Several rumors that preceded Apple’s WWDC 2019 keynote said that the Find My iPhone and Find My Friends app would be merged into a single entity called Find My once iOS 13 and macOS 10.15 rolled out. Apple sure delivered on that front, releasing a new application that exceeded anyone’s expectations. The app can find lost or stolen devices as well as friends, but, unlike its predecessors, it can even find devices that have been turned off after being stolen.
Apple came up with an innovative yet secure way to pinpoint the location of iPhones, iPads, and Macs that don’t have an active cellular or Wi-Fi connection. These devices send out Bluetooth signals that can be picked up by other Apple devices out in the wild, and that’s how you end up with the last known location of your stolen gadget. The whole thing has been conceived in such a way that location information is only available to you, and the technology behind the feature can’t be abused or used to track other people.
Apple said on stage that it all happens with minimal data use, so you don’t have to worry about battery life or data usage. The company also said that it’s all end-to-end encrypted, which means that nobody can access that information. Apple has further explained how the technology works to Wired, revealing some of the secrets behind it — but not all of them.
The most important thing you should know before using Find My to protect your devices is that you need at least two different Apple products to enable the feature and use it if one gets stolen.
Each of these devices emits a key that continuously changes, but it’s a key that other devices can pick up and encrypt before sending it to Apple’s servers. The geolocation data, however, can’t be decrypted by Apple or anyone else who might get that information. You’d need to access it using your other Apple device or devices in order to decrypt it.
That’s because your devices share a private key that’s both unguessable and protected by end-to-end encryption. The devices also generate public keys that are then sent out to other nearby Apple devices. The iPhones that pick up that public key, say from a MacBook that’s asleep in a thieve’s backpack, combine it with location data and send the info to Apple. To decrypt the data, you’d need your private key from your other device. Hopefully, nobody steals all of your Apple devices at once.
On top of that, there’s one other protection built into the system. The public key that’s sent out also changes periodically and the new number isn’t tied to the previous versions of it. That means nobody will be able to track you using this Bluetooth beacon functionality, not even Apple. Apple didn’t explain how often the key changes or how it retains the ability to pair the public key with the private key. And these are secrets that should not be shared in the first place.
With Find My and Activation Lock protections in place, it should be nearly impossible for thieves to steal iPhones and Macs. And if they do, it should be even easier for you to find your devices once iOS 13 and macOS Catalina launch. Again, you’ll need to own at least two Apple products for this to work, and make sure that both Find My and Activation Lock are enabled.