Legacy Bluetooth devices and newer Bluetooth devices that haven’t implement privacy-protections broadcast a persistent identifier that’s unique to each device. These broadcasts usually happens several times per minute. Retailers, transportation providers, and others have been recording these broadcasts for years and use them to track people as they move through public spaces. A persistent identifier even allows them to map your whereabouts and habits over time.
Bluetooth devices, like Wi-Fi devices, support a privacy-enhancing technique that periodically randomizes the broadcasted address, which makes it harder to track them as their owners move about in the world. Paired devices, like your phone or laptop, can still resolve the device’s real address, enabling them to communicate properly. However, how do you tell if your device is protecting your privacy or not?
Ideally, products that support BLE Privacy should be clearly labeled so that you as a consumer can make an informed purchase decision. Unfortunately, Bluetooth peripheral makers are notoriously bad at providing any kind of technical documentation for their products whatsoever.
You can try to look up information online, but very little product-specific information is available despite this being a seven-year-old standard. I’ve only found a single online product review mention that a device supported BLE Privacy, and that was for one of the very few products that list it as a feature.
The only way to check that your Bluetooth enabled devices do a good job is to manually test one and verify that it preserves your privacy. I’ll walk through the test process using an app for Android that makes this quick and easy to do. I’ll also explain what to look for so you can still follow along using any general Bluetooth scanning app for iOS, Windows, or another Bluetooth host device.
You’ll need a smartphone running Android 6 “Marshmallow” or newer with support for Bluetooth 4.2 or later. You can look up this information on your phone manufacturer’s website.
Start by unpairing the devices you want to test from your Android phone. You can do this from the Bluetooth section of the system Settings app. You need to do this first to ensure your device pairing won’t interfere with the test by unmasking the real address of the devices you want to test.
Next, download and install the BLEScanner app from the Google Play Store. Open the app and tap the Play button to start scanning for nearby Bluetooth devices, and identify your device in the list. This can be difficult when there are many Bluetooth devices nearby. If you’re having trouble identifying your device then make sure it’s powered on and try walking away from other Bluetooth devices. An elevator car — assuming it’s made of metal and will block most outside signals — can be an ideal impromptu Faraday cage/test chamber. Not all Bluetooth devices broadcast continuously so keep an eye on the list for at least a few minutes.
Update (): The BLEScanner app is no longer available on the Play Store. The developer hasn’t responded to my request for a comment.
Note the device’s address once you’ve identified the device you want to test. The BLEScanner app lets you mark devices as favorites so you won’t need to remember them. Repeat this test several times over the next one–three days and note any changes to the device address.
If your device’s address changes over time, then it has implemented BLE Privacy protections. If it stays the same, then it can be tracked. Be sure to share your test results online so others looking for privacy-preserving product recommendations can find it.
Note that even when BLE Privacy is implemented properly, it may still be possible to track it due to common implementation flaws. However, this only works if you remain within the range of a tracker for a prolonged period, and requires a much more sophisticated setup than common commercial tracking scenarios.
Bluetooth devices also publicly broadcast their manufacturer, model, and services. A unique combination of Bluetooth devices may be used to fingerprint your Bluetooth signature, which again exposes you to persistent tracking even when BLE Privacy protections are implemented. At this point, strong privacy regulation and enforcement is the only protection that can effectively keep you from being tracked. Or maybe leave your fitness tracker at home and use wired earphones.