Query Apple's FindMy network with Python

Original Article ↗ Hacker News Discussion ↗

What Apple Find My Provides

  • Tracks Apple devices (iPhone, iPad, Mac, Watch, AirPods, Vision Pro, Apple TV), AirTags, and third‑party “Works with Find My” accessories.
  • Supports people tracking: share your live or temporary location with friends/family, see theirs in Find My and Messages.
  • Sharing can be one‑time, time‑limited (hour/day), or indefinite, plus “Check In” that only sends data if you’re unexpectedly delayed.
  • Among many younger users, always‑on sharing is described as socially expected, with relationship implications if you stop.

How the Find My Network Works

  • Devices broadcast encrypted Bluetooth beacons; nearby Apple devices upload sightings (with their own location) to Apple.
  • iPhones can remain “findable” even when powered off, though this can be disabled.
  • Location reports are end‑to‑end encrypted; Apple is said not to see locations or stable tag identifiers, only the owner’s devices can decrypt using rotating keys.
  • AirTags are associated with an Apple ID at setup, allowing law enforcement to link a recovered tag’s serial to an account, but serials are not used in the public beaconing.

Capabilities of FindMy.py

  • Python client that talks directly to Apple’s Find My network APIs to fetch encrypted location reports and decrypt them if you have the right keys.
  • Works for items/devices whose shared secrets you’ve extracted (e.g., from a Mac’s iCloud keychain), not for “Find My Friends.”
  • Can retrieve up to seven days of historical pings in one call; frequent polling is unnecessary.
  • Supports BLE‑based “nearby” detection, which matters because AirTags stop using the network when close to their owner’s device.

Cross‑Platform and Ecosystem Lock‑In

  • Several commenters on Linux/Android complain that full Find My functionality is locked to Apple hardware; the iCloud web app is limited and omits AirTags.
  • Some resort to remote‑desktop, Mac automation, or third‑party tools to access Find My from non‑Apple platforms.
  • Others argue this lock‑in is intentional: Find My is a value‑add to keep people in the Apple ecosystem.

Privacy, Abuse, and Data Access

  • Apple encrypted local Find My data more aggressively, breaking earlier DIY tools but reducing misuse risk.
  • Debate over whether Apple could technically inspect Find My traffic despite claims of E2E design; some remain skeptical.
  • Concern that any API (official or unofficial) can be used to build detailed movement histories of friends who share location.

Reliability and Apple’s Likely Response

  • Many think changing the core protocol to block projects like this would be hard without breaking older devices or privacy guarantees.
  • However, Apple can detect suspicious API usage, ban accounts, or send legal threats if someone builds privacy‑eroding services.
  • The library’s author reports one Apple ID banned after very frequent polling, and advises modest query rates and disposable accounts.

Use Cases and Automation Ideas

  • Proposed uses include: long‑term personal location logs, pet and vehicle tracking, mailbox/door sensors, and Home Assistant automations (e.g., geofenced actions when arriving home).
  • Some lament that Apple exposes little official automation (Shortcuts, AppleScript, Screen Time control) for Find My, driving interest in unofficial APIs.