Apple recently introduced a “Find My” network that will not only help you find a missing phone or anything attached to an Apple AirTag (or supported accessory) if it’s nearby… but also if it’s out in the world. It does that by effectively turning other people’s Apple devices into a network that can help locate missing gadgets, sending private, encrypted data to help you locate your missing things.

Bluetooth tracker maker Tile has been doing something similar with its Tile Network for years, but that network is limited to folks who have Tile trackers (which is likely somewhat smaller than the number of folks with Apple devices). But you know who has a bigger potential network of users than Apple? Google. And now it looks like the company may be planning to launch its own “Find My Device Network” that leverages Android phones to help you find your missing stuff.

Find My Device settings for Android 11 (left) and Android 12 (right, via @MishallRahman)

Google hasn’t made an official announcement yet, but the folks at xda-developers spotted signs of a new work-in-progress feature in the code for the latest version of the Google Play Services app.

One line says the title of the service is “Find My Device network,” while another says it “allows your phone to help locate your and other people’s devices.”

While Google already has Find My Device apps for Android and the web, they currently only let you find Android devices logged into your Google account with the appropriate permissions enabled. It’s possible that by expanding a network, Google could lay the groundwork for finding more types of devices in more locations.

via @MishaalRahman

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Join the Conversation

10 Comments

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. I didn’t know Apple’s AirTag used everyone’s Apple devices to track them. Can you disable this? I trust Apple as much as I trust Google (ie. not much).

    1. Yes, you can opt out:
      Settings -> Apple ID (at the top) -> Find My -> Find My iPhone -> Find My Network -> Switch to off
      This will keep you from sending notifications and from using others’ phones for any of your lost items.

  2. China: I’ll put face recognition cameras everywhere to track people.
    Google: haha you are like a little baby! I’ll just make people pay to have a tracker, GPS, cameras and AI assisted microphones on them at all times, and I’ll even show them ads on it while tracking them, and they’ll even pay for the dataplan!

    1. I know this is going to draw angry replies from people who have every right to be pissed off at google and western governments, but lets not pretend that cell phones aren’t a core component of the social credit system (as well as the contact tracing system) that people there really aren’t allowed to not be a part of.

  3. Sounds exploitable. I’m thinking someone could plant an Android device, and mark it as lost, and detect the presence of other Android devices in proximity through Google reporting the lost phone’s location.

    Admittedly it seems benign, but it could be used in combination with another vulnerability.

    1. They could conceivably already do that if they were using that contact tracing stuff that google and apple put on everyone’s phone (which I now think was unnecessary). Although in either case, I wouldn’t know if you could identify the owners of any particular device. Or the same device if it passed by twice.
      You could probably get traffic metrics this way (metrics of allegedly healthy verses allegedly sick if abusing the contact tracing), but that’s all I could say with any certainty.

      1. You wouldn’t be able to uniquely identify someone’s phone through this alone, but you could just detect that at least an Android phone is within proximity.

        If my “lost” device is on the same network as a device that “found” my device, I’m sure I could figure out what the network API call looks like to report that data back to Google. If I can sniff their network traffic, I can put 2 and 2 together and now I know where that device is physically, and I also know who they are. Combine this with some other security exploit (like from a common 3rd party app, and you have some dangerous potential risks.

        The real risk of something like this feature itself has a security flaw. And the usefulness of it being exploited through an additional security flaw is something that will attract hackers. If there’s a flaw, it will be targeted.

        This is a feature I’ll be disabling ASAP when it’s launched in Android.

        1. “If my “lost” device is on the same network as a device that “found” my device, I’m sure I could figure out what the network API call looks like to report that data back to Google.”
          If you can monitor their traffic, you already have that and more. You wouldn’t get anything from Google that you wouldn’t already know from sniffing. If they’re on your network, you have their device identifiers (likely temporary ones), their background traffic, and the ability to mess with that traffic to get more data. Also, they’re on your network so you know where they are because you know where your network is. This provides literally nothing if you’re in a position to monitor their traffic. It provides new information only if they’re not on your network, but that new information is “somebody was there”.

    2. I don’t think that’s a concern. If your device is lost, all others’ phones have to do is report where it was. Google doesn’t have any reason to tell you whose device reported the location so all you know is that someone was nearby, not who it was.
      It would make the process of tracking someone by monitoring a phone’s location a little cheaper because the attacker doesn’t have to pay for a connection and can use others to do it, but since that’s already quite feasible, that’s probably not helped too much by this either.

      1. You’re right, Google isn’t going to tell me who reported it. It’s admittedly a small piece of information to know that a random device is within proximity, but I’m almost certain someone will come up with a creative use for it, malicious or not.