Comment by rezonant
2 years ago
> how much cryptography and security would Apple need to open up to have 3rd party BLE devices ping to other services outside of their control that may leak the location information of people walking past them.
None, simply proxy it through Apple's existing servers and do not include any information about the device that found the tracker. If you are worried about rogue devices telling iPhone to ping rogue services, then just add a service whitelist to the scheme: Apple trusts Google's service and Tile's service, Google trusts Apple's service and Tile's service, but <random URL> isn't going to get pinged.
Now just make a process by which you prove legitimacy in order to get added to the list and require platform approval.
> Why should {arbitrary phone creator} need to ping a 3rd party whenever someone comes within range of the BLE device?
Because if every phone could ping the network associated with every tracker, then the strength of the network is all participating devices, not just OEM's brand. Apple gets the benefit of having a better Find My network outside the US where Android dominates, and Android gets the benefit of a better Find My network inside the US where iPhone dominates.
> That is, if Android devices aren't required to ping Apple's Find My network when in range of an AirTag, why should Apple be required to ping Tile's servers when in range of a Tile?
Required is a strong word, but Android should ping Apple's network when it sees an airtag, and I bet Google would take that deal if it were available.
All this is sidelong to the point though, that Tile cannot build an app that iPhone users can use that can tie into the beacon functionality the iPhone is already doing in order to enable Tile users with iPhones (that is, those iPhone users with the Tile app installed) have as reliable and friction-free an experience as iPhone users have with airtags.
> None, simply proxy it through Apple's existing servers and do not include any information about the device that found the tracker. If you are worried about rogue devices telling iPhone to ping rogue services, then just add a service whitelist to the scheme: Apple trusts Google's service and Tile's service, Google trusts Apple's service and Tile's service, but <random URL> isn't going to get pinged.
Doing a "ping this other service" leaks information about the device that has been found. It also opens up Apple to knowing about who found the device or where it was found from information sent across the network. This is an important thing in security of the AirTag (and the rest of the Find My network) - the person detecting the BLE message has zero knowledge about it (other than its existence), Apple has zero knowledge about the person finding it or the device - only the Apple account that is associated with, and the person who owns the Apple account only has knowledge about where and what device - not who found it.
To not compromise the security of the Find My network, other vendors
https://support.apple.com/en-gb/guide/security/sec6cbc80fd0/...
> In addition to making sure that location information and other data are fully encrypted, participants’ identities remain private from each other and from Apple. The traffic sent to Apple by finder devices contains no authentication information in the contents or headers. As a result, Apple doesn’t know who the finder is or whose device has been found. Furthermore, Apple doesn’t log information that would reveal the identity of the finder and retains no information that would allow anyone to correlate the finder and owner. The device owner receives only the encrypted location information that’s decrypted and displayed in the Find My app with no indication as to who found the device.
This would be an opportunity for Tile to work at trying to establish a standard like was done with UWB ( https://www.nxp.com/applications/enabling-technologies/conne... ) so that multiple vendors could use the technology and chips for interoperability.