Overnight, Apple has turned its hundreds-of-million-device ecosystem into the
world's largest crowd-sourced location tracking network called offline finding
(OF). OF leverages online finder devices to detect the presence of missing
offline devices using Bluetooth and report an approximate location back to the
owner via the Internet. While OF is not the first system of its kind, it is the
first to commit to strong privacy goals. In particular, OF aims to ensure
finder anonymity, untrackability of owner devices, and confidentiality of
location reports. This paper presents the first comprehensive security and
privacy analysis of OF. To this end, we recover the specifications of the
closed-source OF protocols by means of reverse engineering. We experimentally
show that unauthorized access to the location reports allows for accurate
device tracking and retrieving a user's top locations with an error in the
order of 10 meters in urban areas. While we find that OF's design achieves its
privacy goals, we discover two distinct design and implementation flaws that
can lead to a location correlation attack and unauthorized access to the
location history of the past seven days, which could deanonymize users. Apple
has partially addressed the issues following our responsible disclosure.
Finally, we make our research artifacts publicly available.Comment: Accepted at Privacy Enhancing Technologies Symposium (PETS) 202