How your iPhone could tell you if you're being stalked

How your iPhone could tell you if you’re being stalked

The latest iOS beta suggests that Apple’s next big update will include an iPhone feature that warns users about hidden, physical surveillance of their location. The feature detects AirTags, Apple’s answer to trackable fobs made by Tile, and serves to block the potential abuse of the much-rumored product.

While the feature represents great potential, digital surveillance experts said that they were left with more questions than answers, including whether surveilled iPhone users will be pointed to helpful resources after receiving a warning, how the feature will integrate with non-Apple products—if at all—and whether Apple coordinated with any domestic abuse advocates on the actual language included in the warnings.

Erica Olsen, director of Safety Net at the National Network to End Domestic Violence, emphasized the sensitivities of telling anyone—particularly domestic abuse survivors—about unknown surveillance that relies on a hidden device.

“It could be extremely scary to get a notification about a device and have no idea where to start to locate and disable it,” Olsen said. “That’s not to say that it’s a bad thing; it just needs to be thorough.”

Apple did not respond to questions regarding the language of its notifications or about the company’s potential outreach to external domestic abuse advocates in crafting the feature. Members of the Coalition Against Stalkerware—of which Malwarebytes is a founding partner—said they were open to collaborate with Apple on the feature.

New “Item Safety Alerts”

According to 9to5Mac, the latest beta version for iOS 14.5 includes an update to the “Find My” app, which helps users locate iPhones, iPads, iPod Touches, and Mac computers that may have been lost or stolen. Importantly, while each of those devices can run the Find My app for their respective operating systems, it is only the iPhone version of the app—as witnessed in the iOS 14.5 beta—that includes a new setting called “Item Safety Alerts.”

The setting is turned on by default, and, according to Apple blogger and iOS developer Benjamin Mayo, any attempts to turn off the setting will result in a warning that reads:

“The owner of an unknown item will be able to see your location and you will no longer receive notifications when an unknown item is found moving with you.”

As the iOS update is still in beta, there is limited information, and the “notifications” referenced in the Item Safety Alerts advisory have not been revealed. However, the advisory itself reveals the purpose of the alerts: To warn iPhone users in the future about whether separate, unknown devices are being tracked that are in close, frequent proximity to their iPhone.

In theory, this type of surveillance has been possible for years. By abusing the intentions of Apple’s Find My app, a stalker or a domestic abuser could plant a device that can be tracked by Find My, such as an iPhone or an iPod touch, onto a victim and track their movements. But, while this type of location monitoring was possible, it also had some obvious obstacles. One, purchasing a capable device could be expensive, and two, the actual devices that can be tracked are rather easy to find, even to unsuspecting victims. After all, it isn’t every day that someone just happens to find an entirely different phone in their gym bag.

Those obstacles could fade away, though, if Apple follows through on releasing its next, rumored product.

According to multiple tech news outlets, Apple will release physical location-tracking tags in 2021, dubbed “AirTags.” The devices could directly compete with the company Tile, which makes small, physical squares of plastic which can slipped into personal items likes luggage, purses, backpacks, wallets, and other important items that could be lost or stolen.

Unfortunately, the smaller a location-tracking device is, the easier it is to use it against someone without their consent, as revealed by a woman in Houston who said her ex stalked her after planting a Tile device in her car. The woman, who remained anonymous for her safety, told ABC 13 news in an interview:

“It was shocking. In a million years, it never occurred to me that could be possible and instantly everything made sense. I think that’s what’s important that for people who are in a domestic violence situation or stalking situation to know that should be a consideration.”

The iOS 14.5 beta feature, then, makes much more sense when accounting for a potential future with Apple’s AirTags. Malicious users could purchase AirTags and sneak them into a person’s purse or their backpack without their knowledge.

The new “Item Safety Alerts” could curb that type of abuse, though, warning users about unrecognized devices that are located in the same vicinity as their current device, but are not registered through their own Find My app.

Important considerations for Apple

Several representatives from members of the Coalition Against Stalkerware said that Apple’s new feature has real potential to help users, but without more details, many questions remain.

Tara Hairston, head of public affairs for North America at Kaspersky, said she wanted to know more about how Find My could work with third-party devices, so that clandestine surveillance could be detected beyond the use of Apple’s rumored AirTags, and beyond the use of an iPhone, too. According to 9to5Mac, the updates to Find My include a new “Item” tab to track third-party accessories, but questions from Malwarebytes Labs to Apple about the extent of that cross-functionality went unanswered.

Hairston also expressed concerns about the development of the feature.

“A question I have is whether Apple has discussed the alert’s language with professionals and advocates that work with domestic violence survivors to ensure that it is not re-traumatizing for them,” Hairston said. “Furthermore, does Apple plan to provide information regarding what someone should do if they confirm that they are being tracked, especially if they are a survivor? Accounting for these types of safety considerations would result in more holistic support for vulnerable populations.”

These are routine considerations for the Coalition Against Stalkerware, which was intentionally built as a cross-disciplinary group to help protect users from the threats of stalkerware. For the same reason that the coalition’s domestic violence advocates are not the experts on technological sample detection, the coalition’s cybersecurity vendors are not the experts on protecting survivors from domestic abuse. But when the members work together, they can do informed, great things, like developing a new way to detect stalkerware which can happen outside of a compromised device—a critical need that many cybersecurity vendors did not know about until joining the coalition.

At Malwarebytes Labs, we await the release of Apple’s feature, and we are eager to learn about the work that went into it. Any company taking steps to limit non-consensual surveillance is a good thing. Let’s work together to make it great.


David Ruiz

Pro-privacy, pro-security writer. Former journalist turned advocate turned cybersecurity defender. Still a little bit of each. Failing book club member.