Okay Google, Where’s My Tracker? Security, Privacy, and Performance Evaluation of Google's Find My Device Network

Leon Böttger; Alexander Matern; Dennis Arndt; Matthias Hollick

Okay Google, Where’s My Tracker? Security, Privacy, and Performance Evaluation of Google's Find My Device Network

Authors: Leon Böttger (Technical University of Darmstadt), Alexander Matern (Technical University of Darmstadt), Dennis Arndt (Technical University of Darmstadt), Matthias Hollick (Technical University of Darmstadt)

Volume: 2025
Issue: 4
Pages: 605–619
DOI: https://doi.org/10.56553/popets-2025-0147

Download PDF

Abstract: In April 2024, Google launched the Find My Device Network (FMDN), an Offline-Finding Network (OFN) that allows lost Bluetooth devices, such as trackers or headphones, to be located using billions of Android devices as finders. Similarly to Apple's Find My network, it is activated by default on all modern Android devices. Google promises end-to-end encryption for all location updates and claims to protect the privacy of finder devices as well as owners of lost devices and trackers. Although Android is open-source, FMDN is part of Google Play Services and is only partially publicly specified. We reverse-engineer the proprietary parts of the network, document its behavior, and analyze its privacy, security, and performance. We find several security and privacy issues, including denial-of-service attacks and a potential linkage attack on Android. We further implement a custom app, porting Google's trackers from Android to iOS while also extending the features of the FMDN.

Keywords: Bluetooth, Offline-Finding Networks, Tracker, Security, Privacy, Find My Device

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.