It's interesting to see that Google takes this so seriously they're backporting it to Android 6. I guess they probably have metrics on what Android versions are still in active use, but I'm a little surprised that Android 6.0 would still be used heavily enough to warrant the backport. Regardless, it's good to see this sort of industry cooperation from companies who would normally be at each other's throats.
Google made a deliberate decision long ago to detach library and feature support from the operating system due to manufacturer fragmentation. So most of their new stuff automatically works with old versions of android
> Supporting Android 6 would be like supporting iOS 9.
1. Your point still stands, but this is because this update is probably shipping as a Google Play Framework update, which works on >= 6.0. Google is not (to my knowledge) releasing a new firmware.
Apple would do well to decouple certain software components from iOS, IMHO.
2. In case others are curious about iOS version market share, statcounter's stats for April 2024:
Google and Apple have fairly different platform software update strategies so I was curious how the support windows line up. Android 6 was the last supported release on devices like the Nexus 5 and Xperia Z3 from 2013 and 2014. iOS 9 was the last version supported for devices like the iPhone 4s and 3rd gen iPad that shipped in 2011 or 2012. Going forward to 2013 iPhones you have the 5s which was last supported in iOS 12. It sounds like Google is able to ship this directly rather than as an OS update that would need to go through manufacturers, while Apple typically deploys these type of fixes by pushing an OS update. I'm curious how far back they'll go, they rarely ship security fixes more than two major versions behind the current release (so maybe down to iOS 15, supporting devices released in 2015).
FWIW, WhatsApp claims support back to Android 5.0, and if they haven't changed their support decisions since I left, that means there's a significant amount of users in the wild on Android 5.0. I'm not surprised Google only goes back to Android 6, they were always dropping versions from support before WA did; their threshold must be higher.
WhatsApp majority userbase sits outside of the US, and it's deeply embedded in many 3rd world countries. I'm not sure how their European userbase compares with the African/Asian userbase.
I reckon the WhatsApp userbase OS distribution skews much more to older android versions compared to an app that mostly enjoys US/1st world country userbase.
I just recently pulled out an old phone that originally ran Android 6 for a project, hardware wise it still runs perfectly. The only thing wrong with it is that I can't upgrade it to a newer Android version.
From what I understand, backporting won't make a difference, unless vendors integrate it into their custom OS installs, and, from what I hear, they aren't really giving legacy support much love.
They are taking it seriously because of the legal liability issues. Their lawyers are clearly worried about the legal implications of their devices being used to track people and things for illegal purposes and want to make sure they have a level of protection against lawsuits from consequences of tracking devices used for illegal purposes. There are already cases of women being stalked using these devices.
> Their lawyers are clearly worried about the legal implications of their devices being used to track people and things for illegal purposes
Just that Android devices are not involved in tracking of AirTags, as of today only iOS devices actually share the location of AirTags back to Apple.
They maybe want to change that, but considering the huge amount of volume disparity between AirTags and Google's tags, I assume Apple would have to pay Google for the service of extending their tracking-network...
> It’s possible the tracker is attached to an item the user is borrowing, but if not, iPhone can view the tracker’s identifier, have the tracker play a sound to help locate it, and access instructions to disable it.
That means someone can steal your stuff, and then disable the tracker so you can't find it. Most people and myself included were sticking these cheap tags on everything we own, and it was genuinely useful during travel or in scenarios where theft was a consideration.
> That means someone can steal your stuff, and then disable the tracker so you can't find it.
This is by design. AirTags were never marketed as an anti-theft device. They had anti-stalking features from day one which were/are at odds with anti-theft.
It was marketed as helping you find things that are lost, nothing more.
They weren't marketed but it was implied. If you forgot, they had to patch them a while after release due to stalking concerns so that "day one" point is moot.
Design doesn't matter after a point - you have to meet your users on their turf. Most people were using it for other reasons - and if Apple's stance is, fine - don't buy it, then so be it.
>> helping you find things that are lost, nothing more.
So it is now on me to know whether my object is lost or stolen? Even if I magically knew all the details, that isn't a bright line rule. One person's "lost" luggage is another's stolen electronics. Clearly, more people are using these things to track down stuff that has been taken rather than find the remote control lost somewhere in their living room.
Will apple allow people to disable the tracking of other people's iPhones too in the name of privacy? What if my wife leaves her phone in my car? Can I get tracking disabled on that phone so she cannot track my location?
> That means someone can steal your stuff, and then disable the tracker so you can't find it
This has always been the case with AirTags. They've had anti-stalking notifications since day one, and disabling one is as easy as a quarter test of the case to remove the battery.
It's possible to build your own tracker atop the Find My network without these anti-stalking features. The Find My network can even be abused for low bandwidth data transfer from any point in the world with an occasionally nearby iPhone.
If I were to do this on a certain chip and put it in a random person's car, wouldn't they get a message showing 'X found moving with you'? Or is that only implemented for AirTags themselves?
Yeah, I think the point of these devices is for locating lost items, not stolen items. Trying to handle the stolen use case but not allowing nefarious tracking seems to be at odds with each other.
Depends on what you're trying to track if it's stolen. A compartment in something like a car or an eBike that allows removal only by using an actually high-security key (i.e. something that LockPickingLawyer can't pick) or power tools that would seriously compromise the structural integrity of the thing in question would be something I'd pay serious money for... but no manufacturer of anything I'm aware of has actually gone that far.
Can you please describe what scenario you imagine an airtag would be useful in tracking down a stolen item in an airport?
I ask because I'm at a loss. BLE from these little devices has ~40ft of range on a good day, and even if a mesh network were involved, I fail to see what the airtag could do that would help you recover your item. Sound an alarm? Great, the thief knows where it is now, and they can just yank it out and throw it in the trash. Give you GPS coordinates? Great, that'll really help after you find security, tell them what happened, convince them it's urgent, and explain to them what they're looking at when you show them the app. Of course that all assumes the airtag (or a nearby mesh device) has a useful GPS fix, and the thief hasn't already found the tag and thrown it in a trash can or something.
Imagine you put an AirTag somewhere deep into your suitcase, and someone malicious steals it and then drives off with it. With the current model, the thief will get notified there’s an AirTag traveling with them, and they can play a sound, find it and remove it / disable it.
Imo without these features it would be rather unlikely for a thief to find AirTags quickly or even realize it’s there.
The ~40ft range is more than enough, the global mesh network of all iPhones is the whole point of the AirTags, there’s no “gps fix”.
Google Maps generally shows my location inside of airport terminals pretty accurately, so it stands to reason that the network of iPhones in a terminal could plot a tracker's position pretty well. If someone has your bag and you know which direction they're moving, you could possibly catch up and get close enough to either spot it or (assuming you have an iPhone 11+) get a Ultra Wide Band fix to finish pinpointing it.
Bury the tracker somewhere too inconvenient to locate and remove quickly, and they'll count on not removing it until later (or they'll just ditch it once it starts beeping).
> Most people and myself included were sticking these cheap tags on everything we own, and it was genuinely useful during travel or in scenarios where theft was a consideration.
Yep. That ruins half the value of AirTags. It's a limitation that their competitors, like Tile, didn't have until very recently.
Every time this comes up, someone butts in with "they're for lost items, not stolen ones!", which is technically accurate but pedantic beyond reason. "Stolen" is a special case of "lost" for most people. In both cases the object is out of the owner's possession. "Stolen" just means it's deliberately missing and not accidentally so.
I understand, sympathize, and support the idea of making life harder for would-be stalkers. My gut instinct says non-notifying AirTags would make life harder for many more thieves than the self-tattling AirTags does stalkers. Apple and Google agree with each other that inconveniencing those losers outweighs abetting thieves. That's their decision to make. I'd still be irritated if I couldn't find my lost-with-the-help-of-a-thief bike because my AirTag told the thief I was looking for it.
I think the idea is that thieves that have already been successful at removing the item from your possession are much less of a threat to your life than someone who is actively tracking where you are. It's a debate worth having, which one should be the priority, but I can appreciate the logic of doing it this way.
There is a big liability issue for these companies if they say its for tracking stolen items. Anecdotally according to reddit threads, police don't care if you have the tracker showing its at the thiefs house, thats not enough evidence to do anything and its not an active crime with people in danger worth being prompt about. law enforcement also don't want you to confront the thief due to the risk of that situation escalating. If these companies start advertising for stolen items they are effectively encouraging vigilanteism and you can imagine how much of a legal headache that will be as soon as the first airtag user is shot dead.
Not sure what I'm missing here, as Airtags have long worked like this - that as long as you had an iPhone or an Android phone with the anti-tracking app installed, you'd be notified of being stalked.
So if your bike thief had an iPhone, they'd be able to find the tag anyway?
AFAIK the only major difference is that it's now being baked into the Android OS so people don't need to actively download the app.
Yes, I think the PR backlash for such features is too great that it spoils them for the rest of us.
When people "misuse" any technology, it seems the consensus nowadays is that the responsibility is shared between the technology creator/owner and law enforcement. Personally, I'm not fully sold as this is mainly a sociopolitical question.
It's a fundamental tradeoff. And who's affected in each case?
The anti-stalking bias degrades the product for people who've bought an AirTag and become victims of theft. It's a limited population. People are unaffected by default.
The anti-theft bias means everybody is a potential victim of stalking. If I have no interest in AirTags, anybody else can still tape one to the bottom of my car and track me wherever I go. Everybody is potentially affected.
Even if theft is far more common than stalking, an anti-theft bias would be a tough position for Apple to defend if it means they're potentially facilitating stalking for the entire population. It may not be ideal, but I can understand it.
I believe you’ll find that tracking your stolen items is just a recipe for frustration when you tell the police where your shit is and they act like you’re the asshole when you expect them to do anything about it.
(And no, this isn’t connected to current politics—I’ve not known cops to care about tracking down stolen good no matter how much evidence you can hand them, since at least the 90s)
> inconveniencing those losers outweighs abetting thieves
This feels incredibly minimizing for people who have been stalked. Or people fleeing domestic abuse, human trafficking, or other forms of abuse where controlling a person’s movement is a large part of the harm being inflicted.
Stalking covers a wide range of activity that impacts people who are usually in a vulnerable or dangerous situation. The people who would use tags to track people aren’t just “losers”, they’re pimps, rapists, murderers, abusive spouses, and so many other awful things.
Inconveniencing them far outweighs someone stealing your luggage.
They are already pretty worthless as far as air travel goes in my experience. Airtag indicated my bag was on the tarmac at the first airport pretty much until it dropped in front of me in the baggage carriage at the last airport. Effectively it gives me zero information I didn't have already from the old analog method of using ones eyes and following up with airline staff.
Aren't there third-party devices like Tile that you could use? Sure, it can't be tracked by every iOS and Android device, but it's not like there aren't trackers that you and your wife could both use.
Tile is essentially useless, especially compared to airtags, annoyingly.
I had a tile, however I fianlly got rid of it when I was unable to locate my keys in my house. It sent me on a wild goose chase saying that it had been last seen near my bins.
I was in the same room as them for the first 15 minute of it beaconing.
Airtags seem to acutally work reliably, and because you don't need the app running, has a good network to find them outside of my house
This is great and it came up at dinner last night which is kind of weird.
Had the odd experience of going to a retreat where everyone sat listening to speakers, and then all went to lunch, and then back to the speakers, then all to dinner, then back to the speakers. And my iPhone popped up an alert that there was an airtag following me. (It wasn't of course it was an airtag in another attendee's bag to track their bag which they had with them, near me kind of randomly, but being driven by the same forces of movement :-)).
My understanding is you should only get the notification if the tag isn't with its owner. That's how it plays out in my personal experience. Back when AirTags were completely broken and didn't support family sharing, I'd get notified if I had my wife's car keys with me only when she wasn't with me, i.e. because I grabbed hers to run a quick errand.
This notification would be utterly useless if that were no longer the case: you'd spend half your time on a flight or bus ride closing the unwanted and unhelpful popups.
I use AirPods Pro but an Android phone. My girlfriend and friends we hung out with would complain about these, so I eventually found a way to turn off "Find my device" on the AirPods by connecting them to my iPad. I now can't track them but also people aren't mad at me for "tracking" them.
I took amtrak from Chicago to DC recently and my phone was constantly trying to tell me I was being followed/tracked cause someone else in the sleeper car had an airtag.
I get notifications about my daughter’s AirPods following me, when she is with me. My daughter is part of my Apple Family plan, and the AirPods show up in my Find My devices. I thought this article was about handling those notifications, at first.
> you should only get the notification if the tag isn't with its owner
My airtag occasionally thinks it's not with me and apple watch wakes me up in the middle of the night even though my bag is in the next room of this tiny flat.
Yeah, I'm still trying to make sense of this, at all. Lots of technobable flying around and no big picture talk. Why the fuck would Google and Apple work together on this AND trash their tech at the same time. Feels like they are trying to stave off regulation.
Someone will find a way around this. It's too fun of a hack to go unanswered for more than a week. Now only the criminals will have this physical tracking ability (well,them and Apple+Google).
My wife fitted her luggage with AirTags but doesn't have an iPhone (just an iPad, normally turned off). The alerts I get are maddening, but I'd rather receive them than disable all alerting...
You know what would be even better? That they agree on a common standard for interoperability between both systems. They both work in the similar way and do the same thing, this would be great to have a standard.
“Apple and Google have worked together to create an industry specification”
…
“Apple and Google will continue to work with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard for this technology.”
That’s what is happening here. I’m not sure why people are always quick to assume negatives without doing even the most cursory reading of linked articles.
I should have made my point clear, but I'm referring to the tracking compatibility feature, that an airtag would be compatible for geolocation with the Android ecosystem and vice-versa toward building a global single tracking network instead of having 2 coexisting networks.
I think the problem they're referring to is that we're being dragged through this brouhaha to stop an unintended side-effect from a proprietary network. In an ideal world Android users can detect unwanted Airtags because the protocol is documented and open. In the world we live in, Google has to go out of their way to solve problems Apple is inventing for them.
The only possible interpretation of this is that Apple knows their current system wouldn't survive antitrust inquiries. So they're making a pathetically marginal concession ("well we did let you track the hostile users!") to cement the rationale of a pointlessly insular system. Once again, Apple is refusing to fully solve a fixable problem in order to artificially create a market in which to sell their solution.
"Apple and Google will continue to work with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard for this technology."
IOW:
"BigCorpA and BigCorpG will continue to work with Why Must This Task Force No Longer Focus On Progressing The Common Good And Instead Now Need To Focusing On Helping Try To Mitigate The Mess That Big Corps Are Causing via the Trying To Unfuck BigCorpA's Massive Privacy Oversight working group to develop an official standard which only BigCorpA and BigCorpG will have the resources to implement."
This is such a charade. Making "invisible" airtags is trivial [1], and I wouldn't be surprised if such airtags are being manufactured en-masse.
We allowed the creation of a global tracking network under the false pretense of privacy. The entire Find My security model falls apart when considering "malicious" tags, and Apple knew about this from the start.
In the security world, it seems accepted that no security effort is a silver bullet that's 100% impossible to get around.
Rather, it seems best practice to compose many layers of security efforts, which all work to raise the level of effort an attacker is required to exploit people.
Will this work with malicious tags as well? I.e. tags that are designed to not communicate with a given phone but with other devices nearby? Can that be detected? My understanding is that regular tags will communicate with all phones, but maybe there’s a way to differentiate who to respond to or change identity for every ping? Not familiar with the exact protocol but basically many different tags near a phone wouldn’t trigger the warning, so if a tag can produce multiple identifiers that the adversary controls it could still evade detection?
As far as I am aware, there is no way to stop malicious tags without modifying the protocol to authenticate the messages being broadcast as originating form a genuine tag. [1]
Making a tag that is not trackable is currently as easy as flipping a bit in the BLE advertisement. The same message is broadcast to all phones, but yes, a tag could also produce multiple identifiers and evade detection. [2]
[1]: Section 8 of "Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem". https://eprint.iacr.org/2023/1332.pdf
Seems like in theory you could do that, though there are definitely heuristics you could apply to detect those tags, depending on how stealthy they are being.
Also on the servers side Apple could just limit you to a reasonable number of tags.
So if people are sticking these on valuable items, is the use case now for thieves to break into a house, wander around and be alerted when said valuable items (which are hidden or otherwise not obviously evident) are close by?
I would hope the threshold that has to be crossed for the alert functionality to trigger is more than a few minutes of proximity. Both items would have to move to together to weed out false positives, otherwise you’d set everything off at an airport terminal…
Readit News
Apple is only supporting latest version of iOS (17.5).
1. Your point still stands, but this is because this update is probably shipping as a Google Play Framework update, which works on >= 6.0. Google is not (to my knowledge) releasing a new firmware.
Apple would do well to decouple certain software components from iOS, IMHO.
2. In case others are curious about iOS version market share, statcounter's stats for April 2024:
17.4 (current until today): 51%
17.3: 22%
16.6: 4.3%
16.7: 3.18%
16.1: 2.8%
16.3: 2.12%
https://gs.statcounter.com/os-version-market-share/ios/mobil...
iOS 17 runs on 80% of current iPhones in use
https://telemetrydeck.com/blog/ios-market-share-03-24/#:~:te....
A lot of the early Fire TV devices are still out there running Android 5.0, and they are actively used.
I reckon the WhatsApp userbase OS distribution skews much more to older android versions compared to an app that mostly enjoys US/1st world country userbase.
Just that Android devices are not involved in tracking of AirTags, as of today only iOS devices actually share the location of AirTags back to Apple.
They maybe want to change that, but considering the huge amount of volume disparity between AirTags and Google's tags, I assume Apple would have to pay Google for the service of extending their tracking-network...
Or for contractual reasons, or for some technical reason it was easy enough to be "why not"
That means someone can steal your stuff, and then disable the tracker so you can't find it. Most people and myself included were sticking these cheap tags on everything we own, and it was genuinely useful during travel or in scenarios where theft was a consideration.
This is by design. AirTags were never marketed as an anti-theft device. They had anti-stalking features from day one which were/are at odds with anti-theft.
It was marketed as helping you find things that are lost, nothing more.
The AirTag has anti-stalking protection. An important feature, but not something the owner of the AirTag may want.
iPhones share the location of nearby AirTags with apple. Good for the owner of those AirTags, but the owner of the iPhone may not want this.
So it is now on me to know whether my object is lost or stolen? Even if I magically knew all the details, that isn't a bright line rule. One person's "lost" luggage is another's stolen electronics. Clearly, more people are using these things to track down stuff that has been taken rather than find the remote control lost somewhere in their living room.
Will apple allow people to disable the tracking of other people's iPhones too in the name of privacy? What if my wife leaves her phone in my car? Can I get tracking disabled on that phone so she cannot track my location?
This has always been the case with AirTags. They've had anti-stalking notifications since day one, and disabling one is as easy as a quarter test of the case to remove the battery.
https://github.com/seemoo-lab/openhaystack
Are you sure? It seems to me that the anti stalking features depend on the stalkee's / tief's software stack, not the stalker's stack.
> All you need is a Mac and [...]
If Apple's position is - "then don't buy it", they can come out and say it. They certainly have that right.
Deleted Comment
I ask because I'm at a loss. BLE from these little devices has ~40ft of range on a good day, and even if a mesh network were involved, I fail to see what the airtag could do that would help you recover your item. Sound an alarm? Great, the thief knows where it is now, and they can just yank it out and throw it in the trash. Give you GPS coordinates? Great, that'll really help after you find security, tell them what happened, convince them it's urgent, and explain to them what they're looking at when you show them the app. Of course that all assumes the airtag (or a nearby mesh device) has a useful GPS fix, and the thief hasn't already found the tag and thrown it in a trash can or something.
Imo without these features it would be rather unlikely for a thief to find AirTags quickly or even realize it’s there.
The ~40ft range is more than enough, the global mesh network of all iPhones is the whole point of the AirTags, there’s no “gps fix”.
Bury the tracker somewhere too inconvenient to locate and remove quickly, and they'll count on not removing it until later (or they'll just ditch it once it starts beeping).
It has never been advertised for that has it?
Every time this comes up, someone butts in with "they're for lost items, not stolen ones!", which is technically accurate but pedantic beyond reason. "Stolen" is a special case of "lost" for most people. In both cases the object is out of the owner's possession. "Stolen" just means it's deliberately missing and not accidentally so.
I understand, sympathize, and support the idea of making life harder for would-be stalkers. My gut instinct says non-notifying AirTags would make life harder for many more thieves than the self-tattling AirTags does stalkers. Apple and Google agree with each other that inconveniencing those losers outweighs abetting thieves. That's their decision to make. I'd still be irritated if I couldn't find my lost-with-the-help-of-a-thief bike because my AirTag told the thief I was looking for it.
So if your bike thief had an iPhone, they'd be able to find the tag anyway?
AFAIK the only major difference is that it's now being baked into the Android OS so people don't need to actively download the app.
When people "misuse" any technology, it seems the consensus nowadays is that the responsibility is shared between the technology creator/owner and law enforcement. Personally, I'm not fully sold as this is mainly a sociopolitical question.
The anti-stalking bias degrades the product for people who've bought an AirTag and become victims of theft. It's a limited population. People are unaffected by default.
The anti-theft bias means everybody is a potential victim of stalking. If I have no interest in AirTags, anybody else can still tape one to the bottom of my car and track me wherever I go. Everybody is potentially affected.
Even if theft is far more common than stalking, an anti-theft bias would be a tough position for Apple to defend if it means they're potentially facilitating stalking for the entire population. It may not be ideal, but I can understand it.
(And no, this isn’t connected to current politics—I’ve not known cops to care about tracking down stolen good no matter how much evidence you can hand them, since at least the 90s)
AirTag isn't the right product for you. Buy a tracker from somebody else.
This feels incredibly minimizing for people who have been stalked. Or people fleeing domestic abuse, human trafficking, or other forms of abuse where controlling a person’s movement is a large part of the harm being inflicted.
Stalking covers a wide range of activity that impacts people who are usually in a vulnerable or dangerous situation. The people who would use tags to track people aren’t just “losers”, they’re pimps, rapists, murderers, abusive spouses, and so many other awful things.
Inconveniencing them far outweighs someone stealing your luggage.
Which is annoying, because I have an Android and my wife has an iPhone, and it would be nice to be able to both track the same objects.
I had a tile, however I fianlly got rid of it when I was unable to locate my keys in my house. It sent me on a wild goose chase saying that it had been last seen near my bins.
I was in the same room as them for the first 15 minute of it beaconing.
Airtags seem to acutally work reliably, and because you don't need the app running, has a good network to find them outside of my house
Had the odd experience of going to a retreat where everyone sat listening to speakers, and then all went to lunch, and then back to the speakers, then all to dinner, then back to the speakers. And my iPhone popped up an alert that there was an airtag following me. (It wasn't of course it was an airtag in another attendee's bag to track their bag which they had with them, near me kind of randomly, but being driven by the same forces of movement :-)).
This notification would be utterly useless if that were no longer the case: you'd spend half your time on a flight or bus ride closing the unwanted and unhelpful popups.
My airtag occasionally thinks it's not with me and apple watch wakes me up in the middle of the night even though my bag is in the next room of this tiny flat.
Someone will find a way around this. It's too fun of a hack to go unanswered for more than a week. Now only the criminals will have this physical tracking ability (well,them and Apple+Google).
“Apple and Google have worked together to create an industry specification”
…
“Apple and Google will continue to work with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard for this technology.”
That’s what is happening here. I’m not sure why people are always quick to assume negatives without doing even the most cursory reading of linked articles.
The only possible interpretation of this is that Apple knows their current system wouldn't survive antitrust inquiries. So they're making a pathetically marginal concession ("well we did let you track the hostile users!") to cement the rationale of a pointlessly insular system. Once again, Apple is refusing to fully solve a fixable problem in order to artificially create a market in which to sell their solution.
IOW:
"BigCorpA and BigCorpG will continue to work with Why Must This Task Force No Longer Focus On Progressing The Common Good And Instead Now Need To Focusing On Helping Try To Mitigate The Mess That Big Corps Are Causing via the Trying To Unfuck BigCorpA's Massive Privacy Oversight working group to develop an official standard which only BigCorpA and BigCorpG will have the resources to implement."
We allowed the creation of a global tracking network under the false pretense of privacy. The entire Find My security model falls apart when considering "malicious" tags, and Apple knew about this from the start.
[1]: https://github.com/Guinn-Partners/esp32-airtag
- 4x the cost plus ongoing fees
- 2x larger
- can’t buy it at any big box store
- relies on a third party who can also see what you’re tracking
- battery limited to weeks, not years
Accessibility and features make these way more compelling
In the security world, it seems accepted that no security effort is a silver bullet that's 100% impossible to get around.
Rather, it seems best practice to compose many layers of security efforts, which all work to raise the level of effort an attacker is required to exploit people.
So I think it's unfair to say this is a charade.
Making a tag that is not trackable is currently as easy as flipping a bit in the BLE advertisement. The same message is broadcast to all phones, but yes, a tag could also produce multiple identifiers and evade detection. [2]
[1]: Section 8 of "Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem". https://eprint.iacr.org/2023/1332.pdf
[2]: "Track You: A Deep Dive into Safety Alerts for Apple AirTags". https://petsymposium.org/popets/2023/popets-2023-0102.pdf
https://github.com/seemoo-lab/openhaystack?tab=readme-ov-fil...
Seems like in theory you could do that, though there are definitely heuristics you could apply to detect those tags, depending on how stealthy they are being.
Also on the servers side Apple could just limit you to a reasonable number of tags.
Deleted Comment
They can't just go around the house waving a very expensive iPhone to find the items :D