Enjoy our content? Make sure to set Android Central as a preferred source in Google Search, and find out why you should so that you can stay up-to-date on the latest news, reviews, features, and more.
What you need to know
- Tile trackers have been found to broadcast unencrypted IDs and a static Bluetooth MAC address, making them easy to spot and follow.
- Apple’s AirTag and Samsung’s SmartTag rotate identifiers and encrypt transmissions, while Tile’s protections are partial and inconsistent.
- While Tile's Anti-Theft Mode hides trackers from scans, it also removes safety checks, allowing abusers to plant devices undetected.
Tile trackers are making headlines again, though not in a positive way. Wired reports that researchers at Georgia Tech have found major problems with how these Bluetooth trackers manage data, putting users at risk of being tracked or having their information misused by the company.
The core problem is that Tile tags broadcast both a unique ID and a static Bluetooth MAC address without encryption. While most competitors like Apple’s AirTag or Samsung’s SmartTag rotate identifiers and use stronger privacy protections, Tile relies on partial rotation that only happens under specific conditions — every 15 minutes when near the owner’s phone or once a day if separated.
Meanwhile, the static MAC address never changes, effectively acting as a beacon anyone can lock onto with basic scanning tools.
This lack of encryption means stalkers with even modest technical know-how could use off-the-shelf antennas or Bluetooth sniffers to trace someone’s movements in real time. Beyond that, researchers warn that Tile’s own infrastructure could theoretically be used to build long-term maps of user behavior, raising deeper questions about how much control the company has over people’s location data.
The vulnerabilities were first disclosed to Tile’s parent company, Life360, in late 2024, but while the company claims improvements have been made, details on exactly what was fixed remain vague.
Anti-Theft Mode backfires
One complicating factor is Tile’s “Anti-Theft Mode.” Rolled out as a way to make trackers invisible to scans, the feature requires users to upload government ID and selfies, while also agreeing to a clause that lets Tile share their information with law enforcement — even without a subpoena — if misuse is suspected.
The company has even tied a $1 million fine to confirmed cases of abuse. While this might sound like a deterrent, critics say the feature strips away key safeguards. When Anti-Theft Mode is enabled, Tile tags no longer show up in the Scan & Secure feature, making it easier for malicious actors to plant trackers on unsuspecting people without detection.
Researchers also demonstrated that attackers could record a Tile signal and replay it elsewhere, effectively spoofing a person’s location and potentially framing them.
In a statement to The Verge, Tile insists it takes security seriously, pointing to ongoing bug bounty programs and ethical hacker collaborations through HackerOne. But until the company demonstrates meaningful fixes, the burden falls on users.
Experts recommend keeping firmware and app versions up to date, avoiding Anti-Theft Mode unless absolutely necessary, and considering alternatives like Apple or Google’s trackers, which employ stronger privacy protections.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
