Skip to main content

Google on the Find My Device network’s privacy protections

With the launch of the Find My Device network, Google today detailed the user and privacy protections in place.

The FMD network is intended to be “secure by default and private by design,” with Google conducting user research and talking to privacy/advocacy groups. It has undergone internal Android red team testing and is part of the Android security vulnerability rewards program.

Google highlights three sets of protections, starting with Data Safeguards. Location data is end-to-end encrypted using a “key that is only accessible to the Bluetooth tag owner” or anyone they’ve shared that device with. 

Only the Bluetooth tag owner (and those they’ve chosen to share access with) can decrypt and view the tag’s location. With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.

Additionally, how E2E encrypted locations are contributed to the FMD network does not let Google (or the tag’s owners) “identify the owners of the nearby Android devices that provided the location data.” Finally:

End-to-end encrypted location data is minimally buffered and frequently overwritten. In addition, if the network can help find a Bluetooth tag using the owner’s nearby devices (e.g., if their own phone detects the tag), the network will discard crowdsourced reports for the tag.

The Safety-first Protections tentpole includes a “first-of-its-kind safety protection that makes unwanted tracking to a private location, like your home, more difficult.” The FMD network requires “multiple nearby Android devices to detect a tag before reporting its location to the tag’s owner.” This “aggregation by default” is complemented by Nest finding that uses your speakers and displays to find things when you’re at home. 

Android devices will “not contribute crowdsourced location reports to the Find My Device network when it is near the user’s home” if they have saved their home address to their Google Account. 

To combat unwanted tracking, Google limits:

  • “the number of times that a nearby Android device can contribute a location report for a particular Bluetooth tag”
  • “how frequently the owner of a Bluetooth tag can request an updated location for the tag”

The Find My Device network is “compliant with the integration version of the joint industry standard for unwanted tracking” to support Android and iOS unknown tracker alerts/notifications.

Lastly, on the Users Controls front, you can control what devices participate in the FMD network and how. Your options are: Off, Without network, With network in high-traffic areas only, or With network in all areas. “High-traffic areas only” is the default. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications