Apple and Google on Monday officially announced the release of a new feature that notifies users on both iOS and Android if a Bluetooth tracking device is being used to surreptitiously monitor them without their knowledge or consent.
“This will help mitigate the misuse of devices designed to help track belongings,” the companies said in a joint statement, adding that the goal was to address “potential risks to user privacy and safety.”
The proposal for a cross-platform solution was originally revealed exactly a year ago by the two tech giants.
The feature – called Detect Unwanted Location Trackers (DULT) – is available on Android devices running version 6.0 and later and iOS devices with iOS 17.5, which was officially shipped yesterday.
As part of the industry specification, Android users will receive a “Tracker traveling with you” alert if an unidentified Bluetooth tracker is detected traveling with them over time, regardless of the platform it’s connected to. On iOS users will get “[Item] Intended to move with you’.
Regardless of the operating system, users who receive such an alert have the option to see the tracker’s ID, play a sound to help it find it, and access instructions to disable it.
“This cross-platform collaboration — also an industry first, featuring community and industry input — offers guidance and best practices for manufacturers should they choose to build unwanted tracking warning capabilities into their products,” the companies said.
The development comes in response to reports that trackers like AirTags are being used by bad actors for malicious or criminal purposes, often misused as a rogue tracking tool by domestic abusers to stalk their targets.
A class action lawsuit filed against Apple in October 2023 claimed that AirTags have become “one of the most dangerous and frightening technologies used by stalkers” and that they can be used to determine “real-time location information to track down victims’.
Last year, a group of researchers from Johns Hopkins University and the University of California, San Diego developed a cryptographic scheme that offers a better compromise between user privacy and stalker detection through a mechanism called multi-dealer secret sharing (MDSS).
“MDSS extends standard secret sharing to allow multiple dealers with multiple secrets, while achieving new properties of disjointness and multi-dealer correctness,” the academics said in a paper titled “Abuse-Resistant Location Tracking: Balancing Privacy and safety in the offline discovery ecosystem. “
Apple Backports fix for CVE-2024-23296
The DULT announcement also follows Apple’s decision to port a patch released in March 2024 for a security flaw in the real-time operating system RTKit (CVE-2024-23296) to devices running older versions of iOS, iPadOS and macOS.
The vulnerability, which allows an attacker with arbitrary kernel read/write capability to bypass kernel memory protections, is being actively exploited in the wild, although the technical specifics of the nature of these attacks are currently unknown.
Patches for the flaw are available in the following versions –
Apple’s iOS 17.5 update also fixes a total of 15 security vulnerabilities, including AppleAVD (CVE-2024-27804) and kernel (CVE-2024-27818) vulnerabilities that could be exploited to cause an unexpected application termination or arbitrary code execution. The same two flaws are resolved in macOS Sonoma 14.5.