Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

GlitchDoctor

macrumors newbie
Original poster
Dec 5, 2024
8
4
Recently a friend of mine asked me about AirTags after the subject came up in one of his classes in law school about people tracking their lost or stolen luggage.

He was wondering what information a defense attorney or a prosecutor might use to dispute not just the accuracy of the data but maybe even the data itself.

Here is everything I know -- or at least I think I know -- about AirTags...

If the data resulted in a calculated location that was off by a matter of a few yards or even a few hundred yards from its actual location, that would be easily understood when one considers how AirTags work:

Apple devices passing by the AirTag relay their current GPS positions and corresponding AirTag signal strengths to Apple's servers, which then calculate the approximate position of the AirTag and push that to the FindMy app running on the Apple account to which the AirTag is registered.

This can be used, for example, to discredit the idea that reported AirTag locations are accurate enough to serve as the basis for a Search Warrant, making anything found there "Fruit of the poisonous tree" and therefore inadmissible, as would be anything relying on that search, to support a conviction.

SO HERE'S THE REALLY **BIG** QUESTION:

How could FindMy show an AirTag 5 OR 10 MILES AWAY from its actual location, in a LOCATION IT HAD NEVER, EVER BEEN?

What portion of the technology used to build Apple's AirTag system would have to fail for it to make such a mistake?

I've wracked my brain to no avail, but I need to find a way such a mistake COULD happen so I can tell him and he can sound like Perry Mason in Moot Court one day.

If there is a SuperGenius(tm) out there with a reasonably logical answer, I'll take it with gratitude and a huge smile, so thanks in advance!
 
Airtags do not relay their GPS coordinate, this is not how it works:

How does it work?​

Your AirTag sends out a secure Bluetooth signal that can be detected by nearby devices in the Find My network. These devices send the location of your AirTag to iCloud — then you can go to the Find My app and see it on a map. The whole process is anonymous and encrypted to protect your privacy. And itʼs efficient, so thereʼs no need to worry about battery life or data usage.
 
Recently a friend of mine asked me about AirTags after the subject came up in one of his classes in law school about people tracking their lost or stolen luggage.

He was wondering what information a defense attorney or a prosecutor might use to dispute not just the accuracy of the data but maybe even the data itself.

Here is everything I know -- or at least I think I know -- about AirTags...

If the data resulted in a calculated location that was off by a matter of a few yards or even a few hundred yards from its actual location, that would be easily understood when one considers how AirTags work:

Apple devices passing by the AirTag relay their current GPS positions and corresponding AirTag signal strengths to Apple's servers, which then calculate the approximate position of the AirTag and push that to the FindMy app running on the Apple account to which the AirTag is registered.

This can be used, for example, to discredit the idea that reported AirTag locations are accurate enough to serve as the basis for a Search Warrant, making anything found there "Fruit of the poisonous tree" and therefore inadmissible, as would be anything relying on that search, to support a conviction.

SO HERE'S THE REALLY **BIG** QUESTION:

How could FindMy show an AirTag 5 OR 10 MILES AWAY from its actual location, in a LOCATION IT HAD NEVER, EVER BEEN?

What portion of the technology used to build Apple's AirTag system would have to fail for it to make such a mistake?

I've wracked my brain to no avail, but I need to find a way such a mistake COULD happen so I can tell him and he can sound like Perry Mason in Moot Court one day.

If there is a SuperGenius(tm) out there with a reasonably logical answer, I'll take it with gratitude and a huge smile, so thanks in advance!

You could spoof the GPS. The technology exists to convince your GPS that it's somewhere that it isn't. I doubt your phone tries that hard to detect bad signals. It's not cheap to do, but technically possible. Software Defined Radios make this relatively affordable to do:

Does the phone still fall back to WiFi localization if it can't get GPS? Easier might be to turn off GPS and spoof a WiFi SSID. In much older phones, there was a place where I would suddenly be transported states away because a neighbor had recently moved and brought their router with them. Apparently it was in the database located somewhere else. I'm sure Apple's gotten better at avoiding those mistakes, but I'm not sure they've completely eliminated WiFi positioning from their mix.

Airtags do not relay their GPS coordinate, this is not how it works:
By "their current GPS position", I think OP meant it relays the phone's GPS position.
 
  • Like
Reactions: Parowdy
some good info on how airtags work in these software projects that reimplement airtags on non apple hardware.


 
Last edited:
This can be used, for example, to discredit the idea that reported AirTag locations are accurate enough to serve as the basis for a Search Warrant, making anything found there "Fruit of the poisonous tree" and therefore inadmissible, as would be anything relying on that search, to support a conviction.

Anything can fail. One spurious result should not render the whole subject inadmissible. (Unless you can show that the police are actively creating false airtag readings to justify harassing someone.). Right now the problems of real theft are doing a lot more damage than police misconduct or stalking. While these are all real issues, they must be taken in proper balance.

"Fruit of the poisonous tree" is something that ought to have a limit. For example, what if you found a kidnapping victim in an illegal search.
 
  • Like
Reactions: Parowdy
You could spoof the GPS. The technology exists to convince your GPS that it's somewhere that it isn't. I doubt your phone tries that hard to detect bad signals. It's not cheap to do, but technically possible. Software Defined Radios make this relatively affordable to do:

Does the phone still fall back to WiFi localization if it can't get GPS? Easier might be to turn off GPS and spoof a WiFi SSID. In much older phones, there was a place where I would suddenly be transported states away because a neighbor had recently moved and brought their router with them. Apparently it was in the database located somewhere else. I'm sure Apple's gotten better at avoiding those mistakes, but I'm not sure they've completely eliminated WiFi positioning from their mix.


By "their current GPS position", I think OP meant it relays the phone's GPS position.
I don't suspect the Russian FSB of tactical operations in this matter. I'm talking about a typical AirTag and typical iPhones, etc.
 
Yes, I know. Please re-read -- CAREFULLY this time -- exactly what I wrote:

"APPLE DEVICES PASSING BY THE AIRTAG relay their current GPS positions"

GPS can be wrong, or spoofed, on device or via SDR.

so, of course it's possible.
 
Anything can fail. One spurious result should not render the whole subject inadmissible. (Unless you can show that the police are actively creating false airtag readings to justify harassing someone.). Right now the problems of real theft are doing a lot more damage than police misconduct or stalking. While these are all real issues, they must be taken in proper balance.

"Fruit of the poisonous tree" is something that ought to have a limit. For example, what if you found a kidnapping victim in an illegal search.
Your kidnap scenario wouldn't matter. The police are not going to give the victim back to the person who kidnapped them, and the testimony of the rescued victim would most likely suffice in court.

"Yeah, but they pushed me aside and searched my house illegally!" doesn't work because all a cop or detective has to do is claim that they heard what sounded like a person in distress inside and they're good to go. Same with someone actually seeing their stolen property through the window of the house suspected of containing it; that's more than enough for a search warrant while the cops wait on it.
 
  • Like
Reactions: Parowdy
GPS can be wrong, or spoofed, on device or via SDR.

so, of course its possible.
As I had mentioned earlier to someone else, I don't suspect the Russian FSB to be involved in this matter. It's just typical stuff operating under typical conditions.
 
As I had mentioned earlier to someone else, I don't suspect the Russian FSB to be involved in this matter. It's just typical stuff operating under typical conditions.


let me make sure i follow:
you ask if its -PoSsIbLe- if location can be wrong
then people tell you it is possible and how
then you say 'nah, i mean typical stuff'


uhhhhoookay

google 'spoof gps' this isnt uber secret nsa/fsb/mossad spy stuff, its basic workings of GPS.

***good luck*** columbo.
 
Last edited:
let me make sure i follow:
you ask if its -PoSsIbLe- if location can be wrong
then people tell you it is possible and how
then you say 'nah, i mean typical stuff'


uhhhhoookay

google 'spoof gps' this isnt uber secret nsa/fsb/mossad spy stuff, its basic workings of GPS.

***good luck*** columbo.
Let me make things clearer, because you are quite right that I didn't qualify my question with sufficient detail. I genuinely apologize.

The scenario is this:

* no one knows this AirTag exists except the person with the account to which the AirTag belongs

* no one is trying to hack or jam or otherwise thwart ANY part of Apple's end-to-end AirTag ecosystem

* the weather is clear with moderate sunshine (e.g., "no lightning")

* there are ZERO bad actors targeting the AirTag, the machine component to which it's affixed, or the account of the person who owns and operates the AirTag and the FindMy app.

Just a typical AirTag operating nominally and Apple's entire network operating nominally with no one attempting to steal the package containing the machine component.

So under this scenario with the conditions I've just now mentioned, how could an AirTag possibly make the mistake I described in my original post?

Again, my sincere apologies for insufficiently detailing the boundaries of my question. I respect the way you brought this to my attention because you were straightforward and clearly stated the conflict in my statements using only three short lines. And thanks for your help, too.
 
  • Love
Reactions: Parowdy
Let me make things clearer, because you are quite right that I didn't qualify my question with sufficient detail. I genuinely apologize.

The scenario is this:

* no one knows this AirTag exists except the person with the account to which the AirTag belongs

* no one is trying to hack or jam or otherwise thwart ANY part of Apple's end-to-end AirTag ecosystem

* the weather is clear with moderate sunshine (e.g., "no lightning")

* there are ZERO bad actors targeting the AirTag, the machine component to which it's affixed, or the account of the person who owns and operates the AirTag and the FindMy app.

Just a typical AirTag operating nominally and Apple's entire network operating nominally with no one attempting to steal the package containing the machine component.

So under this scenario with the conditions I've just now mentioned, how could an AirTag possibly make the mistake I described in my original post?

Again, my sincere apologies for insufficiently detailing the boundaries of my question. I respect the way you brought this to my attention because you were straightforward and clearly stated the conflict in my statements using only three short lines. And thanks for your help, too.

given those parameters, the most likely scenario is one we cannot be assured exists, but from my understanding of the networking, and software development, could.


keeping this simple (no one really knows what happens), i could imagine a scenario where an iphone, in a vehicle, could drive by an airtag (maybe in another vehicle?) with spotty or extremely latent network connectivity, detecting and recording the airtag it saw, but unable to upload its location data until network connectivity was available again. by then the device is somewhere else, but 'saw' the airtag miles away.

we assume that the phone would store the 'airtag detected' record in a local database (complete with the GPS location data of the moment the airtag was detected) to be delivered later, but again, no one knows. it is possible that it only appends the GPS data when it sends the 'airtag detected' record it stored earlier.

another interesting test would be to allow an iphone that has no GPS connectivity (think, underground) in this case there is no gps data TO append. so what happens? well no one knows, but maybe... when an iPhone detects an airtag underground (or without gps), moves away from the airtag with the device, and then re-obtain GPS and networking... will it record its new GPS location to the airtag record now that it has GPS data to append?

far from 'without a reasonable doubt' without the code actually being inspected.
 
Last edited:
your question is actually not a difficult one.

there are two aspects to this.

1 the legal aspect (which is different from technology)
often times defence lawyers attempt to show in court that something may happen.
statistically even though the probability of it happening may be a very very tiny percentage of possibility. such as something happening 1 time out of 1 billion.
a judge or jury may accept this or reject this.
DNA evidence, used commonly now, was not allowed to be used in evidence for decades, since, given the limitations of devices at that time, for two people's DNA to be close enough that it was theoretically possible that someone else could have committed the crime. better devices and better understanding of DNA rejects this as ultimately possible but so highly unlikely to be rejected as a defense.

2 the technology aspect
yr question:
quote:
How could FindMy show an AirTag 5 OR 10 MILES AWAY from its actual location, in a LOCATION IT HAD NEVER, EVER BEEN?
end quote
still shows you do not understand how the tech works.
in your later post you say basically to assume that there were no weather or extenuating circumstances to consider.
therefore, it is clear that the reported position of the air tag 10 miles away from its later/actual location was the air tag's last reported location. that is all. nothing more than that. the air tag was at that location at some point in time or passed through that location when it made bluetooth contact with another Find My device.
i have an air tag in my car.
when i check where it is reporting my car at, its reporting the last location that it happened to make Find My Bluetooth contact with. which can frequently be 4 or 5 miles away from my house, when, suddenly, my wife pulls into our driveway.

based on the legal and technology aspects of this, if were the judge or on the jury, i would state/argue that the air tag was, at some point at that location,10 miles away from the final location.
furthermore, i would reject the idea that it was some aberrational or fluke data point, and the the tech shows clearly that the air tag was at that location, at the time indicated.

i dont know which jurisdiction (country, for example) you are using in your example.
however, in the USA, air tag data has been successfully found admissible as evidence in many courts, and in many different types of prosecutions. not everywhere all the time for any reason, but mostly found to be admissible as evidence. i do not know of a case where it has been successfully used in the case of a capital crime. mobile fon GPS location has been used in capital crimes, but i dont know about air tag data.
 
Last edited:
  • Like
Reactions: Chuckeee
Let me make things clearer, because you are quite right that I didn't qualify my question with sufficient detail. I genuinely apologize.

The scenario is this:

* no one knows this AirTag exists except the person with the account to which the AirTag belongs

* no one is trying to hack or jam or otherwise thwart ANY part of Apple's end-to-end AirTag ecosystem

* the weather is clear with moderate sunshine (e.g., "no lightning")

* there are ZERO bad actors targeting the AirTag, the machine component to which it's affixed, or the account of the person who owns and operates the AirTag and the FindMy app.

Just a typical AirTag operating nominally and Apple's entire network operating nominally with no one attempting to steal the package containing the machine component.

So under this scenario with the conditions I've just now mentioned, how could an AirTag possibly make the mistake I described in my original post?

Again, my sincere apologies for insufficiently detailing the boundaries of my question. I respect the way you brought this to my attention because you were straightforward and clearly stated the conflict in my statements using only three short lines. And thanks for your help, too.
r/oddlyspecific
 
I believe when you turn off WiFi (and Bluetooth) for the first time on iPhone it still displays a pop up window explaining that location services are more accurate with WiFi (and Bluetooth, duh) on.
 
You could spoof the GPS. The technology exists to convince your GPS that it's somewhere that it isn't. I doubt your phone tries that hard to detect bad signals. It's not cheap to do, but technically possible. Software Defined Radios make this relatively affordable to do:

Does the phone still fall back to WiFi localization if it can't get GPS? Easier might be to turn off GPS and spoof a WiFi SSID. In much older phones, there was a place where I would suddenly be transported states away because a neighbor had recently moved and brought their router with them. Apparently it was in the database located somewhere else. I'm sure Apple's gotten better at avoiding those mistakes, but I'm not sure they've completely eliminated WiFi positioning from their mix.


By "their current GPS position", I think OP meant it relays the phone's GPS position.
I believe when you turn off WiFi (and Bluetooth) for the first time on iPhone it still displays a pop up window explaining that location services are more accurate with WiFi (and Bluetooth, duh) on.
 
I harvest all my airtag data so I can plot it on maps via my website (python/django). I often notice erroneous location data which I attribute to Apple FindMy bugs, what else can it be, I am simply capturing from icloud data which is directly from Apple. It is rare but it does occur where you get a ping from a coordinate several miles away which is verified as incorrect since the tags are right beside me. The tech is relatively new so I can understand that bugs exist. Most people won't even notice the odd off location since they use FindMy app to look at last known locations. I notice it because there is a line over to a location I know is impossible on my map. Oh well..
 
your question is actually not a difficult one.

there are two aspects to this.

1 the legal aspect (which is different from technology)
often times defence lawyers attempt to show in court that something may happen.
statistically even though the probability of it happening may be a very very tiny percentage of possibility. such as something happening 1 time out of 1 billion.
a judge or jury may accept this or reject this.
DNA evidence, used commonly now, was not allowed to be used in evidence for decades, since, given the limitations of devices at that time, for two people's DNA to be close enough that it was theoretically possible that someone else could have committed the crime. better devices and better understanding of DNA rejects this as ultimately possible but so highly unlikely to be rejected as a defense.

2 the technology aspect
yr question:
quote:
How could FindMy show an AirTag 5 OR 10 MILES AWAY from its actual location, in a LOCATION IT HAD NEVER, EVER BEEN?
end quote
still shows you do not understand how the tech works.
in your later post you say basically to assume that there were no weather or extenuating circumstances to consider.
therefore, it is clear that the reported position of the air tag 10 miles away from its later/actual location was the air tag's last reported location. that is all. nothing more than that. the air tag was at that location at some point in time or passed through that location when it made bluetooth contact with another Find My device.
i have an air tag in my car.
when i check where it is reporting my car at, its reporting the last location that it happened to make Find My Bluetooth contact with. which can frequently be 4 or 5 miles away from my house, when, suddenly, my wife pulls into our driveway.

based on the legal and technology aspects of this, if were the judge or on the jury, i would state/argue that the air tag was, at some point at that location,10 miles away from the final location.
furthermore, i would reject the idea that it was some aberrational or fluke data point, and the the tech shows clearly that the air tag was at that location, at the time indicated.

i dont know which jurisdiction (country, for example) you are using in your example.
however, in the USA, air tag data has been successfully found admissible as evidence in many courts, and in many different types of prosecutions. not everywhere all the time for any reason, but mostly found to be admissible as evidence. i do not know of a case where it has been successfully used in the case of a capital crime. mobile fon GPS location has been used in capital crimes, but i dont know about air tag data.
I think erihp nailed it in his most recent post about scenarios where GPS data is acquired separately by the reporting device, rather than at the same moment as the ping of the AirTag.

That's the only possible way I thought it could happen before I ever posted.
 
given those parameters, the most likely scenario is one we cannot be assured exists, but from my understanding of the networking, and software development, could.


keeping this simple (no one really knows what happens), i could imagine a scenario where an iphone, in a vehicle, could drive by an airtag (maybe in another vehicle?) with spotty or extremely latent network connectivity, detecting and recording the airtag it saw, but unable to upload its location data until network connectivity was available again. by then the device is somewhere else, but 'saw' the airtag miles away.

we assume that the phone would store the 'airtag detected' record in a local database (complete with the GPS location data of the moment the airtag was detected) to be delivered later, but again, no one knows. it is possible that it only appends the GPS data when it sends the 'airtag detected' record it stored earlier.

another interesting test would be to allow an iphone that has no GPS connectivity (think, underground) in this case there is no gps data TO append. so what happens? well no one knows, but maybe... when an iPhone detects an airtag underground (or without gps), moves away from the airtag with the device, and then re-obtain GPS and networking... will it record its new GPS location to the airtag record now that it has GPS data to append?

far from 'without a reasonable doubt' without the code actually being inspected.
Sir, I think you just nailed the entire topic directly on its head! Thank you so very much for your help in all this. I hope I can return the favor in some way.
 
  • Like
Reactions: erihp
Sir, I think you just nailed the entire topic directly on its head! Thank you so very much for your help in all this. I hope I can return the favor in some way.

pass it forward. say or do something kind for someone else at just the right time. Maybe when no one else will, or you don't have to.

it was fun to think about how this could be possible, given the constraints.
 
1) Understand that iPhone does not use GPS to determine its location most of the time. It is very power intensive to triangulate using satellite. Much of the location data is from Apple doing historical scans of Wi-Fi SSIDs and recording their actual locations. This is why when Wi-Fi is turned off, location accuracy is poor when indoors.

2) AirTag uses the location data from nearby iPhones. If this data is poor, e.g. multiple iPhones can only capture the signal from only one or two satellites, the margin of error will be huge. In this case, the AirTag can appear to be at a location where it has never been.
 
1) Understand that iPhone does not use GPS to determine its location most of the time. It is very power intensive to triangulate using satellite. Much of the location data is from Apple doing historical scans of Wi-Fi SSIDs and recording their actual locations. This is why when Wi-Fi is turned off, location accuracy is poor when indoors.
it's not that intensive to use GPS, Using wifi (or aGPS / assisted GPS) helps it to get a lock a little quicker, it can help it know which satellites to listen for. And it's not really triangulation, which requires you to know what direction the satellite is in, GPS doesn't know that. GPS works by time differences. GPS satellites broadcast the precise time, as well as some ID, and the location of the satellite. Your phone knows the current time, and will compare the time it receives from the satellite, by seeing the difference it can figure out how far away from the satellite it is, which would be any point on a sphere, if you throw the earth in there, those 2 spheres intersect along a circle. Now add another satellite and sphere and you're down to a couple points, one more and there's only one place you can be on the surface on the earth, and X miles from satellite 1, Y miles from #2, and Z miles from #3.

all of that is handled by a purpose built chip not the phones main processors, which uses very little power.

I've had Garmin bike computers that had very processing power that did just fine without relying on wifi. and those old TomTom devices also had a tiny fraction of modern smart phones.

2) AirTag uses the location data from nearby iPhones. If this data is poor, e.g. multiple iPhones can only capture the signal from only one or two satellites, the margin of error will be huge. In this case, the AirTag can appear to be at a location where it has never been.
2. the air tag has no clue where it is, it sends out a ping, and a phone will answer that it heard the ping, so the tag knows it can go to low power for a bit and save battery. , the phone sends the location to apple, never to the AirTag. The tags definitely aren't talking to multiple phones and averaging the location. the most likely reason for a tag to be reported away from where it is is low signal, saw someone here who tested by placing a tag near the road in a low signal area, the tag would consistantly show up a few hundred yards down the road where the signal picked back up.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.