Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent.
"This will help mitigate the misuse of devices designed to help keep track of belongings," the companies said in a joint statement, adding it aims to address "potential risks to user privacy and safety."
The proposal for a cross-platform solution was originally unveiled exactly a year ago by the two tech giants.
The capability – dubbed "Detecting Unwanted Location Trackers" (DULT) – is available in Android devices running versions 6.0 and later, and iOS devices with iOS 17.5, which was officially shipped yesterday.
As part of the industry specification, Android users will receive a "Tracker traveling with you" alert if an unidentified Bluetooth tracking device is detected as moving along with them over time, irrespective of the platform it's paired with. On iOS, users will get an "[Item] Found Moving With You" message.
Regardless of the operating system, users who receive such an alert have the option to view the tracker's identifier, play a sound to help locate it, and access instructions to disable it.
"This cross-platform collaboration — also an industry first, involving community and industry input — offers instructions and best practices for manufacturers, should they choose to build unwanted tracking alert capabilities into their products," the companies said.
The development comes in response to reports that trackers like AirTags are being used by bad actors for malicious or criminal purposes, often abused as a nefarious tracking tool by domestic abusers to stalk their targets.
A class-action lawsuit filed against Apple in October 2023 alleged that AirTags have become "one of the most dangerous and frightening technologies employed by stalkers" and that they can be used to determine "real-time location information to track victims."
Last year, a group of researchers from Johns Hopkins University and the University of California, San Diego, devised a cryptographic scheme that offers a better trade-off between user privacy and stalker detection through a mechanism called multi-dealer secret sharing (MDSS).
"MDSS extends standard secret sharing to admit multiple dealers with multiple secrets while achieving new properties of unlinkability and multi-dealer correctness," the academics said in a paper titled "Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem."
Apple Backports Fix for CVE-2024-23296
The DULT announcement also follows Apple's decision to backport a fix released in March 2024 for a security flaw in the RTKit real-time operating system (CVE-2024-23296) to devices running older versions of iOS, iPadOS, and macOS.
The vulnerability, which allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections, has come under active exploitation in the wild, although technical specifics on the nature of these attacks are presently unknown.
Patches for the shortcoming are available in the following versions -
- iOS 16.7.8 and iPadOS 16.7.8 - iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- macOS Ventura 13.6.7 - Macs running macOS Ventura
Apple's iOS 17.5 update also remediates a total of 15 security vulnerabilities, including flaws in AppleAVD (CVE-2024-27804) and the kernel (CVE-2024-27818) that could be exploited to cause unexpected app termination or arbitrary code execution. The same two flaws have been resolved in macOS Sonoma 14.5.