When the AirTag trackers finally launched, Apple took some time to claim its privacy and security credentials. The idea of such an NFC object tracker is alluring and alarming in equal measures, since while they allow for users to keep track of inanimate, dumb objects such as keys and wallets, they also represent pretty serious privacy and security concerns. That is exactly what a new Washington Post investigation report has revealed, where reporters Geoffrey Fowler and Jonathan Baran emulated a scenario where the AirTag may be abused against victims of domestic violence by potentially malicious stalkers.
What Apple already offers
As the report found out, there are multiple red flags in this process. Before that, it is important to note that the AirTag isn’t entirely devoid of contingencies put in place for users to deal with deliberate acts of stalking by using these trackers. These include –
- An alert notification for iPhone users that lets a person know of an astray AirTag in their vicinity, which is not identified with the user’s iPhone.
- An audio alarm from the AirTag on Android phones that is triggered if the Apple tracker remains around the phone for up to three days.
- The ability to scan a tag, which opens an official Apple explainer guiding users to remove AirTag batteries, thereby disabling them.
- A unique serial number that is locked to the buyer of the tag, which can be reported to law-keeping authorities, to take further action.
Serious privacy threats
In response, the Post reports that while a user is alerted of a stray tag on their iPhones, this is only done when they reach home, or a location that’s automatically geo-tagged as frequently visited. The likely rationale is probably to stop a user from panicking in the middle of the road, or to stop a stalker from getting aware while the victim and the stalker are in a deserted area outdoor – therefore having grave implications of personal safety. While this is rational, the report argues that waiting till a person is home to then offer an alert also essentially gives away their place of residence, which can have major consequences in cases of stalking.
For the second point, the report notes that three days is too long a time to offer an alert. On this front, users will also be able to reset their AirTag timers, hence delaying the alarm from ever ringing and disabling the speaker. The Post reporters suggest here that one workaround can be for Apple to work with Google to develop tighter support, which would therefore give Android phones a similar level of control on AirTags as iPhones.
Finally, the report states that amid all of this, a stalker would be able to turn off all of the available AirTag safety alerts on a victim’s phone without requiring any authentication step. This feels like a clear oversight from Apple, even though the above two factors may be more difficult to deal with. Nevertheless, the points raised here are critical in terms of the larger picture of user safety, and it remains to be seen if Apple reacts with revised steps to better protect their AirTags from being misused.
Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page