Full Report
Apple's trackers have been misused to track some without their consent. Here's how to check if an AirTag is tracking you, whether you use an iPhone or Android phone. Plus, what to do next if you find one.
Analysis Summary
# Best Practices: Detecting and Mitigating Unwanted Bluetooth Tracking (AirTags and Similar Devices)
## Overview
These practices focus on leveraging operating system features (iOS and Android) and dedicated applications to identify, locate, and disable unauthorized Bluetooth tracking devices, such as Apple AirTags, that are moving with an individual without their consent. This addresses the privacy and security risk posed by these devices being used for covert tracking.
## Key Recommendations
### Immediate Actions
1. **Check Automatic Alerts:** If you suspect you are being tracked, check your phone immediately. Both modern iOS and Android devices should automatically alert you if an unknown Bluetooth tracker is moving with you.
2. **Manually Scan (Android):** If you are on Android and suspect tracking, use the Apple Tracker Detect app (if an AirTag is suspected) or utilize the built-in Google Find My feature (if applicable) to initiate an immediate scan for nearby unknown trackers.
3. **Listen for Audible Signals:** If you hear an unfamiliar sound (chirping or ringing) from an unknown source, immediately perform a manual search of your person, bags, jacket pockets, and belongings.
### Short-term Improvements (1-3 months)
1. **Ensure Notification Services are Active (iOS):** Verify that Tracking Notifications are enabled within the Find My settings on your iPhone to receive alerts when unknown trackers are detected nearby and moving with you.
2. **Enable Unknown Tracker Alerts (Android):** Confirm that the "Unknown Tracker Alerts" feature is toggled "On" within the Safety & Emergency settings on your Android device (Android 6.0+).
3. **Disable Suspect Trackers Physically:** If a tracker is positively identified, immediately disable it by physically removing its internal battery. This stops all tracking functionality.
### Long-term Strategy (3+ months)
1. **Maintain OS Updates:** Regularly update your mobile operating system (iOS and Android) to ensure you have the latest security patches and feature parity for unknown tracker detection capabilities provided by Apple and Google.
2. **Educate on Cross-Platform Detection:** Understand that alerts are available for both iOS (Find My network accessories) and modern Android devices, and download the Apple Tracker Detect app if using an older Android version or if you wish to perform manual scans proactively.
3. **Review Physical Security Posture:** Regularly audit high-value personal items (wallets, luggage) for unauthorized devices, especially after visiting public or untrusted locations.
## Implementation Guidance
### For Small Organizations
- **Device Management Check:** Ensure all employee-owned or company-issued mobile devices meet the minimum OS requirements (iOS or Android 6.0+) necessary to run the built-in or required third-party tracking detection applications.
- **Basic Security Awareness:** Inform staff that unauthorized tracking devices exist and they should report any "AirTag found moving with you" notifications to IT/Security immediately for investigation.
### For Medium Organizations
- **Policy Integration:** Integrate awareness of Bluetooth tracker misuse into general security awareness training, emphasizing personal device security and reporting procedures.
- **Cross-Platform Deployment:** If organization policies mandate security apps, ensure any deployment scripts include instructions or checks for enabling necessary location services and Bluetooth access for tracking alerts.
### For Large Enterprises
- **Incident Response Planning:** Develop a specific, low-level incident response procedure for scenarios involving suspected unauthorized tracking. This needs to include guidance on when/how to involve law enforcement if threats are identified.
- **Configuration Baselines:** Establish strict configuration baselines for critical mobile assets, mandating that Location Services, Bluetooth, Find My integration, and Significant Locations are enabled as required by detection mechanisms.
## Configuration Examples
### Enabling Tracking Notifications (iOS Users)
1. Navigate to **Settings**.
2. Select **Privacy & Security**.
3. Tap **Location Services** and ensure it is **On**.
4. Go to **System Services** and verify that **Find My iPhone** and **Significant Locations** are enabled.
5. Return to the main **Settings** menu and select **Bluetooth**, ensuring it is **On**.
6. Open the **Find My** app, tap the **Me** tab ($\text{bottom right}$).
7. Navigate to **Tracking Notifications** and toggle the feature **On**.
8. Confirm **Airplane Mode is Off**.
### Enabling Unknown Tracker Alerts (Android Users - Android 6.0+)
1. Navigate to **Settings**.
2. Tap **Safety & Emergency**.
3. Locate **Unknown Tracker Alerts**.
4. Toggle **Allow Alerts** to the **On** position. (For proactive scanning, select "Scan Now" from this menu section).
## Compliance Alignment
While there is no specific compliance standard for AirTag detection, these practices align with broader security principles:
- **NIST Cybersecurity Framework (Identify/Detect Functions):** Actions align with identifying system anomalies and detecting continuous monitoring events related to potential physical security threats.
- **ISO/IEC 27002 (A.13.2 - Communications Security):** Focuses on ensuring the integrity and proper use of communication channels, which includes Bluetooth signals used for illicit tracking.
## Common Pitfalls to Avoid
- **Ignoring Non-iPhone Alerts:** Assuming the alerts only apply to iPhones. Android users must actively manage their OS settings or use the Tracker Detect app.
- **Turning Off Location Services:** Disabling Location Services (required for the Find My network to operate effectively) will prevent timely alerts about unknown trackers.
- **Assuming Disabling Means No Knowledge:** Simply removing a discovered AirTag does not immediately erase the tracker's memory or notify the owner—the owner will only see the last known location when the battery is removed, or the device disconnects. Immediate physical disabling stops transmission.
- **Relying Solely on Audible Pings:** Audible pings only occur when the AirTag is separated and moving; use scanning features for stationary or recently separated devices.
## Resources
- **Apple Tracker Detect App (Android):** Download link from the Google Play Store for manual scanning on Android devices.
- **Find My App (iOS):** Built-in application for accessing tracking notifications and manual scanning on iPhones.
- **Law Enforcement Contact:** If you feel any danger related to unwarranted tracking, the primary guidance is to **contact local law enforcement immediately.**