How we constructed the brand new Find My Device community with person safety and privateness in thoughts


Keeping folks protected and their information safe and personal is a high precedence for Android. That is why we took our time when designing the brand new Find My Device, which makes use of a crowdsourced device-locating community that will help you discover your misplaced or misplaced units and belongings shortly – even after they’re offline. We gave cautious consideration to the potential person safety and privateness challenges that include machine discovering companies.

During improvement, it was essential for us to make sure the brand new Find My Device was safe by default and personal by design. To construct a personal, crowdsourced device-locating community, we first carried out person analysis and gathered suggestions from privateness and advocacy teams. Next, we developed multi-layered protections throughout three principal areas: information safeguards, safety-first protections, and person controls. This strategy supplies defense-in-depth for Find My Device customers.

How location crowdsourcing works on the Find My Device community

The Find My Device community locates units by harnessing the Bluetooth proximity of surrounding Android units. Imagine you drop your keys at a restaurant. The keys themselves haven’t any location capabilities, however they could have a Bluetooth tag connected. Nearby Android units collaborating within the Find My Device community report the placement of the Bluetooth tag. When the proprietor realizes they’ve misplaced their keys and logs into the Find My Device cell app, they may be capable of see the aggregated location contributed by close by Android units and find their keys.

Find My Device community protections

Let’s dive into key particulars of the multi-layered protections for the Find My Device community:

  • Data Safeguards: We’ve carried out protections that assist make sure the privateness of everybody collaborating within the community and the crowdsourced location information that powers it.
    • Location information is end-to-end encrypted. When Android units collaborating within the community report the placement of a Bluetooth tag, the placement is end-to-end encrypted utilizing a key that’s solely accessible to the Bluetooth tag proprietor and anybody the proprietor has shared the tag with within the Find My Device app. Only the Bluetooth tag proprietor (and people they’ve chosen to share entry with) can decrypt and think about the tag’s location. With end-to-end encrypted location information, Google can’t decrypt, see, or in any other case use the placement information.
    • Private, crowdsourced location experiences. These end-to-end encrypted places are contributed to the Find My Device community in a fashion that doesn’t enable Google to determine the homeowners of the close by Android units that offered the placement information. And when the Find My Device community reveals the placement and timestamp to the Bluetooth tag’s proprietor to assist them discover their belongings, no different details about the close by Android units that contributed the information is included.
    • Minimizing community information. End-to-end encrypted location information is minimally buffered and ceaselessly overwritten. In addition, if the community may also help discover a Bluetooth tag utilizing the proprietor’s close by units (e.g., if their very own telephone detects the tag), the community will discard crowdsourced experiences for the tag.
  • Safety-first Protections: The Find My Device community protects towards dangers corresponding to use of an unknown Bluetooth tag to stalk or determine one other person, together with:
    • Aggregation by default. This is a first-of-its-kind security safety that makes undesirable monitoring to a personal location, like your own home, harder. By default, the Find My Device community requires a number of close by Android units to detect a tag earlier than reporting its location to the tag’s proprietor. Our analysis discovered that the Find My Device community is most precious in public settings like cafes and airports, the place there are probably many units close by. By implementing aggregation earlier than exhibiting a tag’s location to its proprietor, the community can benefit from its largest energy – over a billion Android units that may take part. This helps tag homeowners discover their misplaced units in these busier places whereas prioritizing security from undesirable monitoring close to personal places. In much less busy areas, final identified location and Nest discovering are dependable methods to find gadgets.
    • At house safety. If a person has chosen to avoid wasting their house handle of their Google Account, their Android machine may also be sure that it doesn’t contribute crowdsourced location experiences to the Find My Device community when it’s close to the person’s house. This supplies further safety on high of aggregation by default towards undesirable monitoring close to personal places.
    • Rate limiting and throttling. The Find My Device community limits the variety of instances {that a} close by Android machine can contribute a location report for a selected Bluetooth tag. The community additionally throttles how ceaselessly the proprietor of a Bluetooth tag can request an up to date location for the tag. We’ve discovered that misplaced gadgets are sometimes left behind in stationary spots. For instance, you lose your keys on the cafe, and so they keep on the desk the place you had your morning espresso. Meanwhile, a malicious person is usually attempting to interact in real-time monitoring of an individual. By making use of price limiting and throttling to scale back how usually the placement of a tool is up to date, the community continues to be useful for locating gadgets, like your misplaced checked baggage on a visit, whereas serving to mitigate the chance of real-time monitoring.
    • Unknown tracker alerts. The Find My Device community can be compliant with the integration model of the joint business customary for undesirable monitoring. Being compliant with the mixing model of the usual signifies that each Android and iOS customers will obtain unknown tracker alerts if the on-device algorithm detects that somebody could also be utilizing a Find My Device network-compatible tag to trace them with out their data, proactively alerting the person via a notification on their telephone.
  • User Controls: Android customers at all times have full management over which of their units take part within the Find My Device community and the way these units take part. Users can both keep on with the default and contribute to aggregated location reporting, choose into contributing non-aggregated places, or flip the community off altogether. Find My Device additionally supplies the power to safe or erase information from a misplaced machine.

In addition to cautious safety architectural design, the brand new Find My Device community has undergone inside Android pink workforce testing. The Find My Device community has additionally been added to the Android safety vulnerability rewards program to benefit from Android’s international ecosystem of safety researchers. We’re additionally participating with choose researchers via our personal grant program to encourage extra focused analysis.

Prioritizing person security on Find My Device

Together, these multi-layered person protections assist mitigate potential dangers to person privateness and security whereas permitting customers to successfully find and get well misplaced units.

As dangerous actors proceed to search for new methods to take advantage of customers, our work to assist preserve customers protected on Android is rarely over. We have an unwavering dedication to proceed to enhance person protections on Find My Device and prioritize person security.

For extra details about Find My Device on Android, please go to our assist heart. You can learn the Find My Device Network Accessory specification right here.


Please enter your comment!
Please enter your name here