Apple and Google on Monday officially announced a new feature that notifies users on both iOS and Android if a Bluetooth tracking device is being used to keep them private without their knowledge or consent.
“This will help mitigate the misuse of devices designed to track things,” the companies said in a joint statement, adding that it aims to address “potential risks to user privacy and security.”
The proposal for a cross-platform solution was originally unveiled exactly one year ago by the two tech giants.
The feature, called Detect Unwanted Locators (DULT), is available on Android devices running version 6.0 and later and iOS 17.5, which officially shipped yesterday.
As part of the industry standard, Android users will receive a “Tracker that travels with you” notification if an unknown Bluetooth-tracking device is detected moving with them over time, regardless of which platform it’s paired to. On iOS, users will get “[Item] Found Moving With You” message.
Regardless of operating system, users who receive such an alert have the option to view the tracker’s identifier, play a sound that helps them find it, and access instructions to disable it.
“This cross-platform collaboration, which is also an industry first that includes community and industry input, offers guidance and best practices for manufacturers should they choose to incorporate unwanted tracking capabilities into their products,” the companies said.
The development comes in response to reports that trackers like AirTags are being used by bad actors for malicious or criminal purposes, often misused by domestic abusers as an abusive stalking tool to stalk their targets.
A class-action lawsuit against Apple filed in October 2023 said AirTags have become “one of the most dangerous and intimidating technologies used by detectives” and that they can be used to “track victims with real-time location information.”
Last year, a team of researchers from Johns Hopkins University and the University of California, Berkeley developed an encryption scheme that offers a better compromise between user privacy and spy detection through a mechanism called Multi-Dealer Secret Exchange (MDSS).
“MDSS extends standard secret exchange to accept multiple dealers with multiple secrets, while achieving new properties of non-connection and multi-dealer correctness,” the researchers said in “Behind an Abuse-Resistant Location: “
Apple Backports Fix for CVE-2024-23296
DULT’s announcement also follows Apple’s decision to release a March 2024 fix for a security flaw in the RTKit real-time operating system (CVE-2024-23296) for devices running older versions of iOS, iPadOS, and macOS.
The vulnerability, which allows an attacker with arbitrary kernel read and write capabilities to bypass kernel memory protections, has been actively exploited in the wild, although the technical details of the nature of these attacks are currently unknown.
Patches for deficiencies are available in the following versions:
Apple’s iOS 17.5 update also addresses a total of 15 security vulnerabilities, including flaws in AppleAVD (CVE-2024-27804) and kernel (CVE-2024-27818) that could be exploited to cause an unexpected application termination or arbitrary code execution : The same two flaws are fixed in macOS Sonoma 14.5.