[HN Gopher] Query Apple's FindMy Network with Python
___________________________________________________________________
Query Apple's FindMy Network with Python
Author : nkko
Score : 167 points
Date : 2024-12-21 12:14 UTC (5 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| Galanwe wrote:
| Fore those not familiar with the Apple ecosystem, what does "Find
| My" do? locate apple devices ?
| simonw wrote:
| A bunch of stuff:
|
| - Find your Apple Watch, AirPods, laptop etc
|
| - Find family member devices if they've granted you access to
| do that
|
| - Find AirTags
|
| - Show you the location of friends who have granted you access
| kabirgoel wrote:
| Correct. You can also share your location with friends. A lot
| of friend groups (at least my age) use Find My as a kind of
| social network.
| gomoboo wrote:
| How does that work woth your friends? Always on access or
| just occasionally?
| toomuchtodo wrote:
| Always on. You can see where your friends are at both in
| Find My and under their contact photo in your iMessages
| chat.
| johnisgood wrote:
| Personally I do not find the idea comforting that someone
| (anyone) may know where I am at all times. I would not
| even trust Apple either.
| rvnx wrote:
| It's a virtual leash for couples.
| toomuchtodo wrote:
| Blame the emotionally dysfunctional, not the tool. It's
| only a problem if it changes how you would live your life
| or pressured or coerced (in which case, say no).
| proteal wrote:
| This is actually one of the big differences between
| generations. It's not just the norm for young people to
| share locations, but rather almost expected, with real
| social consequences for not. Yes it's probably a little
| weird to have someone's precise location 100% of the
| time, but since you're sharing it with me there's a good
| deal of trust implied (though this is not always the case
| as it has become more normalized). However, if we stop
| sharing locations, that usually implies a divorce of the
| relationship. People will shut you out of their life if
| you stop sharing your location with them, no matter the
| reason. From that lens, the choice is simple. You've
| gotta share your location, even if it's a bit icky from a
| privacy perspective or you risk losing an entire cohort
| of friends. I will admit, there is a strange level of
| intimacy for having done it. In a world increasingly
| dominated by the pixels on this 4x8 screen, it is a nice
| reminder that the text bubbles on my phone actually come
| from real people that I can show you on a map.
|
| (Obviously you can find friends who don't care for it and
| you can live a normal life and be just fine. I'm privacy
| conscious but I still share my location with a handful of
| friends for the above reasons.)
| sleepybrett wrote:
| you can control who you share your location with and for
| how long. I think the options are, just once, for an
| hour, for the day and forever.
| haliskerbas wrote:
| Always on, works as a great way to check in on close
| friends or have them check in on you (like someone going on
| a first date)
| GeekyBear wrote:
| > Always on access or just occasionally?
|
| You have quite a few granular choices.
|
| > You can share your current location once, temporarily
| share your location while you're on the way to an expected
| destination, or share your ongoing Live Location... for an
| hour, until the end of the day, or indefinitely.
|
| In Messages, you can use Check In to share your location...
| Your location is shared only if there's an unexpected delay
| during your trip or activity and you're unresponsive.
|
| https://support.apple.com/en-us/105104
| Nextgrid wrote:
| Does it have any battery impact? I've never tried these
| always-on location tracking things partly due to (unfounded?)
| concerns about battery use.
| msh wrote:
| its not always on in that way. It will report your location
| when requested, and optionally just before shutting down.
| latexr wrote:
| https://en.wikipedia.org/wiki/Find_My
|
| > Find My is an asset tracking service made by Apple Inc. that
| enables users to track the location of iOS, iPadOS, macOS,
| watchOS, visionOS, tvOS devices, AirPods, AirTags, and a number
| of supported third-party accessories through a connected iCloud
| account. Users can also show their primary device's geographic
| location to others, and can view the location of others who
| choose to share their location. Find My was released alongside
| iOS 13 on September 19, 2019, merging the functions of the
| former Find My iPhone (known on Mac computers as Find My Mac)
| and Find My Friends into a single app. On watchOS, Find My is
| separated into three different applications: Find Devices, Find
| People and Find Items.
| cube2222 wrote:
| Importantly, it works in a peer-to-peer kind of way. Apple
| devices act as kind of beacons and nearby iPhones can notify
| Apple servers of any nearby devices they detect (in a way not
| decryptable by Apple, only by the owner of the devices).
|
| So AirTags, MacBooks, and turned-off iPhones are findable via
| passing-by turned-on iPhones.
| lopkeny12ko wrote:
| Is it not a glaring privacy and security hole that turned-off
| devices can still be located?
|
| Maybe it's just me, but if I own an internet-connected device
| and I turn it off, I expect it to be _off_. That an iPhone 's
| definition of "off" means " _you_ can 't use it but other
| random people's iPhones in the vicinity can still connect to
| and ping it" rubs me the wrong way.
| anderiv wrote:
| The off-but-still-on functionality can be turned off, and
| the OS does disclose that by default the device is still
| findable on the power off screen.
| jen20 wrote:
| It is not. If you don't want your device to participate,
| you ca elect not to enable Find My during setup. The vast
| majority of people would rather a their couldn't just turn
| off a stolen phone and render it unlocatable.
| rainsford wrote:
| Also the location is only accessible to you, the owner of
| the device. Not Apple or "random other people's iPhones".
|
| The engineering and thought that went into the whole
| thing to be useful but also privacy protecting is
| actually pretty impressive, and exactly the kind of thing
| we should be _encouraging_ companies to do if we care
| about privacy. Especially since as you point out, you can
| still easily turn it off at any point if you want.
| vasco wrote:
| With the Apple and the Google ecosystems!
| incanus77 wrote:
| I don't use the person tracking very often except on group
| vacations, but I track a vehicle with an AirTag after a car
| theft for a little peace of mind (along with other preventative
| measures). Every now and then it's handy for my own devices,
| too, including alerting me when I've accidentally left one
| behind at a non-routine location.
| delijati wrote:
| Can i add xiaomi "airtag" with it?
| oulipo wrote:
| I'm also interested by the Haystack project to have an
| ESP32-based object identify as an AirTag and be able to follow it
|
| Does anyone knows if their approach is "sustainable", or if Apple
| can easily "block out" such hacks from their network?
| Its_Padar wrote:
| If it functions exactly as an AirTag does then it would be hard
| as they would not want to block all previously sold AirTags
| crazygringo wrote:
| Is there something it can do to whitelist legitimate AirTag
| serial numbers?
| bhy wrote:
| I don't think AirTag work that way. AirTag protocol is
| specifically designed so Apple or other parties will not be
| able to track users by serial numbers.
| gjsman-1000 wrote:
| Where there's a will, there's a way. Apple is very clear
| law enforcement can approach them with any AirTag and
| they will immediately be able to tie it to a user.
| kolinko wrote:
| One doesn't exclude the other - a physical airtag may
| have an ID available, but not broadcast it anywhere.
|
| Also, "when there's a will..." doesn't really apply to
| cruptography
| stonegray wrote:
| They do, Airtag hardware need to be signed to add to your
| iCloud account. But the actual location beacon messages are
| not linked to your iCloud account and can't be associated
| with the sending airtag.
| mikeweiss wrote:
| As someone who lives in an Android family but would still like to
| use air tags since it's the biggest network in the U.S. I'd love
| a way to add and use air tags without needing to have an iPhone!
| zikduruqe wrote:
| You used to be able to query this data locally from your MacBook,
| but Apple decided to encrypt it. It was fun to put an AirTag on
| your cat, then use GPS Visualizer to plot your cat's activities
| overnight.
|
| https://github.com/icepick3000/AirtagAlex
|
| https://www.gpsvisualizer.com
| qup wrote:
| While we're here, I have an ask (of anyone). I want the same
| exact thing you said, except for an outdoor dog on a large
| property.
|
| I would like a tag that just records its own GPS coordinates
| locally on-device, every so often, and then when my dog comes
| home, I can check where she's been.
|
| Does this exist?
| Raed667 wrote:
| Any cheap Garmin watch should do the trick
| 1986 wrote:
| And if you want to spend more, Garmin even makes a range of
| dog tracking equipment: https://www.garmin.com/en-
| US/p/965617
| cdurth wrote:
| You could definitely use meshtastic devices to do this
| zikduruqe wrote:
| You know honestly? I have thought of using a XOSS cycling
| computer (https://www.amazon.com/XOSS-Speedometer-
| Accessories-Waterpro...).
|
| I have used them before on various bikes and they work just
| fine. Battery life is about 25 hours, it is weather
| resistant, and then you can sync them after you record an
| activity. And at less than $30, if it gets lost, it isn't the
| worst thing in the world.
| janten wrote:
| They are called GPS trackers or GPS loggers. You can find
| some that save coordinates to a microSD card and optionally
| send the location via cellular connection for about 10
| dollars on AliExpress.
| Havoc wrote:
| What are the chance that this keeps working long term?
|
| Sounds awesome & makes airtags more appealing, but if apple is
| just going to shut it down next week then less so
| stonegray wrote:
| Changing the underlying find my network to break this would be
| challenging if not impossible while keeping the privacy
| protections in place. Apple can't identify devices sending data
| to find my, and doesn't log requests. Short of changes that
| would break compatibility with older devices it should be
| relatively stable.
|
| OpenHaystack has been doing this for a few years now and Apple
| has made no efforts to restrict it.
| gjsman-1000 wrote:
| > Apple can't identify devices sending data to find my, and
| doesn't log requests.
|
| So what you're saying is that a decent firewall could still
| inspect the traffic, or the patterns thereof.
|
| Also, this doesn't make any sense, as if Apple doesn't know
| which AirTag belongs to who, Find My would be very useless;
| and law enforcement would be furious.
| stonegray wrote:
| Airtags are associated with your apple ID for safety, but
| when you make a request for the location from Find My it
| doesn't include any information about which airtag you're
| asking about; just a CSPRNG-incremented public key that
| changes every 15 minutes. The location data itself is not
| available to Apple.
|
| Here is Apple's docs on how they prevent themselves from
| inspecting traffic on Fmi:
| https://support.apple.com/guide/security/find-my-security-
| se...
| wutwutwat wrote:
| So Apple has no way to see anything even when developing
| the platform itself?
|
| They must have a way to decrypt payloads or otherwise get
| into the system they built and control. The fact that
| they let law enforcement know when someone is stalking
| someone with an AirTag shows that the data is available
| to them. It's silly to think otherwise, paper or not.
| future10se wrote:
| > The fact that they let law enforcement know when
| someone is stalking someone with an AirTag shows that the
| data is available to them.
|
| Not technically correct. Apple devices (and Android
| phones with the appropriate app) detect if an unknown
| AirTag is moving with them and makes it home, possibly
| signalling a stalking attempt.
|
| The heuristics for this happen locally; Apple isn't
| "aware" of this happening. That said, when you first set-
| up an AirTag, the serial is tied to your account.
| Therefore, when you physically find an unknown AirTag and
| report it to law enforcement, they can then subpoena (or
| get a warrant?) Apple for information on the AirTag
| owner's identity.
|
| The serial itself, and any personal identifiers, are not
| used in the locating process, however.
|
| This is well documented in the paper above, in articles,
| as well as in reverse engineering efforts.
| meindnoch wrote:
| So how does Find My work on icloud.com then?
| alphan0n wrote:
| I've been using FakeTag[0] and OpenHaystack[1] coupled with a
| vibration sensor to notify me when various things happen
| around my house. Inspired by this [2] article. It's worked
| flawlessly for ~2 years.
|
| [0] https://github.com/dakhnod/FakeTag
|
| [1] https://github.com/seemoo-lab/openhaystack
|
| [2] https://hackaday.com/2022/05/30/check-your-mailbox-using-
| the...
| ttul wrote:
| From Apple's perspective, if someone uses the FindMy APIs to
| provide a commercial service that diminishes the privacy
| offered by Apple's official apps, they would likely send a C&D
| letter. But for hobby projects, it's not worth clamping down
| hard.
| roger_ wrote:
| Hope someone integrates this with Home Assistant soon!
| pixelmonkey wrote:
| This looks great. If this Python implementation of the FindMy API
| actually works, it would be a major technology quality-of-life
| improvement for me. I hope Apple lets it stay alive.
|
| Everyone who shares location with me does so over Find My, and my
| family insists on using AirTags. As a 100% desktop Linux and
| mobile Android user, it is one of the few things that I always
| need to remote in to my Mac Mini to access because there are no
| x-platform FindMy apps and the FindMy iCloud web app does not
| have feature parity to the macOS and iOS apps. One of a long list
| of offenses where Apple refuses to make things easy for
| x-platform friend groups and families. Very annoying.
| BeefySwain wrote:
| What does "x-platform" mean in this context?
| sshh12 wrote:
| Cross platform (something that works well outside of Apple
| apps/devices)
| pixelmonkey wrote:
| Cross-platform. There are 3 major desktop operating systems
| (Windows, Linux, and Mac) and 2 major mobile operating
| systems (iPhone and Android). Every single OS has a huge
| marketshare worldwide (including Linux, if you count
| servers).
|
| A truly x-platform app is one that works well on all 5 of
| these platforms, e.g. Signal. A moderately x-platform app is
| one that works well on the two mobile operating systems and
| on web as an alternative to desktop, e.g. WhatsApp. A single-
| platform app, like Apple FindMy, only works properly on e.g.
| Mac + iPhone. Apple tends to be the only major industry
| player that produces these sorts of apps, e.g. iMessage,
| FaceTime, Final Cut Pro, Keynote. Although with Keynote you
| can often get by with the iCloud web version, which has a
| useful 80%-or-so of the desktop app's features. Even apps
| like Meet, Zoom, and Teams -- run by rival companies -- are
| more x-platform than major Apple apps.
| stavros wrote:
| I think the GP knows what cross-platform means, but is
| confused by using "X" as shorthand for "cross". In my
| opinion, it's not widespread enough for the four-letter
| saving to be worth the confusion.
| pixelmonkey wrote:
| That's a good point, well taken. Especially now that "X"
| is the name of a social media platform :-)
| marzell wrote:
| Long before the richest man on earth bought Twitter to be
| his personal megaphone to help him prepare to become
| president in order to boost all his personal endeavors,
| the letter X has been used as a sort of contraction to
| replace common morphemes like "cross", "trans" etc, in
| places where the physical representation "x" likens to a
| cross or crossing of some sort, or in reference to the
| Greek letter Chi. Must we change our use of language to
| support this guy, too?
|
| Xtian Xmas xfer tx/rx xor...
| phillco wrote:
| Even within Apple's platforms, there's pretty limited support
| for automation -- you can say "Siri find my keys" but there's
| no App Intents / Shortcuts support for automating anything
| within Find My (AFAIK), which is a bit disappointing.
| pixelmonkey wrote:
| Yes, although I recently discovered Hammerspoon which is a
| clever little bit of open source macOS desktop automation
| technology:
|
| https://www.hammerspoon.org/
| UniverseHacker wrote:
| What about Apple Auotomator and Applescript?
| GeekyBear wrote:
| What information is available through this api that would not
| already be available over the web?
| pixelmonkey wrote:
| Hopefully locations shared by users not part of my iCloud
| Family account, and "Items" (Apple jargon term for AirTags).
| Currently it only shows macOS or iOS "Devices" directly
| linked to my iCloud account, or in my iCloud Family, none of
| the locations shared by friends. And it shows no "Items," not
| even those in my iCloud account.
|
| (... yep, it looks like one of their example programs is
| about accessing AirTag info via API: https://github.com/malme
| loo/FindMy.py/blob/main/examples/rea... ...)
| nulltxt wrote:
| Does Blue Bubbles work for this? They have find my built into
| their app
| bronson wrote:
| Kind of? Right now it feels like it's glued on the side and a
| good proof of concept. It takes a lot more panning and
| zooming than it should. But it DOES work, one-way: you can
| see your friends' locations but they can't see yours.
| fluidcruft wrote:
| One that really annoys me is inability to monitor/control my
| kid's device useage and time limits.
| owenthejumper wrote:
| Using this as soon as Play sound is integrated!
| pravosleva wrote:
| test comment
| pravosleva wrote:
| test reply // Why i cant submit story?
|
| > Sorry, your account isn't able to submit this site.
|
| https://pravosleva.pro/dist.hacker-news-2024
| leobg wrote:
| Can I use this, if I have an iPhone, to trigger actions on a
| server based on my location?
|
| For example, "When I come home, fetch the latest electricity
| prices and notify me if I should plug in my Tesla".
|
| I tried that using Shortcuts, but they won't run location based
| without confirmation. (There are some workarounds, but they, too,
| don't work reliably in my experience.)
___________________________________________________________________
(page generated 2024-12-21 18:00 UTC)