Will this work with malicious tags as well? I.e. tags that are designed to not communicate with a given phone but with other devices nearby? Can that be detected? My understanding is that regular tags will communicate with all phones, but maybe there’s a way to differentiate who to respond to or change identity for every ping? Not familiar with the exact protocol but basically many different tags near a phone wouldn’t trigger the warning, so if a tag can produce multiple identifiers that the adversary controls it could still evade detection?
As far as I am aware, there is no way to stop malicious tags without modifying the protocol to authenticate the messages being broadcast as originating form a genuine tag. [1]
Making a tag that is not trackable is currently as easy as flipping a bit in the BLE advertisement. The same message is broadcast to all phones, but yes, a tag could also produce multiple identifiers and evade detection. [2]
[1]: Section 8 of "Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem". https://eprint.iacr.org/2023/1332.pdf
Seems like in theory you could do that, though there are definitely heuristics you could apply to detect those tags, depending on how stealthy they are being.
Also on the servers side Apple could just limit you to a reasonable number of tags.
