The Spooky Technology Behind Apples Find My Device

I personally don’t have an issue with my phone being used to help other people find their lost apple products if it’s encrypted and secure. I do wish it was open source however, but sadly that’s not going to happen

curlybeckster

Meanwhile at Google:

Me: "Hey google, where did I go last night?"
Google assistant: "These are the 9 places you visited last night..."

hola_chelo

I think that the "Find My" function is actually a very useful feature for lost phones. Yes, technically Apple or Google would know my location then, but they most likely have my location anyways if I properly log in to a Google/Apple Account.
And I think on Android the service only sends location data when requested.

HerrBlauzahn

I am not creeped. I am happy to help people find their things.

integre

I remember back in the day when Google first allowed you to see where your friends are... not creepy at all, with real time location updates so you could see the dot moving on the map. I think they changed it within the month though.

AlexTheStampede

Great video, except two things, you can opt out of the find my network, and Find My doesn’t use cell towers directly; it uses them to transmit data but it uses built in gps to get that data. Using cell towers will only give a general location. Rip out the GPS modem in your phone then go to maps, it’s essentially a big blue circle covering a .5 mile radius which isn’t helpful (even with wifi).

lieutent

Celltowers don't locate distance to tower based on signal strength but based on timing differences

SwissPGO

Hoping I don’t get in trouble for this, I don’t work there anymore but I can tell you your example is mostly right. However, once it’s on the server, all user specific data is encrypted and tagged with the specific user’s key. Essentially, Apple cannot retrieve those data directly. The location data is accessible but only without user specific identifiers. Any targeted, user specific data can only be retrieved by entering the user’s password and two factor code. (That’s ignoring some of the two factor flaws I’ll leave out just know that when I worked there it had some major flaws). Apple also does not release these data to third parties or government. So in short, even with the flaws in they current system, there still needs to be a fair amount of social engineering to break through. Hope this helps.

joshintheshell

Dewalt's tool finder app works the exact same way. Any phone running it will be constantly sniffing for Dewalt bluetooth beacons and report the location of any it sees that that have been marked "missing". It works pretty well because a lot of tool thieves tend to hang around and try to sell them to people that use them.

WldTangent

Yes you can opt out. In settings there's an option called "Find My network"

ksaspectre

I would feel much better if the encryption worked like this:

1. Device Activated for wanting to be found - broadcasts a unique ID, and a public key for the encryption of location data
2. The unique id is simply an ID for the device stored via apple, and to the apple ID who wants to find the device
3. The public key for finding THIS device in THIS session (one "enable" of finding a device until deactivated) is generated on the stolen device, then encrypted via a private key for the apple ID account (via the password, salt, etc for the account).
4. Then the location is detected by Lassie, and using the public key broadcast, using SSL encrypts ONLY their location, and the unique ID of the device is not encrypted using the private key in order to send to apple.

5. Apple receives the list of found devices, via SSL and THEIR public key, decrypts the message, and then using the unique IDs will encrypt them using apple ID public keys related to that device ID.

6. Then the account owner, Ruth, will request a list of entries of the location for unique ID devices on their account. They will receive any associated (and even if they receive another user's entries, they cannot decrypt them as their appleID private key cannot decrypt those).

7. Then Ruth, using their appleID private key (which was set up exclusively for finding devices), will decrypt each transmission of the location of devices.

8. They get an entry of "device ID, location" and will be able to find and track that device.

Apple cannot see devices tracked, only the uniqueIDs, assuming they have access to those BEFORE encryption with the appleID public key.

Apple cannot see location data, as this is encrypted via the generated tracking PUBLIC key and can ONLY be decrypted by the user who owns that appleID account, and that private key is encrypted along with their account info via their password-based encryption.

Other users around the stolen device cannot receive the broadcast location, as it's SLL encrypted, and encrypted again by Ruth's public key for tracking.

Apple can even make it easier and associate "unlock keys" for data based on "Ruth's owned devices" that each have been granted access to her appleID account, so that if any of her devices see the broadcast of the lost device, they can find it locally without ever going through Apple -- But the data is encrypted and sent to apple in the end after the device is found -- assuming they enact this policy.

It's all encrypted, at every stage, and easy to ensure only authorized users have access to the location data, even when youre nearby and can "approximate" that data. Even so, Apple is the one who controls "deviceID" mappings so you cannot identify the stolen device. Apple could even rotate the deviceID every so often to prevent tracking of said device locally, as what happens in group / chat rooms.

GameDev

I actually like that technology, having the peace of mind that if your iPad gets stolen that you can just find it again.
And I’m pretty sure the people that have lost their devices/had them stolen would be very glad that my phone is transmitting the signal to Apple 🙃

leberkassemmel

dude your gonna change the world with wicked good info keep it up man !!!!

jacobfreeland

2:00 maybe spooky, but so GOD-DAMN COOL :D

pawlack

Kinda makes me think couldn't someone make like a million fake find my phone requests in an area to crash iphones in the area or ddos apple's server? They must have some protection against that.

wilfridtaylor

What's worse is that, on paper, this is a great feature. I don't use Crapple products, but if I did, I'd appreciate this feature. While of course being spooked by the dim glow of the dark ones.

..

"All cell phone providers in the United States are required by law to be
able to track the locations of active cell phone users to within 100 meters"

- So why are we worried about Apple having our location if the Government already has it?

SCTproductionsJ

With every day that passes I become more convinced that privacy is dead, or at least dying for the sake of convenience

These tech giants have so many ways to track us, it isn't even funny

MemesnShet

I'm glad someone's talking about this. I don't use the "Find My Device" service in any device for its privacy implications. But that being said I would pay for a trustworthy 3rd party organization to provide this service.

weshela-in-chief

GPS Location Button has left the chat.

АбеНиш