The latest iOS beta suggests that Appleās next big update will include an iPhone feature that warns users about hidden, physical surveillance of their location. The feature detects AirTags, Apple’s answer to trackable fobs made by Tile, and serves to block the potential abuse of the much-rumored product.
While the feature represents great potential, digital surveillance experts said that they were left with more questions than answers, including whether surveilled iPhone users will be pointed to helpful resources after receiving a warning, how the feature will integrate with non-Apple productsāif at allāand whether Apple coordinated with any domestic abuse advocates on the actual language included in the warnings.
Erica Olsen, director of Safety Net at the National Network to End Domestic Violence, emphasized the sensitivities of telling anyoneāparticularly domestic abuse survivorsāabout unknown surveillance that relies on a hidden device.
āIt could be extremely scary to get a notification about a device and have no idea where to start to locate and disable it,ā Olsen said. āThatās not to say that itās a bad thing; it just needs to be thorough.ā
Apple did not respond to questions regarding the language of its notifications or about the companyās potential outreach to external domestic abuse advocates in crafting the feature. Members of the Coalition Against Stalkerwareāof which Malwarebytes is a founding partnerāsaid they were open to collaborate with Apple on the feature.
New āItem Safety Alertsā
According to 9to5Mac, the latest beta version for iOS 14.5 includes an update to the āFind Myā app, which helps users locate iPhones, iPads, iPod Touches, and Mac computers that may have been lost or stolen. Importantly, while each of those devices can run the Find My app for their respective operating systems, it is only the iPhone version of the appāas witnessed in the iOS 14.5 betaāthat includes a new setting called āItem Safety Alerts.ā
The setting is turned on by default, and, according to Apple blogger and iOS developer Benjamin Mayo, any attempts to turn off the setting will result in a warning that reads:
āThe owner of an unknown item will be able to see your location and you will no longer receive notifications when an unknown item is found moving with you.ā
As the iOS update is still in beta, there is limited information, and the ānotificationsā referenced in the Item Safety Alerts advisory have not been revealed. However, the advisory itself reveals the purpose of the alerts: To warn iPhone users in the future about whether separate, unknown devices are being tracked that are in close, frequent proximity to their iPhone.
In theory, this type of surveillance has been possible for years. By abusing the intentions of Appleās Find My app, a stalker or a domestic abuser could plant a device that can be tracked by Find My, such as an iPhone or an iPod touch, onto a victim and track their movements. But, while this type of location monitoring was possible, it also had some obvious obstacles. One, purchasing a capable device could be expensive, and two, the actual devices that can be tracked are rather easy to find, even to unsuspecting victims. After all, it isnāt every day that someone just happens to find an entirely different phone in their gym bag.
Those obstacles could fade away, though, if Apple follows through on releasing its next, rumored product.
According to multiple tech news outlets, Apple will release physical location-tracking tags in 2021, dubbed āAirTags.ā The devices could directly compete with the company Tile, which makes small, physical squares of plastic which can slipped into personal items likes luggage, purses, backpacks, wallets, and other important items that could be lost or stolen.
Unfortunately, the smaller a location-tracking device is, the easier it is to use it against someone without their consent, as revealed by a woman in Houston who said her ex stalked her after planting a Tile device in her car. The woman, who remained anonymous for her safety, told ABC 13 news in an interview:
“It was shocking. In a million years, it never occurred to me that could be possible and instantly everything made sense. I think that’s what’s important that for people who are in a domestic violence situation or stalking situation to know that should be a consideration.”
The iOS 14.5 beta feature, then, makes much more sense when accounting for a potential future with Appleās AirTags. Malicious users could purchase AirTags and sneak them into a personās purse or their backpack without their knowledge.
The new āItem Safety Alertsā could curb that type of abuse, though, warning users about unrecognized devices that are located in the same vicinity as their current device, but are not registered through their own Find My app.
Important considerations for Apple
Several representatives from members of the Coalition Against Stalkerware said that Appleās new feature has real potential to help users, but without more details, many questions remain.
Tara Hairston, head of public affairs for North America at Kaspersky, said she wanted to know more about how Find My could work with third-party devices, so that clandestine surveillance could be detected beyond the use of Appleās rumored AirTags, and beyond the use of an iPhone, too. According to 9to5Mac, the updates to Find My include a new āItemā tab to track third-party accessories, but questions from Malwarebytes Labs to Apple about the extent of that cross-functionality went unanswered.
Hairston also expressed concerns about the development of the feature.
āA question I have is whether Apple has discussed the alertās language with professionals and advocates that work with domestic violence survivors to ensure that it is not re-traumatizing for them,” Hairston said. “Furthermore, does Apple plan to provide information regarding what someone should do if they confirm that they are being tracked, especially if they are a survivor? Accounting for these types of safety considerations would result in more holistic support for vulnerable populations.ā
These are routine considerations for the Coalition Against Stalkerware, which was intentionally built as a cross-disciplinary group to help protect users from the threats of stalkerware. For the same reason that the coalitionās domestic violence advocates are not the experts on technological sample detection, the coalitionās cybersecurity vendors are not the experts on protecting survivors from domestic abuse. But when the members work together, they can do informed, great things, like developing a new way to detect stalkerware which can happen outside of a compromised deviceāa critical need that many cybersecurity vendors did not know about until joining the coalition.
At Malwarebytes Labs, we await the release of Appleās feature, and we are eager to learn about the work that went into it. Any company taking steps to limit non-consensual surveillance is a good thing. Letās work together to make it great.
