It's a shame that the report server is hard-coded (well implied). Imagine if the device could advertise a report URL and then you could receive reports without a Google account.
The only thing that may be hard is forcing aggregation. However that could be accomplished with a Google "buffer" that holds messages until some threshold of reports for a given device is hit. Then it flushes them to the device owner's reporting server.
This would also allow more use cases such as logging device location over time as a server owned by me may be trusted enough to decrypt and index the location reports.
So secure that my Galaxy device refuses to use it.
Is there something in the Samsung Ecosystem that disables the use of the core android one?
I know I can use Samsung Smart things but the rest of my life is in the Google Ecosystem and I would prefer to be able to track my phone through that, especially as last time I needed it Samsung required me to 2FA with my phone to use find my device
And yet they couldn't agree with Apple on a protocol that could be implemented by both. Imagine how much better tracking you'd get with tags that could be picked up by either Android or iPhones. Especially in the _third world_ where Android phones are way more prevalent.
> "The Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices. Imagine you drop your keys at a cafe. The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag."
It seems to say that under some circumstances a phone will report its location (indirectly over an e2e encrypted network) to the owner of a bluetooth device that's in range of the phone.
It doesn't say that the phone is constantly polling the location to do so. Now, your paraphrase is compatible with that text, so it's possible that it's indeed how it works. But there are other equally consistent options, e.g. that the phone only reports bt device locations in when it already has a fine-grained location available anyway for other reasons. The latter kind of seems more likely to me (to minimize the impact on battery usage for users participating int he network), but in reality we don't know which of these two schemes (or some other one) is used. And since we don't know, it seems like bad form to just make up an interpretation and claim that it's what the article says.
And either way, the article also does not claim or imply that the security of the system relies on this "constant polling", which is how you paraphrased the article.
I have a number of issues with these schemes generally. However, in this case my primary hesitation is that it's Google, and I lost trust in Google a good while back.
If that's your threat model then nothing that comes out of google would be trustable. In other words you already distrust android and this product doesn't meaningfully change anything.
Bluetooth is a wireless protocol. It's "normal thing" is to connect two devices. It CAN identify and locate devices by abusing beacons, but saying "that's what Bluetooth does" is crazy. That's like a falcon x rocket destroying my house and someone tells me "that's just what a rocket does". No, someone flew it there.
Bluetooth is passively looking for devices to connect to all the time. The alternative would be to require users to actively initiate connections, which would be a horrible experience.
WiFi has been used this way for 15 years to aid with approximate location queries. I don’t think concerns with the technology are unjustified, but referring to it as abuse is unnecessarily histrionic. This type of use for radios is not unprecedented, and eg the “central” database you refer to is only central in any meaningful sense if their implementation ends up being flawed. Otherwise is an encrypted repository of user data.
Always-on location tracking isn't about finding your lost devices - it's about the tracking data. The "feature" is just the hook to trick us into adopting it.
As a user of the feature on the Apple side I find the feature to be incredibly useful. It’s saved me from waiting in hour-long lost luggage lines at the airport on multiple occasions because I know not to bother waiting when my bag is in another country.
My location was already being used for Find My for devices/theft protection and your cellular provider has access in a way that you can’t really limit. I think most users are basically getting an extra feature without much different to their privacy landscape (not to say that it’s an incredibly good privacy landscape…but really, someone concerned with corporations collecting their location data is already leaving their cell phone at home).
Not only that your device will poll for your location, but even if you have your location turned off (or no functional GPS at all), with BT enabled, Google will have your location from all the other people's phones around you.
Basically, you can't listen to music and have your location hidden from Google at the same time.
> These end-to-end encrypted locations are contributed to the Find My Device network in a manner that does not allow Google to identify the owners of the nearby Android devices that provided the location data.
Aggregation of different data points in conjunction with whether a user used find my device recently. Really a bazillion methods. The fact they allegedly encrypted (their word there’s no break glass mechanism or backdoor) a single piece of location data doesn’t really matter when the other data they have in aggregate tells them precisely where you are, and this can only really help.
It’s entirely reasonable at this point in history not to trust google marketing-speak that dances around stuff like this.
The only thing that may be hard is forcing aggregation. However that could be accomplished with a Google "buffer" that holds messages until some threshold of reports for a given device is hit. Then it flushes them to the device owner's reporting server.
This would also allow more use cases such as logging device location over time as a server owned by me may be trusted enough to decrypt and index the location reports.