Full Report
Apple's trackers have been misused to track some without their consent. Here's how to check if an AirTag is tracking you, whether you use an iPhone or Android phone. Plus, what to do next if you find one.
Analysis Summary
# Best Practices: Detecting and Responding to Unwanted Bluetooth Trackers (e.g., Apple AirTags)
## Overview
These practices focus on leveraging built-in mobile device security features (iOS and Android) and manual steps to identify, locate, and disable unauthorized Bluetooth tracking devices (like AirTags) that might be moving with an individual without their consent, thereby mitigating privacy risks associated with these technologies.
## Key Recommendations
### Immediate Actions
1. **Trust Automatic Alerts:** If you suspect unwanted tracking, check your phone immediately for automatic notifications like "AirTag found moving with you" (iOS) or alerts managed by the "Unknown Tracker Alerts" feature (Android).
2. **Manual Sound Trigger:** If you hear an unfamiliar chirping or sound, immediately use the Find My app (iOS) or the Scan function (Android Tracker Detect/Safety & Emergency) to manually prompt the unknown device to play a sound to aid in location.
3. **Physical Inspection:** When alerted or if you hear a sound, thoroughly and immediately check all personal belongings, including jackets, bags, purses, and pockets, for the source of the sound/alert.
4. **Safety Protocol:** If you feel you are in immediate danger due to being tracked, contact local law enforcement immediately.
### Short-term Improvements (1-3 months)
1. **Enable Automatic Alerts (iOS):** Verify that Tracking Notifications are enabled in the iPhone's Find My settings to ensure alerts when being followed by an unknown tracker.
2. **Enable Automatic Alerts (Android):** Ensure the "Unknown Tracker Alerts" feature within the Safety & Emergency settings on Android devices (Android 6.0+) is toggled "On."
3. **Install Tracker Detect (Android Users on Older OS):** Users on Android devices older than those supporting built-in alerts must download and periodically run Apple's "Tracker Detect" app from the Google Play Store for manual scanning capabilities.
4. **Basic Device Hardening:** Ensure both iOS and Android devices are running up-to-date operating systems to benefit from the latest cross-platform anti-stalking features (often requiring Android 6.0+).
### Long-term Strategy (3+ months)
1. **Reviewing Location Services:** Periodically review and ensure critical system services related to tracking alerts are active: Location Services, Find My iPhone, and Significant Locations must be enabled on iOS devices for alerts to function optimally.
2. **Regular OS/App Updates:** Establish a routine for applying security and feature updates to the mobile operating system and any associated security applications (like Tracker Detect) to maintain compatibility with the latest detection mechanisms.
3. **Educate on Network Coverage:** Understand that detection relies partially on the proximity of other users' devices (Find My network or Google's equivalent). Be aware that tracking outside of high-density areas might rely more heavily on manual sound detection or local Bluetooth scanning.
## Implementation Guidance
### For Small Organizations
* **Employee Awareness:** Distribute guidance to all personnel regarding the personal use of tracking devices and the importance of enabling built-in anti-stalking alerts on their personal mobile devices (as improper use affects personal security).
* **Manual Screening:** Train employees who travel frequently on how to run manual scans using the Tracker Detect app (Android) or the Find My app (iOS) periodically, focusing on company-issued laptops or key items that might be targeted.
### For Medium Organizations
* **Incident Response Documentation:** Develop a basic internal protocol specifying the recommended action (e.g., turning off the device, isolating the item, contacting HR/Security) if an employee receives a tracking alert on a company-owned device (if applicable) or reports being tracked.
* **Supply Chain Review:** If the organization uses any Bluetooth trackers (e.g., for asset management), ensure they have clear policies prohibiting the use of these devices on personnel or for non-approved tracking purposes.
### For Large Enterprises
* **Security Policy Update:** Officially update Acceptable Use Policies (AUP) to clearly state that using any tracking device, including AirTags, to monitor employees, colleagues, or company assets without explicit authorization and logging is strictly prohibited and subject to disciplinary action.
* **Integration with Threat Intelligence:** Monitor security advisories related to rogue tracking technology vulnerabilities or evasion tactics (especially concerning Find My network accessories beyond AirTags) and disseminate updates to relevant IT/Security teams.
## Configuration Examples
### iOS Tracking Notification Setup Procedure:
1. Navigate to **Settings**.
2. Select **Privacy & Security**.
3. Tap **Location Services** and ensure it is **On**.
4. Go to **System Services** and confirm **Find My iPhone** and **Significant Locations** are enabled.
5. Return to **Settings** and select **Bluetooth**; ensure Bluetooth is **On**.
6. Open the **Find My app**; tap the **Me** tab.
7. Toggle **Tracking Notifications** to the **On** position.
8. Verify **Airplane Mode** is **Off**.
### Android Unknown Tracker Alerts Setup Procedure (for Android 6.0+):
1. Open **Settings**.
2. Tap **Safety & Emergency**.
3. Locate and select **Unknown Tracker Alerts**.
4. Toggle **Allow Alerts** to the **On** position.
5. To manually scan: Select **Scan Now** within this menu.
## Compliance Alignment
While this primarily addresses personal privacy and device security, related principles align with:
* **NIST CSF (Identify & Protect):** Understanding the threat landscape (Identify) and implementing appropriate protections (Protect) against unauthorized surveillance.
* **ISO 27001 (A.12.1.2 - Operation Procedures and Responsibilities):** Ensuring that devices and systems are operated according to established security procedures designed to prevent unauthorized access or monitoring.
## Common Pitfalls to Avoid
* **Ignoring Alerts:** Do not dismiss automatic or manual alerts without performing a physical search, as these are the primary indicators of compromise.
* **Reliance on Old Android OS:** Assuming built-in alerts work on very old Android versions; users must manually install the Tracker Detect app if running Android prior to full native support awareness.
* **Assuming Disconnection Fixes It Permanently:** Simply disconnecting an AirTag (e.g., by moving out of range) does not resolve the issue; the device must be physically disabled (battery removed) if unauthorized tracking is confirmed.
* **Forgetting to Check Other Find My Items:** Alerts can trigger for unknown AirPods or other Find My-enabled accessories, not just AirTags; check configuration settings accordingly.
## Resources
* Apple Tracker Detect App (Google Play Store link provided in article context).
* Device Settings paths described in Configuration Examples (iOS Settings > Privacy & Security/Bluetooth; Android Settings > Safety & Emergency).