How a “Dead” iPhone Still Shows Up in Find My

Slide to power off, or let the battery run dry — your iPhone keeps whispering. Strangers’ devices carry that whisper home, sealed so tightly that not even Apple can open it. A field guide to the cleverest protocol in your pocket, with working demos.

Jerry Shudy June 12, 2026 ~25 minute read Interactive — best with JavaScript on
yours — powered off a stranger passing by Apple’s servers — sealed notes your Mac — pin on a map
Contents
  1. The short version
  2. Off isn’t off
  3. A planet-wide search party
  4. Why only you can read it
  5. Anatomy of a whisper
  6. Who knows what
  7. Honest limits
  8. The dark side, and the arms race
  9. A brief history of finding things
  10. The other networks
  11. Myths and FAQs
  12. The elegant part
  13. Pop quiz
  14. Sources & further reading

The short version

Your iPhone never truly goes silent

When you power off an iPhone — or when the battery gives out — a few microscopic circuits stay awake on a trickle of leftover battery and whisper a Bluetooth signal every couple of seconds. Strangers’ iPhones passing by hear that whisper, quietly attach their own location to it, lock the note cryptographically, and mail it to Apple. Only your devices hold the keys that can unlock those notes.

One reframe up front, because it cuts through most of the confusion: every Apple device on Earth can physically hear the signal — that’s the whole point. What only your registered devices can do is make sense of it. The broadcast is gibberish to everyone else, including the strangers who relay it and the company that stores it.

That single design choice — separating hearing from understanding — is what the rest of this post unpacks. We’ll go from the microwatt electronics that keep a “dead” phone whispering, through the crowd of devices that do the actual finding, into the three-layer cryptography that keeps the whole thing private, and back out to the messy real world: stalkers, standards bodies, rival networks, and checked luggage.

Try things as you go This page has working models you can poke: a relay-network simulator, a live encryption demo running real cryptography in your browser, a key-rotation visualizer, and a byte-by-byte tour of the actual radio packet. They’re cartoons of the real system, but honest cartoons.

Part one

Off isn’t off: the microwatt afterlife

On most iPhones since 2019’s iPhone 11 — Apple gates the feature to the model lines with an Ultra Wideband chip, so the budget SE-class phones sit it out — the power-off screen says something easy to miss: “iPhone Findable After Power Off” (the exact wording drifts a little between iOS versions). Slide anyway, and the screen goes black, the main processor halts, cellular and Wi-Fi radios die. But “off” is really an ultra-deep sleep. A dedicated power-management chip keeps three thrifty circuits alive: the Bluetooth Low Energy (BLE) radio, the NFC chip with its secure element, and the Ultra Wideband radio. The whisper rides the first one.

It can afford to. BLE advertising sips power in microwatts — the same league as a quartz wristwatch that runs for years on a coin cell. Against a smartphone battery, even a nearly empty one, that’s practically nothing. The clock in your car works the same way: it keeps perfect time for months with the engine off, because a tiny circuit with one job costs almost nothing to run.

Three details make the trick work:

And the “dead” phone will even admit to all this, if you ask: press the side button on an iPhone in Power Reserve and the screen flickers on for a few seconds — a low-battery icon, plus small print listing what’s still running. The corpse twitches, tells you it remains findable, and goes back to sleep.

“off” Screen dark — the part you notice Main processor halted — no apps, no iOS Cellular & Wi-Fi powered down — watts-class radios GPS off — the phone can’t know where it is NFC secure element live — Express transit (dead battery) Ultra Wideband awake — the last-few-meters arrow Bluetooth LE awake — whispering every ~2 s
The power-off audit: everything expensive dies; three thrifty circuits keep their jobs.

Just how cheap is a whisper?

Cheap enough that the limiting factor isn’t energy — it’s policy. Play with the arithmetic yourself: pick an energy source, pick a load, and see how long it would run. The point isn’t the exact figures (they’re order-of-magnitude estimates); it’s the absurd gap between what a screen costs and what a whisper costs.

The microwatt economy

Interactive

This calculator needs JavaScript — without it, trust the prose: a BLE beacon could run for years on the reserve your iPhone banks at shutdown.

Energy source

What it’s powering

Pick a source and a load.
0

Ballpark figures for intuition, not datasheet values (anchor point: Apple rates an AirTag’s ~0.7 Wh coin cell for over a year of beaconing). The real after-power-off window is capped at ~24 hours by the 96-key schedule, not the battery — a phone that whispered for months would be a stalker’s dream.

Part two

A planet-wide search party you never see

Here’s the twist that surprises most people: your off iPhone never figures out where it is. GPS is dark. There’s no internet connection. The whisper it broadcasts contains no location, no name, no serial number — it’s essentially an open padlock, tossed into the air over and over, about every two seconds.

Passing Apple devices do the rest. A stranger’s iPhone hears the padlock, checks its own location, writes a note — “heard this padlock, here, at this time” — snaps the padlock shut over the note, and mails the sealed result to Apple’s servers. The stranger’s phone does this silently, in the background, without its owner ever knowing. The entire sealed report is 88 bytes — your phone donates less data doing a stranger this favor than it spends loading a favicon. Craig Federighi’s line when he announced the system in 2019 still holds: “just tiny bits of data that piggyback on existing network traffic.”

Multiply by the installed base — Apple says over a billion devices participate, drawn from an active fleet that crossed 2.5 billion in early 2026 — and you get a passive, planet-wide search party that works in subway tunnels, parking garages, and other people’s couch cushions, built out of hardware nobody had to buy and goodwill nobody had to ask for.

How well does it work? The researchers who reverse-engineered the protocol also measured it (Frankfurt, 2021): an offline device carried on a 55-minute walk through the city was picked up by strangers’ devices 489 times — about once every seven seconds — while a one-hour highway drive produced just 25 sightings. Individual fixes were rough; smoothed across sightings they landed within a few dozen meters, and with a week of accumulated reports the team could place a device’s owner’s office to about five meters. The network is also unhurried by design: in those same 2021 measurements, finder phones batched their uploads, taking a median of 26 minutes to mail a sealed note — and politely stopped after four reports for the same beacon, to save everyone’s batteries.

Your iPhone (off) whispers an open padlock over BLE 🔓 no location inside ~2 s beat Stranger’s iPhone adds its own GPS fix, snaps the padlock shut 🔒 sealed note HTTPS Apple’s servers file sealed notes under scrambled labels 🔒🔒🔒 can’t open them Your Mac has the keys unlocks notes 📍 pin
Four parties, one secret. The padlock is open for anyone to close — and closed for everyone but you to open.

An AirTag, by the way, is literally this same trick packed into a coin-battery puck: no GPS, no internet, just the whisper and the crowd. That’s why a $29 disc can “track” your luggage across an ocean — it isn’t tracking anything. The world’s iPhones are. (Finding happens in two stages: the crowd network gets you to the right block, and then the Ultra Wideband radio takes over for the last few meters, drawing you an on-screen arrow to the exact couch cushion. The second-generation AirTag, January 2026, stretched that arrow range — per Apple, up to half again farther.)

Watch the whole pipeline run. The simulation below is a cartoon city: one lost phone, some foot traffic, Apple’s mailroom on the right. Crank the traffic, toggle the Faraday bag, and watch what reaches the map — and what never exists in the first place.

The search party, simulated

Interactive

The simulator needs JavaScript. The prose above tells the same story: whisper → passerby → sealed note → your map.

7
Speed
Whispers sent0
Heard by passersby0
Sealed notes at Apple0
Pins only you see0

Cartoon physics: the whisper’s reach (the purple ring) is roughly 10–30 m in the real world, and the real network is far less punctual — finder phones batch their uploads (a median lag of 26 minutes in the 2021 measurements). Notice the bottleneck — no passerby, no report. And notice what Apple’s column never contains: a location it can read.

Part three

Why only you can read it: three locks, stacked

Everything so far would be a privacy disaster without the cryptography. A network of devices reporting other devices’ positions to a central server is, on its face, a global surveillance machine. What makes it not one is three locks stacked on top of each other.

One-way locks anyone can close, only you can open Rotating identities a fresh padlock every ~15 minutes #a93f… Blind filing stored under scrambled labels, not names
Lock one keeps the contents secret. Lock two keeps the broadcaster unfollowable. Lock three keeps the filing cabinet anonymous.

Lock one: the padlock that snaps shut

The beacon broadcasts a public key — the “open padlock.” Anyone can use a public key to encrypt a message; that’s like snapping the padlock shut over a note. But snapping it shut doesn’t let you reopen it. Opening takes the matching private key, which never leaves your keyring: it lives on your devices, synced between them through iCloud Keychain, which is itself end-to-end encrypted. Apple warehouses millions of sealed notes while holding zero keys.

Etymology bonus: “cryptography” is Greek kryptós + gráphein — literally “hidden writing.” The Find My twist is that the writers themselves (the strangers sealing notes) can’t read what they wrote.

Don’t take the padlock metaphor on faith. Your browser ships the same family of mathematics (elliptic-curve cryptography in WebCrypto), so the demo below performs the actual ritual: generate a keyring, seal a location report as a stranger would, peek at what Apple holds, then try to open it twice — once without the private key, once with it.

Seal a location report — with real cryptography

Live demo

This demo runs real elliptic-curve cryptography via your browser’s WebCrypto API, so it needs JavaScript.

Your phone makes a keyring

One keypair, made on-device. The public half will be whispered to the world; the private half stays home.

A stranger seals a note

Their phone hears the public key, notes where it is, and encrypts. Pick the spot where the “stranger” walks past:

What Apple receives

A scrambled filing label (a hash of the padlock) and the sealed note. Nothing else.

You fetch and unlock

Your Mac computes its own labels, asks for matching notes, and opens them locally with the private key.

Honest footnote: Apple uses curve P-224 with an X9.63 key-derivation step; browsers expose P-256 with HKDF, so that’s what runs here. Same shape, same guarantee: sealing requires no secret, opening requires yours. The real sealed note is exactly 88 bytes: a 4-byte timestamp (counted from January 1, 2001 — Apple’s own epoch), 1 byte of confidence, a 57-byte throwaway public key, the 10-byte encrypted location (latitude, longitude, accuracy, status), and a 16-byte integrity tag.

Lock two: a stranger every fifteen minutes

One padlock forever would be its own kind of leak. The broadcast itself contains no name — but a stable anonymous ID is a tracking cookie for the physical world. Sit outside a café with a Bluetooth sniffer two days in a row and you’d learn who comes back.

So the padlock changes, roughly every 15 minutes, following that schedule the phone pre-computed before shutting down. To anyone sniffing the airwaves, your phone looks like a brand-new stranger every quarter hour. But your other devices hold the original seed, can regenerate the entire schedule, and recognize every identity on it as “mine.” One secret, two completely different experiences of the same radio traffic:

One seed, two views of the airwaves

Interactive

This visualizer derives beacon identities live (SHA-256 in your browser), so it needs JavaScript.

12:00 now broadcasting:
seed:

Sniffer in the café sees unrelated strangers

    Your Mac holds the seed — recognizes everything

      Simplified on purpose: real derivation uses an ANSI X9.63 KDF and elliptic-curve math, not bare SHA-256 — but the principle is identical. Shared seed in, same schedule out; no seed, no pattern. (AirTags away from their owner slow rotation to once every 24 hours — a deliberate trade-off we’ll hit in the anti-stalking section.)

      Lock three: filing without names

      Last gap to close: even sealed notes could leak something if they were filed under “Jerry’s iPhone.” They aren’t. Finder devices upload reports indexed by a hash of the padlock — a scrambled label like #a93f… that reveals nothing about the key it came from. Apple ends up warehousing millions of sealed notes under random-looking labels, with no column anywhere mapping labels to people.

      When you open Find My, your device regenerates its own schedule of padlocks, hashes each one into the matching labels, requests exactly those, and decrypts what comes back — locally, on your hardware. Apple answers the request the way a coat-check answers a ticket: by number, no questions asked, no idea whose coat it is.

      Interlude

      Anatomy of a whisper

      Security researchers reverse-engineered the actual radio packet years ago (the OpenHaystack project at TU Darmstadt got far enough to build their own trackers that ride Apple’s network — and Apple’s security guide later confirmed their layout). The whisper is a standard BLE advertisement, 37 bytes of air time, and it’s a beautiful piece of bit-packing. Apple picked the unusual P-224 curve over the more common P-256 for exactly one reason: a 28-byte key is the largest that can be squeezed into a single Bluetooth advertisement. Even then it doesn’t fit in the payload alone — so it overflows into the radio’s own address field. The phone literally wears its current padlock as its MAC address.

      Tap any byte:

      The 37 bytes of “findable”

      Interactive

      The byte inspector needs JavaScript. Summary: 6 address bytes and 22 payload bytes carry the 28-byte public key; the rest is framing, a status byte, and two spare bits.

      Bluetooth address — 6 bytes

      Advertisement payload — 31 bytes

      Pick a byte

      Every two seconds, this entire structure goes out into the air — and means nothing to anyone without the seed.

      Layout per the published reverse engineering (OpenHaystack, “Who Can Find My Devices?”). Example bytes shown; the key bytes change with every rotation.

      The scorecard

      Who knows what

      The neat thing about this design is that you can audit it party by party. Everyone in the pipeline is missing the piece that would make them dangerous:

      Your off iPhone
      Knows
      • Nothing. It only whispers a schedule it was handed.
      Doesn’t know
      • Even its own location — GPS is off, and nobody tells it.
      • Whether anyone heard it at all.
      The passerby’s iPhone
      Knows
      • It heard some rotating ID at its own location.
      Doesn’t know
      • Whose device it heard — the ID is anonymous and expires in minutes.
      • That anything happened: its human is never notified.
      • What the sealed note says — it can’t reopen its own padlock.
      Apple
      Knows
      • It holds encrypted blobs filed under scrambled labels.
      • Standard server metadata (which IP uploaded, when).
      Doesn’t know
      • The locations — it holds no decryption keys.
      • Which labels belong to which person or device.
      You
      Knows
      • Decrypted pins on a map — the only readable copy anywhere.
      Doesn’t know
      • Who relayed the reports. The kindness is anonymous in both directions.

      Fine print

      Honest limits

      Every elegant system earns the right to its caveats. Here are Find My’s:

      And sometimes the limits all show up in one story. When a door plug blew out of Alaska Airlines flight 1282 in January 2024, an iPhone was sucked out of the cabin and fell 16,000 feet. It was recovered two days later — under a roadside bush, screen intact, half its battery left, still showing the owner’s baggage receipt. What found it wasn’t the network; it was a volunteer combing the debris field. A phone in a bush beside a quiet road is exactly the place a billion-device crowd is thinnest.

      conductive fabric: the whisper stops here …silence… …silence…
      The one gadget that beats a billion-device network: a bag.

      The hard part

      The dark side, and the arms race

      A network that can find your lost keys can find a person. The whole tension fits in one 48-hour stretch: on May 1, 2023, New York’s mayor and the NYPD announced a giveaway of 500 free AirTags so Bronx residents could track stolen cars. The next day, Apple and Google jointly announced a specification to stop AirTags from tracking people. Same device, hero and menace, one day apart.

      The menace was real. In January 2022, a model named Brooks Nader was followed through Manhattan for five hours by an AirTag someone had slipped into her coat — she’d never heard of AirTags until her iPhone finally spoke up. When Motherboard pulled eight months of police records from just eight departments that spring, it found 150 reports mentioning AirTags; in 50 of them, women reported being tracked by a tag that wasn’t theirs. The device was small, cheap, and rode a finding network better than anything stalkers had ever had access to. Apple had anticipated some of this. Not enough.

      What followed was an arms race run in the open — a shipped system getting patched under public pressure:

      Then the twist: Apple and Google — whose finder networks compete head-on — co-authored a cross-platform standard, Detecting Unwanted Location Trackers, so any compliant tracker, from any company, is detectable and identifiable by both iOS and Android. Version 1.0 shipped on both platforms in May 2024 (iOS 17.5, Android 6.0+), with Chipolo, eufy, Jio, Motorola, and Pebblebee committing their future tags to it. The fine print is telling, twice over. First: Samsung and Tile voiced support for the 2023 draft, then were absent from the 2024 commitment list. Second: the effort to turn the industry spec into a formal internet standard has stalled — the IETF working group (co-chaired, remarkably, by an advocate from the National Network to End Domestic Violence) has published no RFC, and as of mid-2026 only its threat-model draft is still alive. The spec works; the standardization is homework still owed.

      The unavoidable trade-off Remember lock two — identities rotating every 15 minutes so nobody can follow you? An AirTag away from its owner slows that rotation to once every 24 hours. Why? Because a tracker that changed identities every quarter hour would look like a fresh device to a victim’s phone all day — undetectable as a follower. The DULT spec codifies the split exactly: rotate every 15 minutes near your owner (your privacy), every 24 hours when separated (your target’s defense). Privacy for the owner and detectability for the victim are the same dial turned in opposite directions, and the spec turns it toward the victim. Researchers have demonstrated the loophole from the other side — a homemade clone cycling through thousands of pre-loaded keys followed a volunteer for days without tripping any alert — and a 2024 Johns Hopkins paper argues cleverer cryptography could serve both sides at once. The tension is fundamental; the current answer is a compromise, chosen on purpose.

      The network itself has taken fire, too — researchers treat Find My as terrain now. The 2021 reverse-engineering found macOS caching beacon keys in cleartext, where any local app could read a week of your movements (patched, CVE-2020-9986). The same year, others showed the network could be hijacked as a free, slow data channel for arbitrary bytes — about three per second (“Send My”). A 2022 follow-up noted the Bluetooth firmware that runs while an iPhone is “off” is neither signed nor encrypted, and built proof-of-concept malware for it. And in 2025, a George Mason team disclosed how to make almost any Bluetooth device trackable as a phantom AirTag (“nRootTag”); Apple, privately notified, had shipped a fix in late 2024. None of this has broken the core promise — the sealed notes stay sealed — but the edges get probed constantly, which is roughly what you want for a system this consequential: loud researchers, public patches.

      The legal system is still metabolizing all of it. A class action filed in late 2022 (Hughes v. Apple) accused the AirTag of being “the weapon of choice of stalkers”; in March 2026 the judge denied class certification — each stalking too individual to aggregate — converting it into 30-plus separate suits. Court filings in that litigation assert Apple logged more than 40,000 unwanted-tracking reports in the product’s first three years; treat the number as a plaintiff’s claim, but even a fraction of it would justify the arms race above. Meanwhile, states have moved: Florida made hiding a tracker on someone a felony in 2024, after a hidden-AirTag case ended in a $276 fine.

      If you ever get an unknown-tracker alert: make the tag play its sound, tap it with your phone to read its serial number (any NFC phone can), photograph everything, and if you feel unsafe, involve police before disabling it — the serial plus legal process is how owners get identified.

      How we got here

      A brief history of finding things

      Find My didn’t arrive fully formed. It’s seventeen years of compound interest on one idea — your stuff should be able to tell you where it is — with the crowd-sourcing twist arriving surprisingly late:

      1. June 2009

        Find My iPhone — a $99/year luxury

        Launches with iPhone OS 3.0 as a MobileMe subscriber perk: see your (online) phone on a map, make it beep, wipe it remotely. Requires the phone to be on, connected, and reachable.

      2. 2010–11

        Free for everyone

        Free on the newest devices with iOS 4.2 (November 2010), then free for all with iCloud’s launch on October 12, 2011 — the same day Find My Friends and Find My Mac both shipped. Apple announced that triple milestone on October 4, the day before it lost Steve Jobs.

      3. 2013

        Activation Lock

        iOS 7 ties a stolen iPhone to its owner’s Apple ID, surviving even a full wipe. Within twelve months, prosecutors reported iPhone theft down 25% in New York, 40% in San Francisco, and 50% in London — arguably the most effective anti-crime software feature ever shipped.

      4. 2014

        Send Last Location

        iOS 8 adds the obvious-in-hindsight feature: battery about to die? Phone home first.

      5. 2019

        The merger — and the crowd

        At WWDC, “Find My iPhone” and “Find My Friends” fuse into “Find My,” and the offline-finding network debuts with iOS 13: devices with no connection become findable through passing strangers, end-to-end encrypted. The architecture this whole post describes ships here, on by default.

      6. 2021

        AirTag, third parties, and power-off finding

        April: the network opens to accessories (an e-bike, earbuds, and a key fob first), and the $29 AirTag gives it a mascot. September: iOS 15 keeps UWB-equipped iPhones whispering for 24 hours after shutdown. December: Tracker Detect arrives for Android as the stalking problem becomes undeniable.

      7. 2022

        The luggage year

        Lufthansa bans AirTags in checked bags in October, citing lithium-battery rules an AirTag’s coin cell undershoots by an order of magnitude; German regulators disagree and the ban lasts roughly three days. In December, Southwest cancels ~16,900 holiday flights, and AirTagged passengers watch their “in transit” bags sit motionless in specific airport corners — the airline later eats a $140 million fine. Emergency SOS via satellite ships for off-grid iPhones.

      8. 2023

        Finding goes to court — and to the bottom of the ocean

        One passenger’s AirTag live-tweets her “securely stored” United bag visiting a McDonald’s (six million views); a Toronto man watches his stolen GMC Yukon ride a shipping container to Dubai, narrated entirely by hidden AirTags. iOS 17 finally lets families share an AirTag.

      9. 2024

        The safety standard — and real competition

        May 13: the Apple–Google unwanted-tracker spec ships on both platforms, weeks after Google relaunches its own billion-device Find My Device network with powered-off finding on Pixels. December: iOS 18.2’s Share Item Location hands airlines a live link to your lost bag. Finding networks become an ecosystem.

      10. 2025

        Filling in the map

        The Find My network reaches South Korea — its last major holdout — in April; Google rebrands its network “Find Hub”; Apple Watch Ultra 3 sends Find My locations via satellite from the wrist.

      11. 2026

        AirTag 2 — and finding as infrastructure

        January: the second-generation AirTag arrives at the same $29 — Precision Finding reaching (per Apple) up to 50% farther, a markedly louder speaker that’s physically harder to silence, Apple Watch as a finding compass. Apple says 50+ airlines now accept shared AirTag locations; the industry’s lost-bag system reports tagged bags are 90% less likely to stay lost. Seventeen years from “where’s my phone?” to baggage-handling infrastructure.

      The neighbors

      The other networks

      Apple’s design is no longer unique — it’s the reference point everyone else gets measured against. The interesting differences are philosophical:

      Network Scale Participation Privacy design Findable when powered off?
      Apple Find My 1B+ finder devices On by default; opt out Per-report end-to-end encryption; 15-minute rotating IDs; hash-indexed storage Yes — UWB iPhones (11+), ~24 h
      Google Find Hub (né Find My Device, relaunched 2024) 1B+ Android devices Auto-enrolled with notice; opt out per device End-to-end encrypted, key gated by your lock-screen PIN — plus aggregation: by default, busy-places-only, and you see an average of several strangers’ sightings, blurred to a few hundred meters Yes — Pixel 8 and later, “several hours”
      Samsung SmartThings Find 300M+ opted-in Galaxy devices (2023 figure) Opt-in on setup Encrypted reports within Samsung’s ecosystem; Galaxy-only tags No
      Tile (Life360) 40M+ tags sold; finders are only phones running the app App must be installed Server-side trust: 2025 research found static identifiers and reports Tile’s own servers can read; paid “anti-theft mode” hides tags from safety scans, backed by ID checks and a $1M contractual penalty No

      The Google comparison is the sharpest. Both companies encrypt locations end-to-end; the difference is what they’re willing to report at all. Apple reports from anywhere a single finder exists and leans entirely on cryptography for safety. Google’s default adds a second layer of caution — aggregate several sightings in a busy place, or stay silent — trading recovery odds in quiet places for a smaller surveillance surface. When researchers ran the two head-to-head in 2025, the trade was plain in the data: Apple’s network returned five to six times more location reports at roughly twice the accuracy, while Google’s reports arrived about sixteen times faster — and the same study noted that Google’s rate limiting and throttling “actively weaken their network’s performance but also result in a weaker incentive for misuse.” A finder network hobbled on purpose is a legitimate design position. So is Apple’s. Privacy design rarely becomes a competitive axis you can benchmark; here it has.

      The trade shows up exactly where you’d predict: in dense cities both networks find things fast; on an empty rural road, an AirTag usually phones home and the aggregating competitor more often doesn’t. A 29-country volunteer study put it bluntly: companion-device density is the primary determinant of tag performance, overshadowing the technology differences. In finder networks, the install base is the technology.

      Two footnotes for the connoisseurs. Google’s Pixel powered-off finding uses the same message-in-a-bottle trick as Apple’s: precomputed beacon keys handed to the Bluetooth chip before the lights go out. And Amazon runs an adjacent network with none of this subtlety — Sidewalk, which quietly turned millions of Echo speakers and Ring cameras into a default-on neighborhood radio network covering most of the U.S. population. Different goals, same lesson: the network you’re not thinking about is the one worth reading the settings page for.

      Corrections department

      Myths, gently busted

      Quick answers

      What does an off-but-findable iPhone look like in the app?

      It still shows on the map with a recent location and timestamp, rather than freezing at the moment it powered down — the pin keeps updating as strangers walk past it. Once the window expires (or no finder ever passes by), you get the last known location, which the app keeps showing for up to seven days; after that, “No location found.” Turn on “Notify When Found” and you’ll get pinged the moment a passerby’s phone hears it again.

      Does it work in airplane mode?

      Generally yes — airplane mode kills cellular and (by default) leaves Bluetooth alone, and the Find My beacon rides Bluetooth. Even toggling Bluetooth “off” in Control Center doesn’t fully power the radio down. Truly silencing a modern iPhone takes Settings-level Bluetooth shutdown, declining findability at power-off, or a Faraday bag.

      Can police make Apple decrypt a location?

      For the end-to-end encrypted crowd reports: no — Apple holds no keys, so there’s nothing to compel. Apple’s own published law-enforcement guidelines say it plainly: Apple “does not have GPS information for a specific device.” What legal process can get is account-level metadata (about 30 days of Find My connection logs), and — for an AirTag — the registered owner behind a serial number. That last one is by design, and it’s how AirTag stalkers get caught.

      Can Android phones help find my AirTag?

      No — and this one surprises people. The Apple–Google joint spec covers cross-platform detection (an Android phone will warn its owner about an unknown AirTag traveling with them, and vice versa), not cross-platform finding. Android phones never relay AirTag locations to Apple, and Apple devices never relay Google-network tags. The search parties are separate; only the burglar alarms are shared.

      Does my phone relay for strangers even if my own Find My is off?

      The “Find My network” toggle (Settings → your name → Find My) controls both directions of crowd participation on your device. Turn it off and your devices neither benefit from nor contribute to the crowd. Leaving it on is what keeps the search party staffed.

      Why didn’t my dead iPhone show up at all?

      Check the floors: it needs iPhone 11 or later on iOS 15+, the windows are ~24 h (powered off) and ~5 h (dead battery), and somebody with an Apple device has to pass within Bluetooth range. A phone dead for two days in a low-traffic place will show last known location only.

      Is my iPad / Mac / Apple Watch findable when off too?

      The after-power-off trick is specifically an iPhone feature (UWB models, 11 and later). Other Apple devices are findable through the network while they have power — a sleeping MacBook in a stolen backpack is very findable — but once fully off, they go quiet. As finders, though, iPhones, iPads, and Macs all listen and relay for everyone else.

      Closing the loop

      The elegant part

      Step back far enough and the design inverts how tracking networks are supposed to work:

      Every party is blind to exactly the thing that would make them dangerous, and the system still works. That’s not an accident of implementation; it’s the specification. It’s what you get when someone asks “what’s the most useful thing we can build where even we can’t abuse it?” — and then actually ships the answer to a couple billion pockets.

      The next time someone tells you privacy and functionality are opposites, you have a counterexample lying in a parking lot somewhere, whispering into the dark every two seconds, waiting for a stranger to do it a kindness it will never be able to acknowledge.

      Check yourself

      Pop quiz

      Six questions. If you can pass this, you understand Find My better than almost everyone who uses it.

      Grading needs JavaScript — without it, the answer key is simple: the crowd does the locating, Apple reads nothing, rotation defeats following, 24 hours, the Faraday bag, and the stranger never knows.

      Your powered-off iPhone shows up on the map. Who actually determined its location?

      The off phone never knows where it is — GPS is dark. A passerby’s device heard the whisper and contributed its own position.

      What can Apple read from the location reports it stores?

      Reports are encrypted with your public key and filed under a hash. Apple holds no decryption keys and no label-to-person mapping.

      Why does the broadcast identity rotate every ~15 minutes?

      A fixed anonymous ID is still a tracking cookie. Rotation makes your phone look like a new stranger every quarter hour — unless you hold the seed.

      How long is an iPhone findable after you deliberately power it off?

      ~24 hours after a deliberate power-off (and ~5 hours of Power Reserve after the battery dies on its own). Then: last known location.

      Which of these actually defeats Find My?

      The beacon doesn’t use cellular, and airplane mode leaves Bluetooth running. Conductive fabric, though, is physics — nothing gets out.

      The stranger whose phone relayed your location…

      The relay is silent and the note is sealed with your padlock. The kindness is anonymous in both directions.

      Receipts

      Sources & further reading

      1. Apple Platform Security Guide — Find My security: the official description of the key scheme, P-224, rotation, and end-to-end encryption.
      2. Apple Support — Use Find My to locate your lost Apple device or AirTag (network size, last-known-location behavior) and the iPhone User Guide (the 24-hour and 5-hour windows, in Apple’s own words).
      3. Heinrich, Stute, Kornhuber & Hollick (TU Darmstadt) — “Who Can Find My Devices?” (PETS 2021): the reverse engineering behind the packet layout, the 88-byte report, the Frankfurt field measurements, and CVE-2020-9986.
      4. Classen, Heinrich, Reith & Hollick — “Evil Never Sleeps” (WiSec 2022): how low-power mode actually works after shutdown — the 96-key schedule, the three radios that stay on, and the unsigned-firmware caveat.
      5. OpenHaystack — build-your-own trackers on Apple’s network, from the same lab.
      6. Adam Catley — AirTag reverse engineering: hardware, power budget, and the 24-hour separated-rotation detail.
      7. Matthew Green — “How does Apple (privately) find your offline devices?” — the canonical day-one cryptographer’s take. (“Sometimes even Lassie knows when to quit.”)
      8. Apple Newsroom — An update on AirTag and unwanted tracking (Feb 2022) and the joint Apple–Google alert rollout (May 2024).
      9. IETF — Detecting Unwanted Location Trackers working group: the standardization effort and its current status.
      10. Böttger, Matern, Arndt & Hollick — “Okay Google, Where’s My Tracker?” (PoPETs 2025): the reverse engineering of Google’s network and the head-to-head numbers quoted here.
      11. Eldridge, Beck, Green, Heninger & Jain — “Abuse-Resistant Location Tracking” (USENIX Security 2024): the academic case that the privacy-vs-detectability dial isn’t as stuck as it looks.
      12. Positive Security — “Find You” (the stealth-clone experiment that demonstrates the rotation loophole) and “Send My” (using the network as a ~3-byte-per-second data channel).
      13. Chen, Xie, Xu, Zeng & Zou (George Mason) — “Tracking You from a Thousand Miles Away!” (USENIX Security 2025): the nRootTag attack.
      14. Apple — Legal Process Guidelines (U.S.): what law enforcement can and cannot get.
      15. VICE/Motherboard — police-records investigation of AirTag stalking (April 2022).
      16. Apple Newsroom — the second-generation AirTag (January 2026), and SITA’s baggage-recovery findings.
      17. TidBITS — the June 2009 launch coverage, for the historians.

      This post grew from a note in my files. Research, illustrations, and the interactive demos were built with Claude. The demos run entirely in your browser — this page loads no analytics and phones home to no one, which felt like the only honest way to publish a piece about surveillance-resistant design.