Beacondo Blog

The latest iBeacon news, tips and tricks from Team Beacondo.

No, iBeacons aren't spying on you.

Disclaimer: Beacondo makes free tools that let anyone build iBeacon apps for retail, education and more. Clearly we think iBeacons are awesome, so please come to your own conclusion.

As iBeacons continue to grow in the public's perception, the level of user confusion and/or worry seems to be rising in parallel. This is a shame, because iBeacons really do seem prepped to transform the way we shop in stores, the way we browse galleries, and even the way we approach education - if there's FUD circulating in these formative days, it will only serve to hold everyone back.

The primary user concerns are around two areas:

  • "I don't want to be spied upon." As Cult of Mac wrote in its not-at-all fear-inducing article Why aren't people freaking out about iBeacon?, "In the previous system, iBeacon-enabled stores, stadiums and museums were required to ask permission of the user for iBeacon access to their phones. Now, they no longer need that permission. Apple has already granted permission to the stores to access your iPhone."
  • "I don't want to be bombarded with adverts." As Boy Genius Report wrote in its equally terror-inducing article The dark side of Apple's iBeacons, "Apple device users could be in store for an onslaught of annoying ads as they walk around malls or browse through retail stores everywhere."

The thing is, neither of these things are true. iBeacon is a really neat technology, and we do believe it's going to gather pace and indeed become ubiquitous, but it doesn't have a dark side and no one need freak out about it.

Spying via beacon: what's actually possible?

Your phone's radio transmits a lot of data, not least 3G/4G internet and WiFi. One of the things your phone broadcasts is Bluetooth, which is a low-energy and low-range communications system that previously was mainly used for things like phone headsets.

iBeacon is built on top of Bluetooth, and is best visualised as a really tiny computer that constantly emits a signal saying "Welcome to the Apple Store in London." Well, that's what the signal means – the actual data is a short series of numbers and can't contain text. It doesn't send any more data than that – no content, no tracking information, and certainly no advertising. Because beacons are designed to be extremely low power, they have an extremely short range – in perfect conditions their signal can travel at most 50 metres, but that comes down dramatically when any obstacles get in the way such as walls (and, of course, people!) so in most practical circumstances the signal will carry about 20 metres.

So, iBeacons are dumb micro-computers that do little more than identify themselves. They don't know who if anyone is receiving that signal in the same way that a radio station doesn't know when you start listening to them in your car – and they certainly can't identify you.

What's more, Apple takes user privacy extremely seriously, which means apps can't read your location without your permission. Granting that permission isn't something you can do by accident, because you must have:

  • Downloaded the app for the store you're visiting.
  • Run the app at least once.
  • Select "Yes" when the app asks you if you want to share your location.

When those three are true, the store's app can read your location very roughly. As you're inside, GPS isn't going to be much use, so they will get very broad location based on your nearest cell tower or, in some circumstances, by seeing which WiFi networks are in range. They will also get a rough position if they have enough iBeacons around - and we really do mean rough, because the Bluetooth signal is so weak that its distances are split into "devices are almost touching", "devices are less than four metres away", and "devices are more than four metres away." Anything more fine-grained than that is just guesswork.

Even when you've granted permission for the app to read your location, you can disable it for a single app by going to the Settings app and choosing Privacy > Location Services. Alternatively, if you disable Bluetooth, then iBeacons will no longer be discovered by your phone.

There is one other thing that stores can do, which is to make your device into a local iBeacon as part of its app. So, rather than them having iBeacons scattered around the store that your phone discovers, your phone becomes an iBeacon that can be discovered by other devices. It's down to the app how that beacon is configured, but it's certainly possible that the beacon could broadcast an identifier that points uniquely to you.

Remember, though, that beacons cannot broadcast text: your local beacon cannot be broadcasting your name, your credit card number, or your cat's birthday. Instead, it will broadcast some numbers that the store can look up in its database and figure out that it means you.

"Aha!" you say, "so they are spying on me!" Well, yes and no. Yes, the unique identifier of the local beacon can be traced back to an account you hold with the store. Yes, they can very roughly measure your distance between their own beacon trackers and take a guess at your movements around the store. But: to make a local beacon work not only requires the same permission request detailed earlier, but also requires that you are actively running the app. As soon as you press the Home button to leave the app, your local beacon stops transmitting.

Advertising spam: possible, but unlikely

In iOS 7.1, Apple made an important change to the way iBeacon messaging works: apps can now ask that they be launched automatically when they come in range of a beacon. This is done in a fairly discreet way – the app doesn't just pop up while you're busy trying to crush candy. Instead, the app is launched in the background so that you don't notice it, and is given the opportunity to respond to the beacon's discovery.

Most iBeacon-enabled apps, when launched in the background as a result of discovering a beacon, respond by posting what's called a local notification. These are those small messages that slide in from the top of your device while you're using it, or, if your device was locked, on your phone's home screen. This will say something like, "Welcome to XYZ Store! Slide to unlock for special offers," and when you unlock your phone with that message the app will be brought to the foreground.

This is where people see the threat of advertising spam: when they walk around a mall looking for a Cinnabon, they will receive messages from every store trying to drag them in to buy things, and their phone will buzz like a hummingbird on Red Bull.

Except that's not true, or at least not likely. Again, to be able to scan for a store's iBeacons, the user needs to have downloaded that store's app, run it at least once, and granted it permission to use their location. The app then needs to register the iBeacons of each of its stores, although there is a device limit on iPhone that stops stores from registering more than 20 beacons.

So, to make the nightmare scenario come true, the user must have installed all the store apps in the mall they are walking through, then opted to share their location with each of those apps. They can, of course, at any time either opt to stop sharing their location with any store (under Settings > Privacy), stop any store from showing messages (under Settings > Notification Center), or just turn off Bluetooth entirely.

Apple does seem to have some sort of undisclosed system in place for deciding which apps get to show notifications - they all definitely appear when the user looks at their lock screen, but iOS stops apps waking the device too frequently.

App developers: what can you do?

Accessing your user's location is a privilege, and if they trust your app with their location information then it's down to you to be worthy of that trust.

At the very least, you should heed the following advice:

  • Using iBeacons will automatically trigger Apple's "Do you want to share your location?" warning message. You can and should customise this by modifying your app's Info.plist file with the setting "Privacy - Location Usage Description" to tell the user how you are using their location.
  • Even better: don't ask for location until you need it. This means your user should be able to launch your app and use it to some extent before they are asking to share their location. Ideally the request should be triggered by them taking an action that has obvious links to location, such as "Show offers near me" or "Find my nearest store", because that way they already know why you want their location.
  • "Say what you do, then do what you say." That is, once you've told the user how they intend to use their location, make sure you stick to that promise. Be careful: the penalties for abusing privacy are extreme.
  • If you intend to use local notifications to show messages to nearby users, keep in mind that they are just a few taps away from blocking you – and once you're blocked, they aren't going to periodically unblock you to see whether you've stopped spamming them. So, limit your messages so they don't appear too frequently, and make sure your messages are targeted and useful.

Love iBeacons? Us too.

For more iBeacon news, tips and tricks, you can sign up to our newsletter, follow us on Twitter, or bookmark the Beacondo blog. Thanks for reading!