Weekend good reads for Apple developers #2023/39

Fall is here, another nice weekend is here too. Let's go through great articles.

And that is it. Come back next week for more great articles!

Apple and Google are partnering to prevent possible spying by item trackers

Apple and Google are cooperating (again!) on use of Bluetooth (again!) tracking technology. AirTags and other item trackers based on Bluetooth could be used to perform unwanted tracking.

Apple added additional safeguards to report unrecognized AirTag traveling with user. Also, app was introduced for Android users.

Now Apple and Google are working together to have unified specification to alert users of unwanted location trackers. Future versions of iOS and Android are to implement these specifications.

Apple Newsroom: Apple, Google partner on an industry specification to address unwanted tracking

IETF Datatracker: Detecting Unwanted Location Trackers

Google Play: Tracker Detect

References:

Apple publishes safety guide addressing AirTag fears

Apple tries to address AirTag unwanted tracking issues in updated safety document.

Both AirTag and the Find My network are designed with privacy at their core. AirTag and Find My network accessories have unique Bluetooth identifiers that change frequently. To discourage unwanted tracking, Find My notifies you if an unknown AirTag or other Find My accessory is seen moving with you over time by sending you the message, “Item Detected Near You.” (This feature is available on iPhone, iPad, or iPod touch running iOS 14.5 or iPadOS 14.5 or later). If you see this message on your device, an AirTag or other Find My accessory that has been separated from the person who registered it is traveling with you, and the owner might be able to see its location. It’s possible that the AirTag might be attached to an item you are borrowing.

Apple

Apple: Personal Safety User Guide

Apple Support: What to do if you get an alert that an AirTag or Find My network accessory is with you

Reference: Apple Explains How to Stay Safe With AirTag and More in Personal Safety Guide

Safari bug leaks user information, allowing user tracking

Safari 15 is exposing IndexedDB data to opened sites and in tabs and recently opened.

Sites cannot read contents of IndexedDB, however, names of databases are accessible to all sites. Google keeps user ID as a part of database name allowing cross-site tracking.

Use alternate browsers, until fix is released

Even Private Mode is vulnerable, no workarounds are available at the time.
iOS alternate browsers are also vulnerable, and Private Mode does not fully protect from tracking.

Users should use alternate browsers on macOS and wait for Apple's fix.

Live demo: Safari Leaks

Reference:

Apple publishes ‘Tracker Detect’ app to prevent Android users from being tracked by AirTags

Apple released 'Tracker Detect' application for Android. This apps will warn users if it sees unwanted AirTag traveling with the user.

App detects AirTags that are separated from their owners and displays those. This minimizes risks of false alarms.

It seems, however, that currently app does not detect AirTags in background and user needs to explicitly launch an app and perform scan manually.

Google Play: Tracker Detect