Find My security
The Find My app for Apple devices is built on a foundation of advanced public key cryptography.
Overview
The Find My app combines Find My iPhone and Find My Friends into a single app in iOS, iPadOS, and macOS. Find My can help users locate a missing device, even an offline Mac. An online device can simply report its location to the user via iCloud. Find My works offline by sending out short range Bluetooth signals from the missing device that can be detected by other Apple devices in use nearby. Those nearby devices then relay the detected location of the missing device to iCloud so users can locate it in the Find My app—all while protecting the privacy and security of all the users involved. Find My even works with a Mac that’s offline and asleep.
Using Bluetooth and the hundreds of millions of iPhone, iPad, and Mac devices in active use around the world, a user can locate their missing device even if it can’t connect to a Wi-Fi or cellular network. Any iPhone, iPad, or Mac with “offline finding” turned on in Find My settings can act as a “finder device.” This means the device can detect the presence of another missing offline device using Bluetooth and then use its network connection to report an approximate location back to the owner. When a device has offline finding enabled, it also means that it can be located by other participants in the same way. This entire interaction is end-to-end encrypted, anonymous, and designed to be battery and data efficient. There is minimal impact on battery life and cellular data plan usage, and user privacy is better protected.
Note: Find My may not be available in all countries or regions.
End-to-end encryption
Find My is built on a foundation of advanced public key cryptography. When offline finding is turned on in Find My settings, an elliptic curve (EC) P-224 private encryption key pair noted {d,P} is generated directly on the device where d is the private key and P is the public key. Additionally, a 256-bit secret SK0 and a counter i is initialized to zero. This private key pair and the secret are never sent to Apple and are synced only among the user’s other devices in an end-to-end encrypted manner using iCloud Keychain. The secret and the counter are used to derive the current symmetric key SKi with the following recursive construction: SKi = KDF(SKi-1, “update”).
Based on the key SKi, two large integers ui and vi are computed with (ui,vi) = KDF(SKi, “diversify”). Both the P-224 private key denoted d and corresponding public key referred to as P are then derived using an affine relation involving the two integers to compute a short-lived key pair: The derived private key is di, where di = ui * d + vi (modulo the order of the P-224 curve) and the corresponding public part is Pi and verifies that Pi = ui*P + vi*G.
When a device goes missing and can’t connect to Wi-Fi or cellular—for example, a MacBook Pro is left on a park bench—it begins periodically broadcasting the derived public key Pi for a limited period of time in a Bluetooth payload. By using P-224, the public key representation can fit into a single Bluetooth payload. The surrounding devices can then help in the finding of the offline device by encrypting their location to the public key. Approximately every 15 minutes, the public key is replaced by a new one using an incremented value of the counter and the process above so that the user can’t be tracked by a persistent identifier. The derivation mechanism is designed to prevent the various public keys Pi from being linked to the same device.
Keeping users and devices anonymous
In addition to making sure that location information and other data are fully encrypted, participants’ identities remain private from each other and from Apple. The traffic sent to Apple by finder devices contains no authentication information in the contents or headers. As a result, Apple doesn’t know who the finder is or whose device has been found. Further, Apple doesn’t log information that would reveal the identity of the finder and retains no information that would allow anyone to correlate the finder and owner. The device owner receives only the encrypted location information that’s decrypted and displayed in the Find My app with no indication as to who found the device.