> None, simply proxy it through Apple's existing servers and do not include any information about the device that found the tracker. If you are worried about rogue devices telling iPhone to ping rogue services, then just add a service whitelist to the scheme: Apple trusts Google's service and Tile's service, Google trusts Apple's service and Tile's service, but <random URL> isn't going to get pinged.
Doing a "ping this other service" leaks information about the device that has been found. It also opens up Apple to knowing about who found the device or where it was found from information sent across the network. This is an important thing in security of the AirTag (and the rest of the Find My network) - the person detecting the BLE message has zero knowledge about it (other than its existence), Apple has zero knowledge about the person finding it or the device - only the Apple account that is associated with, and the person who owns the Apple account only has knowledge about where and what device - not who found it.
To not compromise the security of the Find My network, other vendors
> In addition to making sure that location information and other data are fully encrypted, participants’ identities remain private from each other and from Apple. The traffic sent to Apple by finder devices contains no authentication information in the contents or headers. As a result, Apple doesn’t know who the finder is or whose device has been found. Furthermore, Apple doesn’t log information that would reveal the identity of the finder and retains no information that would allow anyone to correlate the finder and owner. The device owner receives only the encrypted location information that’s decrypted and displayed in the Find My app with no indication as to who found the device.
This would be an opportunity for Tile to work at trying to establish a standard like was done with UWB ( https://www.nxp.com/applications/enabling-technologies/conne... ) so that multiple vendors could use the technology and chips for interoperability.
Doing a "ping this other service" leaks information about the device that has been found. It also opens up Apple to knowing about who found the device or where it was found from information sent across the network. This is an important thing in security of the AirTag (and the rest of the Find My network) - the person detecting the BLE message has zero knowledge about it (other than its existence), Apple has zero knowledge about the person finding it or the device - only the Apple account that is associated with, and the person who owns the Apple account only has knowledge about where and what device - not who found it.
To not compromise the security of the Find My network, other vendors
https://support.apple.com/en-gb/guide/security/sec6cbc80fd0/...
> In addition to making sure that location information and other data are fully encrypted, participants’ identities remain private from each other and from Apple. The traffic sent to Apple by finder devices contains no authentication information in the contents or headers. As a result, Apple doesn’t know who the finder is or whose device has been found. Furthermore, Apple doesn’t log information that would reveal the identity of the finder and retains no information that would allow anyone to correlate the finder and owner. The device owner receives only the encrypted location information that’s decrypted and displayed in the Find My app with no indication as to who found the device.
This would be an opportunity for Tile to work at trying to establish a standard like was done with UWB ( https://www.nxp.com/applications/enabling-technologies/conne... ) so that multiple vendors could use the technology and chips for interoperability.