One of the most intriguing changes in iOS 13 and macOS 10.15 is a merged Find My Friends and Find My iPhone application. The new app converts all of your Apple devices into Bluetooth beacons, enabling you to locate an offline device based on its proximity to any other Apple device. Now, Apple is offering up a bit more detail about the security features for the Find My application.
Here’s how Apple describes offline location support in the new Find My app:
On stage at WWDC on Monday, Craig Federighi explained that the whole interaction involved in Find My’s offline mode is “end-to-end encrypted and anonymous.” Apple offered more details on the security aspect of the functionality to Wired this week.
One of the most interesting tidbits in the piece is that the find offline devices feature of iOS 13 requires that you own two Apple products. Essentially, that second Apple product is the one that holds the key to decrypt the location of an offline device:
Furthermore, Find My’s cryptography denies even Apple the ability to learn a user’s location based on the Bluetooth beacon technology. This is actually an improvement over the Find My iPhone and Find My Friends individual applications.
The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations.
Here’s how the cryptography should work in the real world:
The full Wired article is definitely worth a read.
