How a “Dead” iPhone Still Shows Up in Find My
Slide to power off, or let the battery run dry — your iPhone keeps whispering. Strangers’ devices carry that whisper home, sealed so tightly that not even Apple can open it. A field guide to the cleverest protocol in your pocket, with working demos.
Contents
The short version
Your iPhone never truly goes silent
When you power off an iPhone — or when the battery gives out — a few microscopic circuits stay awake on a trickle of leftover battery and whisper a Bluetooth signal every couple of seconds. Strangers’ iPhones passing by hear that whisper, quietly attach their own location to it, lock the note cryptographically, and mail it to Apple. Only your devices hold the keys that can unlock those notes.
One reframe up front, because it cuts through most of the confusion: every Apple device on Earth can physically hear the signal — that’s the whole point. What only your registered devices can do is make sense of it. The broadcast is gibberish to everyone else, including the strangers who relay it and the company that stores it.
That single design choice — separating hearing from understanding — is what the rest of this post unpacks. We’ll go from the microwatt electronics that keep a “dead” phone whispering, through the crowd of devices that do the actual finding, into the three-layer cryptography that keeps the whole thing private, and back out to the messy real world: stalkers, standards bodies, rival networks, and checked luggage.
Part one
Off isn’t off: the microwatt afterlife
On most iPhones since 2019’s iPhone 11 — Apple gates the feature to the model lines with an Ultra Wideband chip, so the budget SE-class phones sit it out — the power-off screen says something easy to miss: “iPhone Findable After Power Off” (the exact wording drifts a little between iOS versions). Slide anyway, and the screen goes black, the main processor halts, cellular and Wi-Fi radios die. But “off” is really an ultra-deep sleep. A dedicated power-management chip keeps three thrifty circuits alive: the Bluetooth Low Energy (BLE) radio, the NFC chip with its secure element, and the Ultra Wideband radio. The whisper rides the first one.
It can afford to. BLE advertising sips power in microwatts — the same league as a quartz wristwatch that runs for years on a coin cell. Against a smartphone battery, even a nearly empty one, that’s practically nothing. The clock in your car works the same way: it keeps perfect time for months with the engine off, because a tiny circuit with one job costs almost nothing to run.
Three details make the trick work:
- The phone shuts down early on purpose. When the battery hits “critical,” iPhones bank a small reserve before going dark. It’s the same reserve that lets Express transit cards still open a turnstile on a phone that died an hour ago — a feature that has shipped since 2018’s iPhone XS, three years before the beacon learned the same trick.
- The radio gets its marching orders in advance. Before the lights go out, iOS deals the Bluetooth controller a deck of exactly 96 pre-computed beacon identities, one per 15-minute slot. Play one card every quarter hour and the deck runs out in 96 × 15 minutes — precisely 24 hours. The findability window isn’t measured by a fuel gauge; it’s counted in cryptographic playing cards. (Why the identities have to change at all is Part three.)
- The windows are deliberately capped. Apple’s stated limits: findable up to about 24 hours after a deliberate power-off, and up to about 5 hours in Power Reserve after the battery runs out on its own. After that, Find My shows the last known location instead.
And the “dead” phone will even admit to all this, if you ask: press the side button on an iPhone in Power Reserve and the screen flickers on for a few seconds — a low-battery icon, plus small print listing what’s still running. The corpse twitches, tells you it remains findable, and goes back to sleep.
Just how cheap is a whisper?
Cheap enough that the limiting factor isn’t energy — it’s policy. Play with the arithmetic yourself: pick an energy source, pick a load, and see how long it would run. The point isn’t the exact figures (they’re order-of-magnitude estimates); it’s the absurd gap between what a screen costs and what a whisper costs.
The microwatt economy
InteractiveThis calculator needs JavaScript — without it, trust the prose: a BLE beacon could run for years on the reserve your iPhone banks at shutdown.
Energy source
What it’s powering
Ballpark figures for intuition, not datasheet values (anchor point: Apple rates an AirTag’s ~0.7 Wh coin cell for over a year of beaconing). The real after-power-off window is capped at ~24 hours by the 96-key schedule, not the battery — a phone that whispered for months would be a stalker’s dream.
Part two
A planet-wide search party you never see
Here’s the twist that surprises most people: your off iPhone never figures out where it is. GPS is dark. There’s no internet connection. The whisper it broadcasts contains no location, no name, no serial number — it’s essentially an open padlock, tossed into the air over and over, about every two seconds.
Passing Apple devices do the rest. A stranger’s iPhone hears the padlock, checks its own location, writes a note — “heard this padlock, here, at this time” — snaps the padlock shut over the note, and mails the sealed result to Apple’s servers. The stranger’s phone does this silently, in the background, without its owner ever knowing. The entire sealed report is 88 bytes — your phone donates less data doing a stranger this favor than it spends loading a favicon. Craig Federighi’s line when he announced the system in 2019 still holds: “just tiny bits of data that piggyback on existing network traffic.”
Multiply by the installed base — Apple says over a billion devices participate, drawn from an active fleet that crossed 2.5 billion in early 2026 — and you get a passive, planet-wide search party that works in subway tunnels, parking garages, and other people’s couch cushions, built out of hardware nobody had to buy and goodwill nobody had to ask for.
How well does it work? The researchers who reverse-engineered the protocol also measured it (Frankfurt, 2021): an offline device carried on a 55-minute walk through the city was picked up by strangers’ devices 489 times — about once every seven seconds — while a one-hour highway drive produced just 25 sightings. Individual fixes were rough; smoothed across sightings they landed within a few dozen meters, and with a week of accumulated reports the team could place a device’s owner’s office to about five meters. The network is also unhurried by design: in those same 2021 measurements, finder phones batched their uploads, taking a median of 26 minutes to mail a sealed note — and politely stopped after four reports for the same beacon, to save everyone’s batteries.
An AirTag, by the way, is literally this same trick packed into a coin-battery puck: no GPS, no internet, just the whisper and the crowd. That’s why a $29 disc can “track” your luggage across an ocean — it isn’t tracking anything. The world’s iPhones are. (Finding happens in two stages: the crowd network gets you to the right block, and then the Ultra Wideband radio takes over for the last few meters, drawing you an on-screen arrow to the exact couch cushion. The second-generation AirTag, January 2026, stretched that arrow range — per Apple, up to half again farther.)
Watch the whole pipeline run. The simulation below is a cartoon city: one lost phone, some foot traffic, Apple’s mailroom on the right. Crank the traffic, toggle the Faraday bag, and watch what reaches the map — and what never exists in the first place.
The search party, simulated
InteractiveThe simulator needs JavaScript. The prose above tells the same story: whisper → passerby → sealed note → your map.
Cartoon physics: the whisper’s reach (the purple ring) is roughly 10–30 m in the real world, and the real network is far less punctual — finder phones batch their uploads (a median lag of 26 minutes in the 2021 measurements). Notice the bottleneck — no passerby, no report. And notice what Apple’s column never contains: a location it can read.
Part three
Why only you can read it: three locks, stacked
Everything so far would be a privacy disaster without the cryptography. A network of devices reporting other devices’ positions to a central server is, on its face, a global surveillance machine. What makes it not one is three locks stacked on top of each other.
Lock one: the padlock that snaps shut
The beacon broadcasts a public key — the “open padlock.” Anyone can use a public key to encrypt a message; that’s like snapping the padlock shut over a note. But snapping it shut doesn’t let you reopen it. Opening takes the matching private key, which never leaves your keyring: it lives on your devices, synced between them through iCloud Keychain, which is itself end-to-end encrypted. Apple warehouses millions of sealed notes while holding zero keys.
Etymology bonus: “cryptography” is Greek kryptós + gráphein — literally “hidden writing.” The Find My twist is that the writers themselves (the strangers sealing notes) can’t read what they wrote.
Don’t take the padlock metaphor on faith. Your browser ships the same family of mathematics (elliptic-curve cryptography in WebCrypto), so the demo below performs the actual ritual: generate a keyring, seal a location report as a stranger would, peek at what Apple holds, then try to open it twice — once without the private key, once with it.
Seal a location report — with real cryptography
Live demoThis demo runs real elliptic-curve cryptography via your browser’s WebCrypto API, so it needs JavaScript.
Your phone makes a keyring
One keypair, made on-device. The public half will be whispered to the world; the private half stays home.
A stranger seals a note
Their phone hears the public key, notes where it is, and encrypts. Pick the spot where the “stranger” walks past:
What Apple receives
A scrambled filing label (a hash of the padlock) and the sealed note. Nothing else.
You fetch and unlock
Your Mac computes its own labels, asks for matching notes, and opens them locally with the private key.
Honest footnote: Apple uses curve P-224 with an X9.63 key-derivation step; browsers expose P-256 with HKDF, so that’s what runs here. Same shape, same guarantee: sealing requires no secret, opening requires yours. The real sealed note is exactly 88 bytes: a 4-byte timestamp (counted from January 1, 2001 — Apple’s own epoch), 1 byte of confidence, a 57-byte throwaway public key, the 10-byte encrypted location (latitude, longitude, accuracy, status), and a 16-byte integrity tag.
Lock two: a stranger every fifteen minutes
One padlock forever would be its own kind of leak. The broadcast itself contains no name — but a stable anonymous ID is a tracking cookie for the physical world. Sit outside a café with a Bluetooth sniffer two days in a row and you’d learn who comes back.
So the padlock changes, roughly every 15 minutes, following that schedule the phone pre-computed before shutting down. To anyone sniffing the airwaves, your phone looks like a brand-new stranger every quarter hour. But your other devices hold the original seed, can regenerate the entire schedule, and recognize every identity on it as “mine.” One secret, two completely different experiences of the same radio traffic:
One seed, two views of the airwaves
InteractiveThis visualizer derives beacon identities live (SHA-256 in your browser), so it needs JavaScript.
…
…
Sniffer in the café sees unrelated strangers
Your Mac holds the seed — recognizes everything
Simplified on purpose: real derivation uses an ANSI X9.63 KDF and elliptic-curve math, not bare SHA-256 — but the principle is identical. Shared seed in, same schedule out; no seed, no pattern. (AirTags away from their owner slow rotation to once every 24 hours — a deliberate trade-off we’ll hit in the anti-stalking section.)
Lock three: filing without names
Last gap to close: even sealed notes could leak something if they were filed under “Jerry’s iPhone.” They aren’t. Finder devices upload reports indexed by a hash of the padlock — a scrambled label like #a93f… that reveals nothing about the key it came from. Apple ends up warehousing millions of sealed notes under random-looking labels, with no column anywhere mapping labels to people.
When you open Find My, your device regenerates its own schedule of padlocks, hashes each one into the matching labels, requests exactly those, and decrypts what comes back — locally, on your hardware. Apple answers the request the way a coat-check answers a ticket: by number, no questions asked, no idea whose coat it is.
Interlude
Anatomy of a whisper
Security researchers reverse-engineered the actual radio packet years ago (the OpenHaystack project at TU Darmstadt got far enough to build their own trackers that ride Apple’s network — and Apple’s security guide later confirmed their layout). The whisper is a standard BLE advertisement, 37 bytes of air time, and it’s a beautiful piece of bit-packing. Apple picked the unusual P-224 curve over the more common P-256 for exactly one reason: a 28-byte key is the largest that can be squeezed into a single Bluetooth advertisement. Even then it doesn’t fit in the payload alone — so it overflows into the radio’s own address field. The phone literally wears its current padlock as its MAC address.
Tap any byte:
The 37 bytes of “findable”
InteractiveThe byte inspector needs JavaScript. Summary: 6 address bytes and 22 payload bytes carry the 28-byte public key; the rest is framing, a status byte, and two spare bits.
Bluetooth address — 6 bytes
Advertisement payload — 31 bytes
Every two seconds, this entire structure goes out into the air — and means nothing to anyone without the seed.
Layout per the published reverse engineering (OpenHaystack, “Who Can Find My Devices?”). Example bytes shown; the key bytes change with every rotation.
The scorecard
Who knows what
The neat thing about this design is that you can audit it party by party. Everyone in the pipeline is missing the piece that would make them dangerous:
Your off iPhone
Knows
- Nothing. It only whispers a schedule it was handed.
Doesn’t know
- Even its own location — GPS is off, and nobody tells it.
- Whether anyone heard it at all.
The passerby’s iPhone
Knows
- It heard some rotating ID at its own location.
Doesn’t know
- Whose device it heard — the ID is anonymous and expires in minutes.
- That anything happened: its human is never notified.
- What the sealed note says — it can’t reopen its own padlock.
Apple
Knows
- It holds encrypted blobs filed under scrambled labels.
- Standard server metadata (which IP uploaded, when).
Doesn’t know
- The locations — it holds no decryption keys.
- Which labels belong to which person or device.
You
Knows
- Decrypted pins on a map — the only readable copy anywhere.
Doesn’t know
- Who relayed the reports. The kindness is anonymous in both directions.
Fine print
Honest limits
Every elegant system earns the right to its caveats. Here are Find My’s:
- Hardware and software floors. Findable-after-power-off needs iOS 15 or later on an Ultra Wideband-equipped iPhone — the 11 and onward, excluding the SE models and their budget “e” descendants. The gate is a product-line decision more than a silicon one: researchers found the 2020 iPhone SE carries the identical Bluetooth chip as the iPhone 11; Apple just never shipped it the low-power firmware. Findability-while-off is a firmware privilege, not a hardware fact.
- The crowd has to show up. Bluetooth reaches roughly 10–30 meters, and an Apple device has to wander through that bubble. Remember the field numbers: a sighting every ~7 seconds downtown, 25 in an hour of highway. Great odds in a city; long odds on a remote trailhead at midnight.
- The clock runs out. ~24 hours after a deliberate power-off, ~5 hours of Power Reserve after a dead battery — then it’s last-known-location only (the app keeps showing that final pin for up to a week, labeled accordingly).
- Physics wins. A proper Faraday bag — conductive fabric, a few dollars — silences the whisper completely, and the map simply freezes at wherever the device was bagged. One buyer-beware: field testing cited by NIST found most consumer shielding pouches failed to block every signal, and hobbyist tests show cheap ones leaking the very 2.4 GHz band this beacon uses. Thieves know all of this, which is why “wrap it in foil” appears in every phone-theft forum.
- It’s your choice. Everything here is opt-out: you can disable the Find My network entirely (Settings → your name → Find My), or decline findability for a single shutdown from the power-off screen — tap the findable notice, then “Temporarily Turn Off Finding.” Since iOS 15.3 that tap demands your passcode, which is the quiet tell about who Apple expected to be doing the tapping.
And sometimes the limits all show up in one story. When a door plug blew out of Alaska Airlines flight 1282 in January 2024, an iPhone was sucked out of the cabin and fell 16,000 feet. It was recovered two days later — under a roadside bush, screen intact, half its battery left, still showing the owner’s baggage receipt. What found it wasn’t the network; it was a volunteer combing the debris field. A phone in a bush beside a quiet road is exactly the place a billion-device crowd is thinnest.
The hard part
The dark side, and the arms race
A network that can find your lost keys can find a person. The whole tension fits in one 48-hour stretch: on May 1, 2023, New York’s mayor and the NYPD announced a giveaway of 500 free AirTags so Bronx residents could track stolen cars. The next day, Apple and Google jointly announced a specification to stop AirTags from tracking people. Same device, hero and menace, one day apart.
The menace was real. In January 2022, a model named Brooks Nader was followed through Manhattan for five hours by an AirTag someone had slipped into her coat — she’d never heard of AirTags until her iPhone finally spoke up. When Motherboard pulled eight months of police records from just eight departments that spring, it found 150 reports mentioning AirTags; in 50 of them, women reported being tracked by a tag that wasn’t theirs. The device was small, cheap, and rode a finding network better than anything stalkers had ever had access to. Apple had anticipated some of this. Not enough.
What followed was an arms race run in the open — a shipped system getting patched under public pressure:
- Noise, sooner. At launch, an AirTag away from its owner stayed silent for three days before beeping. A June 2021 firmware update cut that to a random window of 8–24 hours; later updates made the alert tone louder and easier to locate.
- Alerts, faster. iPhones warn when an unknown AirTag travels with you; in February 2022 Apple publicly committed to tightening the whole alert pipeline, displaying warnings earlier, and letting victims home in on a hidden tag with the same Ultra Wideband precision arrow used for your own keys (shipped late 2022).
- Help for the other half of the phone world. Apple shipped Tracker Detect for Android in December 2021 — a manual scanner, far weaker than the iPhone’s automatic alerts, and criticized for exactly that. Google’s automatic unknown-tracker alerts arrived across Android in July 2023.
- A built-in forensic trail. Tap any NFC-capable phone to a found AirTag and it serves up its serial number and the last four digits of the owner’s phone number — and with legal process, Apple hands law enforcement the registered owner. People assume anonymous tracking; AirTag stalking has produced convictions, including an 18-year sentence in the first widely reported killing tied to one.
Then the twist: Apple and Google — whose finder networks compete head-on — co-authored a cross-platform standard, Detecting Unwanted Location Trackers, so any compliant tracker, from any company, is detectable and identifiable by both iOS and Android. Version 1.0 shipped on both platforms in May 2024 (iOS 17.5, Android 6.0+), with Chipolo, eufy, Jio, Motorola, and Pebblebee committing their future tags to it. The fine print is telling, twice over. First: Samsung and Tile voiced support for the 2023 draft, then were absent from the 2024 commitment list. Second: the effort to turn the industry spec into a formal internet standard has stalled — the IETF working group (co-chaired, remarkably, by an advocate from the National Network to End Domestic Violence) has published no RFC, and as of mid-2026 only its threat-model draft is still alive. The spec works; the standardization is homework still owed.
The network itself has taken fire, too — researchers treat Find My as terrain now. The 2021 reverse-engineering found macOS caching beacon keys in cleartext, where any local app could read a week of your movements (patched, CVE-2020-9986). The same year, others showed the network could be hijacked as a free, slow data channel for arbitrary bytes — about three per second (“Send My”). A 2022 follow-up noted the Bluetooth firmware that runs while an iPhone is “off” is neither signed nor encrypted, and built proof-of-concept malware for it. And in 2025, a George Mason team disclosed how to make almost any Bluetooth device trackable as a phantom AirTag (“nRootTag”); Apple, privately notified, had shipped a fix in late 2024. None of this has broken the core promise — the sealed notes stay sealed — but the edges get probed constantly, which is roughly what you want for a system this consequential: loud researchers, public patches.
The legal system is still metabolizing all of it. A class action filed in late 2022 (Hughes v. Apple) accused the AirTag of being “the weapon of choice of stalkers”; in March 2026 the judge denied class certification — each stalking too individual to aggregate — converting it into 30-plus separate suits. Court filings in that litigation assert Apple logged more than 40,000 unwanted-tracking reports in the product’s first three years; treat the number as a plaintiff’s claim, but even a fraction of it would justify the arms race above. Meanwhile, states have moved: Florida made hiding a tracker on someone a felony in 2024, after a hidden-AirTag case ended in a $276 fine.
If you ever get an unknown-tracker alert: make the tag play its sound, tap it with your phone to read its serial number (any NFC phone can), photograph everything, and if you feel unsafe, involve police before disabling it — the serial plus legal process is how owners get identified.
How we got here
A brief history of finding things
Find My didn’t arrive fully formed. It’s seventeen years of compound interest on one idea — your stuff should be able to tell you where it is — with the crowd-sourcing twist arriving surprisingly late:
-
June 2009
Find My iPhone — a $99/year luxury
Launches with iPhone OS 3.0 as a MobileMe subscriber perk: see your (online) phone on a map, make it beep, wipe it remotely. Requires the phone to be on, connected, and reachable.
-
2010–11
Free for everyone
Free on the newest devices with iOS 4.2 (November 2010), then free for all with iCloud’s launch on October 12, 2011 — the same day Find My Friends and Find My Mac both shipped. Apple announced that triple milestone on October 4, the day before it lost Steve Jobs.
-
2013
Activation Lock
iOS 7 ties a stolen iPhone to its owner’s Apple ID, surviving even a full wipe. Within twelve months, prosecutors reported iPhone theft down 25% in New York, 40% in San Francisco, and 50% in London — arguably the most effective anti-crime software feature ever shipped.
-
2014
Send Last Location
iOS 8 adds the obvious-in-hindsight feature: battery about to die? Phone home first.
-
2019
The merger — and the crowd
At WWDC, “Find My iPhone” and “Find My Friends” fuse into “Find My,” and the offline-finding network debuts with iOS 13: devices with no connection become findable through passing strangers, end-to-end encrypted. The architecture this whole post describes ships here, on by default.
-
2021
AirTag, third parties, and power-off finding
April: the network opens to accessories (an e-bike, earbuds, and a key fob first), and the $29 AirTag gives it a mascot. September: iOS 15 keeps UWB-equipped iPhones whispering for 24 hours after shutdown. December: Tracker Detect arrives for Android as the stalking problem becomes undeniable.
-
2022
The luggage year
Lufthansa bans AirTags in checked bags in October, citing lithium-battery rules an AirTag’s coin cell undershoots by an order of magnitude; German regulators disagree and the ban lasts roughly three days. In December, Southwest cancels ~16,900 holiday flights, and AirTagged passengers watch their “in transit” bags sit motionless in specific airport corners — the airline later eats a $140 million fine. Emergency SOS via satellite ships for off-grid iPhones.
-
2023
Finding goes to court — and to the bottom of the ocean
One passenger’s AirTag live-tweets her “securely stored” United bag visiting a McDonald’s (six million views); a Toronto man watches his stolen GMC Yukon ride a shipping container to Dubai, narrated entirely by hidden AirTags. iOS 17 finally lets families share an AirTag.
-
2024
The safety standard — and real competition
May 13: the Apple–Google unwanted-tracker spec ships on both platforms, weeks after Google relaunches its own billion-device Find My Device network with powered-off finding on Pixels. December: iOS 18.2’s Share Item Location hands airlines a live link to your lost bag. Finding networks become an ecosystem.
-
2025
Filling in the map
The Find My network reaches South Korea — its last major holdout — in April; Google rebrands its network “Find Hub”; Apple Watch Ultra 3 sends Find My locations via satellite from the wrist.
-
2026
AirTag 2 — and finding as infrastructure
January: the second-generation AirTag arrives at the same $29 — Precision Finding reaching (per Apple) up to 50% farther, a markedly louder speaker that’s physically harder to silence, Apple Watch as a finding compass. Apple says 50+ airlines now accept shared AirTag locations; the industry’s lost-bag system reports tagged bags are 90% less likely to stay lost. Seventeen years from “where’s my phone?” to baggage-handling infrastructure.
The neighbors
The other networks
Apple’s design is no longer unique — it’s the reference point everyone else gets measured against. The interesting differences are philosophical:
| Network | Scale | Participation | Privacy design | Findable when powered off? |
|---|---|---|---|---|
| Apple Find My | 1B+ finder devices | On by default; opt out | Per-report end-to-end encryption; 15-minute rotating IDs; hash-indexed storage | Yes — UWB iPhones (11+), ~24 h |
| Google Find Hub (né Find My Device, relaunched 2024) | 1B+ Android devices | Auto-enrolled with notice; opt out per device | End-to-end encrypted, key gated by your lock-screen PIN — plus aggregation: by default, busy-places-only, and you see an average of several strangers’ sightings, blurred to a few hundred meters | Yes — Pixel 8 and later, “several hours” |
| Samsung SmartThings Find | 300M+ opted-in Galaxy devices (2023 figure) | Opt-in on setup | Encrypted reports within Samsung’s ecosystem; Galaxy-only tags | No |
| Tile (Life360) | 40M+ tags sold; finders are only phones running the app | App must be installed | Server-side trust: 2025 research found static identifiers and reports Tile’s own servers can read; paid “anti-theft mode” hides tags from safety scans, backed by ID checks and a $1M contractual penalty | No |
The Google comparison is the sharpest. Both companies encrypt locations end-to-end; the difference is what they’re willing to report at all. Apple reports from anywhere a single finder exists and leans entirely on cryptography for safety. Google’s default adds a second layer of caution — aggregate several sightings in a busy place, or stay silent — trading recovery odds in quiet places for a smaller surveillance surface. When researchers ran the two head-to-head in 2025, the trade was plain in the data: Apple’s network returned five to six times more location reports at roughly twice the accuracy, while Google’s reports arrived about sixteen times faster — and the same study noted that Google’s rate limiting and throttling “actively weaken their network’s performance but also result in a weaker incentive for misuse.” A finder network hobbled on purpose is a legitimate design position. So is Apple’s. Privacy design rarely becomes a competitive axis you can benchmark; here it has.
The trade shows up exactly where you’d predict: in dense cities both networks find things fast; on an empty rural road, an AirTag usually phones home and the aggregating competitor more often doesn’t. A 29-country volunteer study put it bluntly: companion-device density is the primary determinant of tag performance, overshadowing the technology differences. In finder networks, the install base is the technology.
Two footnotes for the connoisseurs. Google’s Pixel powered-off finding uses the same message-in-a-bottle trick as Apple’s: precomputed beacon keys handed to the Bluetooth chip before the lights go out. And Amazon runs an adjacent network with none of this subtlety — Sidewalk, which quietly turned millions of Echo speakers and Ring cameras into a default-on neighborhood radio network covering most of the U.S. population. Different goals, same lesson: the network you’re not thinking about is the one worth reading the settings page for.
Corrections department
Myths, gently busted
- “Powering off makes me untrackable.” Not for the first ~24 hours on a modern iPhone — that’s this whole post. (You can make it true: tap the findable notice on the power-off screen, or use a Faraday bag.)
- “Apple can see where my phone is.” Apple stores sealed notes it cannot open; the crowd-sourced map exists only on your devices. The one exception is narrow: when an online device reports itself at your request, that fix passes through Apple’s servers — kept up to 24 hours, Apple says, then deleted. What remains visible to Apple either way is ordinary account metadata.
- “AirTags have GPS.” No GPS, no internet. An AirTag is a Bluetooth whisperer with a year-long battery; every location it ever “produces” was computed by someone else’s phone.
- “The stranger whose phone relayed my location could check it out.” Their phone never shows anything, and the note it sealed can’t be opened by them — or anyone but you.
- “Pulling the SIM stops Find My.” The whisper doesn’t use cellular at all. SIM-out, airplane mode — the BLE beacon doesn’t care.
- “Relaying must be draining everyone’s batteries.” The listening is the same low-power scanning phones already do constantly; a relay is one batched HTTPS request carrying an 88-byte note, and in 2021 measurements each finder stopped after four reports per beacon anyway. You will never notice the favor you’re doing several strangers a day.
- “A thief can just wipe it and sell it.” Activation Lock survives a wipe: the phone demands the original owner’s Apple Account before it’s usable again — and since iOS 15, an erased, locked iPhone keeps reporting itself to Find My. The lock works so well that the current criminal workaround is phishing: “we found your lost iPhone, click here” texts exist precisely because there’s no technical bypass left to sell.
Quick answers
What does an off-but-findable iPhone look like in the app?
It still shows on the map with a recent location and timestamp, rather than freezing at the moment it powered down — the pin keeps updating as strangers walk past it. Once the window expires (or no finder ever passes by), you get the last known location, which the app keeps showing for up to seven days; after that, “No location found.” Turn on “Notify When Found” and you’ll get pinged the moment a passerby’s phone hears it again.
Does it work in airplane mode?
Generally yes — airplane mode kills cellular and (by default) leaves Bluetooth alone, and the Find My beacon rides Bluetooth. Even toggling Bluetooth “off” in Control Center doesn’t fully power the radio down. Truly silencing a modern iPhone takes Settings-level Bluetooth shutdown, declining findability at power-off, or a Faraday bag.
Can police make Apple decrypt a location?
For the end-to-end encrypted crowd reports: no — Apple holds no keys, so there’s nothing to compel. Apple’s own published law-enforcement guidelines say it plainly: Apple “does not have GPS information for a specific device.” What legal process can get is account-level metadata (about 30 days of Find My connection logs), and — for an AirTag — the registered owner behind a serial number. That last one is by design, and it’s how AirTag stalkers get caught.
Can Android phones help find my AirTag?
No — and this one surprises people. The Apple–Google joint spec covers cross-platform detection (an Android phone will warn its owner about an unknown AirTag traveling with them, and vice versa), not cross-platform finding. Android phones never relay AirTag locations to Apple, and Apple devices never relay Google-network tags. The search parties are separate; only the burglar alarms are shared.
Does my phone relay for strangers even if my own Find My is off?
The “Find My network” toggle (Settings → your name → Find My) controls both directions of crowd participation on your device. Turn it off and your devices neither benefit from nor contribute to the crowd. Leaving it on is what keeps the search party staffed.
Why didn’t my dead iPhone show up at all?
Check the floors: it needs iPhone 11 or later on iOS 15+, the windows are ~24 h (powered off) and ~5 h (dead battery), and somebody with an Apple device has to pass within Bluetooth range. A phone dead for two days in a low-traffic place will show last known location only.
Is my iPad / Mac / Apple Watch findable when off too?
The after-power-off trick is specifically an iPhone feature (UWB models, 11 and later). Other Apple devices are findable through the network while they have power — a sleeping MacBook in a stolen backpack is very findable — but once fully off, they go quiet. As finders, though, iPhones, iPads, and Macs all listen and relay for everyone else.
Closing the loop
The elegant part
Step back far enough and the design inverts how tracking networks are supposed to work:
- The phone being found doesn’t know where it is.
- The phones doing the finding don’t know what they found.
- The company storing the answers can’t read them.
- And the one party who can — you — never learns who helped.
Every party is blind to exactly the thing that would make them dangerous, and the system still works. That’s not an accident of implementation; it’s the specification. It’s what you get when someone asks “what’s the most useful thing we can build where even we can’t abuse it?” — and then actually ships the answer to a couple billion pockets.
The next time someone tells you privacy and functionality are opposites, you have a counterexample lying in a parking lot somewhere, whispering into the dark every two seconds, waiting for a stranger to do it a kindness it will never be able to acknowledge.
Check yourself
Pop quiz
Six questions. If you can pass this, you understand Find My better than almost everyone who uses it.
Receipts
Sources & further reading
- Apple Platform Security Guide — Find My security: the official description of the key scheme, P-224, rotation, and end-to-end encryption.
- Apple Support — Use Find My to locate your lost Apple device or AirTag (network size, last-known-location behavior) and the iPhone User Guide (the 24-hour and 5-hour windows, in Apple’s own words).
- Heinrich, Stute, Kornhuber & Hollick (TU Darmstadt) — “Who Can Find My Devices?” (PETS 2021): the reverse engineering behind the packet layout, the 88-byte report, the Frankfurt field measurements, and CVE-2020-9986.
- Classen, Heinrich, Reith & Hollick — “Evil Never Sleeps” (WiSec 2022): how low-power mode actually works after shutdown — the 96-key schedule, the three radios that stay on, and the unsigned-firmware caveat.
- OpenHaystack — build-your-own trackers on Apple’s network, from the same lab.
- Adam Catley — AirTag reverse engineering: hardware, power budget, and the 24-hour separated-rotation detail.
- Matthew Green — “How does Apple (privately) find your offline devices?” — the canonical day-one cryptographer’s take. (“Sometimes even Lassie knows when to quit.”)
- Apple Newsroom — An update on AirTag and unwanted tracking (Feb 2022) and the joint Apple–Google alert rollout (May 2024).
- IETF — Detecting Unwanted Location Trackers working group: the standardization effort and its current status.
- Böttger, Matern, Arndt & Hollick — “Okay Google, Where’s My Tracker?” (PoPETs 2025): the reverse engineering of Google’s network and the head-to-head numbers quoted here.
- Eldridge, Beck, Green, Heninger & Jain — “Abuse-Resistant Location Tracking” (USENIX Security 2024): the academic case that the privacy-vs-detectability dial isn’t as stuck as it looks.
- Positive Security — “Find You” (the stealth-clone experiment that demonstrates the rotation loophole) and “Send My” (using the network as a ~3-byte-per-second data channel).
- Chen, Xie, Xu, Zeng & Zou (George Mason) — “Tracking You from a Thousand Miles Away!” (USENIX Security 2025): the nRootTag attack.
- Apple — Legal Process Guidelines (U.S.): what law enforcement can and cannot get.
- VICE/Motherboard — police-records investigation of AirTag stalking (April 2022).
- Apple Newsroom — the second-generation AirTag (January 2026), and SITA’s baggage-recovery findings.
- TidBITS — the June 2009 launch coverage, for the historians.
This post grew from a note in my files. Research, illustrations, and the interactive demos were built with Claude. The demos run entirely in your browser — this page loads no analytics and phones home to no one, which felt like the only honest way to publish a piece about surveillance-resistant design.