Apple launched the offline Find My network in 2019 and shipped AirTag in 2021. Google launched its Find My Device network in 2024, designed around similar cryptographic primitives but with different default behavior. Both networks address the same problem: how do you locate a Bluetooth-only tracker without giving Apple or Google a real-time location feed of every device on the network?
The clever answer is that nobody — not Apple, not Google, not the phones acting as scanners — sees a meaningful identifier. Lost devices broadcast rotating public keys; nearby phones encrypt their own location with whichever key they see, then upload the result. Only the owner of the matching private key can decrypt and read the location. The network sees ciphertext.
How the Apple Find My network works
Each Apple device with Find My enabled (iPhone, iPad, Mac, AirTag, Apple Watch, etc.) generates a sequence of rolling public keys derived from a master secret that only the device owner holds. The public key rotates approximately every 15 minutes. Lost devices broadcast their current public key over Bluetooth Low Energy.
Any nearby iPhone, iPad, or Mac participating in the Find My network — by default, this is most of them — listens for these broadcasts. When a participating device hears a public key, it:
- Determines its own current location
- Encrypts that location with the heard public key
- Uploads the encrypted blob to Apple's servers, indexed by a hash of the public key
To find a lost device, the owner's iCloud-paired devices compute all the rolling public keys their lost AirTag (or laptop, or phone) would have broadcast in the recent past, look up the corresponding entries on Apple's servers, and decrypt whichever blobs they find. Apple sees ciphertext indexed by opaque hashes; it cannot read locations and (in principle) cannot determine which lost device an owner is querying for.
The cryptography is designed such that Apple cannot link the upload from a "helper" phone to the device it scanned, and cannot link any specific lookup query to a specific account's tracked device. Independent academic analysis has confirmed that the protocol approximates these properties — though with caveats around the metadata Apple still observes (uploader IPs, upload patterns, query timings).
How Google's Find My Device network works
Google's network, launched in April 2024, uses similar cryptographic structure with one critical default difference: by default, locations are only reported when multiple participating devices observe the same tag in the same place. This "aggregation by default" mode means a tracker in a sparsely-populated area may not report a location at all unless several phones independently see it.
The reasoning is privacy-protective in a specific direction: a user who has been tracked covertly via a tag attached to their belongings is more visible to the network in dense areas (where the location resolves quickly) than in their own home (where they may be the only Google user present, and so no aggregation can occur). Google argues this reduces the value of the network for stalking by making tracking unreliable in low-density contexts where stalking typically occurs.
Critics — including security researchers Brian Krebs and others who tested Compatible Tracker hardware — have noted that the default aggregation behavior also makes the network less useful for legitimate use cases (finding lost luggage at a remote airport, locating a dropped phone in a rural area). Users can opt into a less-protective "tracker for personal use" mode at the cost of reduced anti-stalking protection for others.
Unwanted tracker detection
Both Apple and Google ship native unwanted-tracker detection in iOS and Android. The behavior is roughly:
- If your phone detects an unfamiliar tag broadcasting near you for an extended period — and you are moving — it surfaces an alert.
- The alert tells you a tag is traveling with you and provides a way to make it play a sound, see its serial number, and (sometimes) disable it.
- iOS and Android both implement detection for tags from both ecosystems (cross-vendor interoperability standard finalized in 2024).
This is the real success story of the past two years: detection that actually catches covertly-placed AirTags and similar trackers in many cases. It is not perfect. Tags that don't broadcast for long enough, tags inside Faraday-blocking materials, and tags switched between owners can all evade detection. But the baseline is much better than it was in 2022, when AirTag stalking incidents drove the original public outcry.
What the networks don't protect against
The cryptography is real. Apple cannot decrypt your AirTag's locations and (as far as researchers have been able to verify) cannot easily correlate them with your account. But there are layers of metadata around the encrypted payload that the network operators do observe:
- Uploader IP addresses. When your iPhone uploads an encrypted location blob, Apple sees the IP. Apple can therefore infer that someone was near your tag at upload time. If that pattern is unique, it's a partial identifier.
- Query patterns. When you search for a lost device, your phone queries Apple's servers for specific hashes. The pattern of queries reveals to Apple that you are looking for something, even if it doesn't reveal what.
- Legal compulsion. Both Apple and Google can be compelled to hand over whatever metadata they retain. The encryption protects the location contents; it doesn't protect the fact that a lookup happened.
For everyday users, none of these are typically meaningful threats. For users with high-sensitivity threat models — journalists protecting sources, activists, domestic violence survivors — they're worth considering.
The bystander problem
The most underappreciated property of these networks is that every iPhone and Android user is participating, mostly without thinking about it. By default, both Apple and Google enroll new devices in the network. The defaults are opt-out, not opt-in. Most users have no idea their phone is uploading location data on behalf of strangers' lost devices.
This is defensible — the cryptography means the location data being uploaded is not your location, it's the location of someone else's tag that happens to be near you, encrypted to a key you don't hold. But "I'm contributing my battery and bandwidth to a global tracking network by default" is a non-trivial property and one that's worth knowing about.
Both networks allow opt-out in settings. On iPhone: Settings → Apple ID → Find My → Find My iPhone → Find My network. On Android: Settings → Google → All services → Find My Device → Use without network. Toggling these off removes your phone from the helper-scanner pool without affecting your ability to track your own devices.
The right way to think about it
The Find My networks are genuine cryptographic achievements that deliver real utility (finding lost devices, recovering stolen laptops) with non-trivial privacy protection. They are also the largest crowd-sourced tracking infrastructure ever deployed, opted-into by default by billions of users. Both things are true.
For tracking your own things, the networks work well. For protection against being tracked by someone else's tag, the cross-platform detection alerts are a significant improvement over the original 2021-2022 era. For privacy from Apple and Google themselves, the cryptographic claims hold up — within the limits of what they don't claim to protect (metadata, network-level information, legally compelled records).
If you're concerned about being tracked, the unwanted-tracker alerts on modern iOS and Android are the most important line of defense. If you're concerned about contributing to the surveillance infrastructure, opting out is one toggle. Both decisions are reasonable; neither is obvious by default.