13 votes

Question about Google's Find My Device network with the new trackers

Hi everyone,

Have a quick question if you have the time. I want to buy some of the new Android Find My Device trackers, have wanted to ever since destroying my Tiles when they were bought by that scummy data-retailer.

My question is: if I buy, for example, a Pebblebee device, does Pebblebee get my location data? Google already has that; that's the deal with the devil you have to decide whether or not you want to take. But I don't want to give this information to another third party.

I've done some Googling on this but of course search is useless these days. I tried to read Pebblebee's privacy policy but gave up pretty quickly:

➜  ~ cat pebblebee | wc -w
17391

Does anyone have an authoritative answer on this? Would love to know.

TIA and thanks for your time!

ETA: I have seen where Pebblebee claims they don't sell user data; I'm not even questioning that with this post (although I do question every company's trustworthiness). This is more a question about the architecture of the Find My Device network itself.

Edit 2: I'm already carrying around a personal spy that reports everything I do to Google, I don't think it matters whether they can get my location from the trackers lol. I just wondered if I was exposing that to Pebblebee (just as an example) as well.

8 comments

  1. largepanda
    Link
    I recently described how Apple's Find My network works, but the TL;DR is: lost devices send out bluetooth beacons with a rolling encryption public key, any Apple devices in earshot will hear that...

    I recently described how Apple's Find My network works, but the TL;DR is: lost devices send out bluetooth beacons with a rolling encryption public key, any Apple devices in earshot will hear that beacon, encrypt their current GPS position with that key, and send it to Apple servers. Any Apple user can download the position reports for any public key, but of course you need the private key to be able to decrypt it. You can read more in the reverse engineering done by the devs of OpenHaystack, which reimplements the protocol and lets you send beacons from any BLE device.


    Reading through Google's explanations, I can't find a hard technical explanation like OpenHaystack's RE docs for Apple's network, but it appears to be much the same.

    The main difference I'm noticing is:

    Only the Bluetooth tag owner (and those they’ve chosen to share access with) can decrypt and view the tag’s location. With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.

    This doesn't clarify whether Google has some record of who has what devices or not. Apple's network very explicitly doesn't, any valid Apple ID can request locations for any public key. If Google's network requires users to somehow register with them what devices they control, even if Google can't see the actual locations of those devices, that's a big step backwards.


    Reading through Pebblebee's help center, they have a FAQ about how you configure a device. The TL;DR is that you can configure a Pebblebee tracker in three ways: as a Google Find My Device tracker, an Apple Find My tracker, or a Pebblebee app tracker. If you set it up in either platform app, the tracker is unusable in the Pebblebee app, and only configurable and usable via the Google/Apple app. This means the data never sees Pebblebee servers or their app, so there's no mechanism for the data to be taken by Pebblebee (the company) and potentially sold.

    15 votes
  2. [7]
    Carrow
    Link
    Actually Google won't have the explicit location data, the Find My network is E2EE. https://support.google.com/product-documentation/answer/14796936?hl=en

    Actually Google won't have the explicit location data, the Find My network is E2EE.

    End-to-end encryption

    The Find My Device network encrypts the locations of your items using a unique key that only you can access by entering your Android device’s PIN, pattern, or password.

    This end-to-end encryption, which is backed by the same technology used by Google Password Manager to secure your passwords, ensures that the locations of your items are private from Google. They're only visible to you and those you share your items with in Find My Device.

    Data processed by the network

    In addition to end-to-end encrypted locations, the Find My Device network processes data such as temporary device identifiers, timestamps when your device detects an item and when you request the location of your lost items, and info about the Fast Pair accessories that you have paired to your device or share with others. The Find My Device network uses this data for reasons like implementing features, delivering location info to the right person when an item is lost, and providing privacy and anti-abuse protections, such as the aggregation feature described below. Importantly, Google can’t identify you when your Android device shares the location of a detected item.

    Individuals using the Find My Device network to find their lost items don’t receive any information from the network other than the location where their item was detected and approximately when their item was last seen.

    https://support.google.com/product-documentation/answer/14796936?hl=en

    9 votes
    1. ebonGavia
      Link Parent
      Awesome info, thank you! I think that covers everything.

      Awesome info, thank you! I think that covers everything.

      5 votes
    2. [5]
      vord
      (edited )
      Link Parent
      I'll believe that when pigs fly. (and I feel this about Apple as well) Sure, it might not be uploaded or encrypted as part of the protocol data, but that data exists and somebody is running that...

      Importantly, Google can’t identify you when your Android device shares the location of a detected item.

      I'll believe that when pigs fly. (and I feel this about Apple as well) Sure, it might not be uploaded or encrypted as part of the protocol data, but that data exists and somebody is running that left outer join.

      "Oh we're not tracking your BLE location. We're tracking your IP location and we just so happen to know your BLE MAC."

      3 votes
      1. [4]
        unkz
        Link Parent
        But like… how? This seems like a properly technologically secure system. I don’t see how what you are concerned about can physically happen. All Google knows is that an IP has uploaded a blob of...

        But like… how? This seems like a properly technologically secure system. I don’t see how what you are concerned about can physically happen.

        All Google knows is that an IP has uploaded a blob of data about something. It doesn’t know the location of the IP, and it doesn’t know who the blob of data belongs to.

        3 votes
        1. [3]
          vord
          Link Parent
          Unless its an android device doing the uploading. Then they (almost certainly) have a very precise location for that IP. Of course, thats true for anything you've granted location data to, so it's...

          All Google knows is that an IP has uploaded a blob of data about something. It doesn’t know the location of the IP, and it doesn’t know who the blob of data belongs to.

          Unless its an android device doing the uploading. Then they (almost certainly) have a very precise location for that IP. Of course, thats true for anything you've granted location data to, so it's not just Google that can do that trick.

          To find out who owns it, just watch for what devices download said blob. Ignore any known bots (ie Apple and Google syncing data mutually).

          1 vote
          1. unkz
            Link Parent
            I’m not sure how this identifies you to Google. I think you may be misunderstanding what you quoted, actually. So your IP has uploaded a blob of data that belongs to another person. If that other...

            I’m not sure how this identifies you to Google. I think you may be misunderstanding what you quoted, actually.

            Importantly, Google can’t identify you when your Android device shares the location of a detected item.

            So your IP has uploaded a blob of data that belongs to another person. If that other person downloads their blob, what does that tell Google about your IP’s ownership?

            4 votes
          2. skybrian
            Link Parent
            For WiFi at least, mobile devices change IP addresses whenever they change networks. (Unless you have your own VPN exit node or something.) The IP address will show rough location (which is how...

            For WiFi at least, mobile devices change IP addresses whenever they change networks. (Unless you have your own VPN exit node or something.) The IP address will show rough location (which is how websites geolocate you), but devices in a coffee shop or airport are pretty anonymous - unless they have some other way to identify you.

            That's probably pretty easy with browser fingerprinting because there's so much more information available inside a web browser, so a web page download can combine the browser fingerprint and IP to get a location attached to something.

            But an end-to-end encrypted message with only an IP address recorded seems pretty safe? You get the IP and that's it.

            What happens when you join by IP with another message? You already had the IP, so not a whole lot. A timestamp. The fact that it has the Find My Device network turned on. Is it worth doing the join?

            1 vote