touching on cyberbullying), Apple’s aura is enough to give rise to concerns. ” Beacons are not a new device. On the other hand, Apple’s influence and brand image will allow these tools to reach a wider audience. Since Apple is releasing this and it’s worth 35 €, people will buy it. As it is used, people will realize the potential. »
« It is especially the size of the AirTag that worries me », Admits the president. ” It can be put in the lining of a coat or in a wallet. In addition, Apple benefits from a very large network and long battery life for its beacons. [un an, ndlr]. You have to be very careful with this kind of problem. In short, what makes the strength of the Apple accessory is also what makes it an extremely effective cybersurveillance accessory. On this subject, the NNEDV abounds: ” With the operation of such a large network for a tracking device comes an enormous responsibility: that of ensuring the respect of privacy and the safety of persons. »
A simple question then arises: is it simply possible to create an effective and privacy-friendly beacon? While admitting that Apple is “ the only company to have launched its product with built-in protections in an effort to deter abuse “, The NNEDV stresses all the same that” these features don’t go far enough and don’t protect those who need them most. »
« Companies are not educated about violence against women »
A blind spot that can be explained relatively simply, for Marie-Pierre Badré. ” Companies are not educated about violence against women. People who build these kinds of props don’t think about the risks that this tool can pose to abused women. It has not yet become a standard. All hope is not lost, however. If the problem is lack of education, the solution may be to educate yourself better.
A universal specification
« You have to work with experts and competent people. They would have picked up their phone, we would have told them ” explains Marie-Pierre Badré who regrets with a sigh that companies ” may not be aware of the problem “. However, it is difficult to know how Apple thought of its product, and whether or not the company contacted associations before finalizing it. Asked by FastCompany to find out whether or not Apple had collaborated with associations fighting against domestic violence before launching AirTag, the company refused to answer.
Taking as an example the efforts made by Apple and Google on the monitoring of covid contacts, the NNEDV imagines specifications drawn up in collaboration with associations. ” A good place to start would be to partner with subject matter experts who understand harassment and other abusive behavior. Such partnerships would go a long way in launching safer products, as they would help tech companies examine any possible abuse scenarios that they may unintentionally overlook. »Explains the American association, which occasionally works with Apple on products in development.
For Léa Bages, these efforts must not only be made at the production stage, but companies should also communicate more effectively on the potential risks that this type of accessory can represent. ” As with everything, the problem here is the level of information that will be transmitted to the users so that they can spot if they are being tracked. », Explains the specialist. She concludes, ” the best way to fight is information and prevention. »
The continuation in video