Apple Find My Lacks Cross-Authority Reader Activation

Vendor & Product Reality

Apple Find My, in its current form, fuses three product surfaces. The first is Find My iPhone / Find My Mac: device recovery for Apple's own hardware, anchored in iCloud account credentials and the Secure Enclave on each device. The second is the Find My network itself: a crowd-sourced layer in which any Apple device running a recent version of iOS, iPadOS, or macOS may, with the user's consent, act as a passive Bluetooth scanner for nearby Find My beacons and report encrypted location observations back through Apple's relay infrastructure to the legitimate owner. The third is AirTag and the Find My accessory program: small Bluetooth Low Energy beacons, optionally with U1 / U2 ultra-wideband for sub-decimeter precision finding when the searching device is within UWB range, accompanied by a third-party accessory specification that lets vendors such as Chipolo, Pebblebee, and others ride the same crowd-source rails.

The cryptographic envelope around this system is non-trivial. AirTags rotate broadcast public keys frequently; observers cannot link successive broadcasts of the same tag without owner-held secrets; relay reports are end-to-end encrypted to the owner's Apple ID-bound key material, so Apple itself cannot read recovered locations. Anti-stalking countermeasures have evolved through several iterations: unwanted-tracking alerts on iOS, the Tracker Detect application for Android, a precision-finding workflow to physically locate an unknown tag, and audible alerts emitted by tags separated from their owner. Apple and Google jointly authored, and the IETF is shepherding, a Detection of Unwanted Location Trackers (DULT) draft intended to harmonize unwanted-tracking detection across Bluetooth tracker vendors and across iOS and Android.

The deployment surface is unusual. Apple does not need to negotiate reader access; every consenting Apple device is, by default, already a reader. The network bootstraps from the installed base. No competing vendor can replicate that bootstrap without either Apple's cooperation, a comparably large platform of its own (Google, Samsung), or a different architectural model entirely.

Architectural Gap

The structural limitation of Find My is not cryptographic and not a matter of engineering quality. It is the implicit assumption that the reader population belongs to one authority. Every reader is an Apple device, governed by Apple's policies, updated on Apple's release schedule, and, critically, the only governance lever available to a person who does not consent to being scanned — for example, a domestic-abuse survivor who wishes never to have their AirTag-equipped luggage relayed — is opt-out at the device level. The architecture admits no notion of a non-Apple authority that could attest to a reader's policy posture, no notion of a regulator or anti-stalking organization that could co-sign a recognition policy, and no notion of a peer vendor (Tile, Samsung SmartThings Find, an automotive OEM's in-vehicle scanner, a municipal transit reader) participating as a credentialed contributor under shared governance.

DULT moves in the right direction by standardizing the unwanted-tracking detection contract across vendors, but it remains a bilateral interoperability layer: Apple and Google agree on detection semantics, individual tracker vendors comply, and each platform's reader population continues to operate under that platform's authority. Detection is harmonized; reader activation is not. The architectural primitive that admits many credentialed reader authorities, governed by composable signed policies, with anti-stalking guarantees enforced structurally rather than per-vendor, is the layer DULT has not reached.

Two consequences follow. First, anti-stalking guarantees in the current architecture are policy-by-vendor: Apple's iOS does the right thing, Google's Android does the right thing, Tile does the right thing, but the guarantee is the union of cooperating vendors rather than a structural property of the discovery fabric itself. A non-cooperating tracker manufacturer, or a jurisdiction with different anti-stalking requirements, breaks the union. Second, the central-network authority — Apple's relay infrastructure — is a single point of governance, and any future regulatory action that requires multi-authority oversight (EU lawful-access provisions, US state-level anti-stalking statutes, cross-border data transfer constraints) lands on a network whose architecture was never designed to carry more than one authority's policy.

What the Primitive Provides

Adaptive Query's semantic-discovery primitive, composed with its n-party-coordination construct, treats the reader population as a federation of credentialed authorities rather than a single-vendor pool. Each reader carries an attestation of which authority credentialed it; each broadcasting beacon is governed by a discovery policy that names the authorities whose readers it is willing to be observed by, the conditions under which observations may be relayed, and the anti-stalking obligations that flow with any successful match. The semantic-discovery primitive is the matching layer that resolves a beacon's policy against the candidate reader's attestations and emits a structurally enforceable yes-or-no, with the n-party-coordination layer carrying the result through any number of relay hops without collapsing the multi-authority governance into a single point.

Anti-stalking guarantees become structural rather than vendor-cooperative. A tag whose discovery policy requires co-signature by a recognized anti-stalking organization will not be relayed by any reader whose attestation chain does not include that co-signature, regardless of which vendor manufactured the reader. Opt-out at the individual level still exists, but it is no longer the only governance lever; community, regulatory, and cross-vendor governance all compose into the same primitive.

Composition Pathway

Composition with Apple's existing stack is additive, not replacement. The Find My cryptographic envelope — rotating keys, encrypted relays, owner-held decryption — continues to operate as the confidentiality layer. The semantic-discovery primitive sits above the relay decision, gating which observations are eligible for relay in the first place. Apple's reader population becomes one credentialed contributor among many; Apple-credentialed readers continue to do exactly what they do today for Apple-credentialed AirTags, with no degradation, while gaining the ability to relay observations of non-Apple-credentialed beacons under signed cross-recognition policies. Symmetrically, non-Apple readers — Google's Find My Device network, Samsung's SmartThings Find, future municipal or automotive reader fleets — can relay Apple-originated beacons under the same primitive.

The IETF DULT track integrates as a special case: the unwanted-tracking detection contract becomes one of the policy obligations carried in the discovery envelope, with the primitive supplying the structural enforcement that DULT today expresses as an inter-vendor agreement. Apple's existing investments in Secure Enclave attestation, U1/U2 UWB ranging for precision finding, and the Find My accessory program all carry forward; the primitive supplies the cross-authority governance that each of those investments is currently asked to provide on its own.

Commercial & Licensing

Apple's commercial position is strengthened, not diluted, by participating in a structurally multi-authority discovery fabric. The installed-base advantage of one billion Apple-credentialed readers does not vanish when the architecture admits other authorities; it remains the largest single contributor to a federation Apple participates in on favorable terms. Bilateral integration with Google scales to two; the primitive scales to the open-ended set of vendors, regulators, and infrastructure operators that any realistic global anti-stalking and cross-platform tracker ecosystem will require. The patent positions the primitive at the architectural layer Apple's own DULT trajectory has been moving toward, and licensing engagement with Apple — and symmetrically with Google, Samsung, Tile, and the broader Find My accessory program — is the natural commercial path.

The licensing case has a regulatory tailwind. EU Digital Markets Act gatekeeper obligations, US state-level anti-stalking statutes that increasingly name electronic tracking devices specifically, and the IETF DULT trajectory all push toward a discovery fabric that no single vendor controls. A multi-authority architectural primitive, available under uniform licensing terms to every participating vendor, is the lowest-friction compliance path for the regulated population and the lowest-friction interoperability path for the consumer-facing population. Apple's value capture remains its installed base, its silicon (U1, U2, Secure Enclave), and the Find My user experience; the primitive is the connective tissue that lets that value compose with the rest of the global tracker ecosystem rather than competing against it on bilateral terms.