This work systematically analyzes privacy vulnerabilities in Samsung’s Offline Finding (OF) protocol, revealing a cascade of privacy risks from the perspectives of device owners, finders, and the vendor: Bluetooth broadcast identifiers enable owner identification; adversaries can perform unauthorized, persistent tracking; Samsung’s servers can deanonymize users or finders via location reports; and location data lacks integrity protection. Methodologically, the study introduces the first cross-layer privacy threat model tailored to commercial BLE-based crowdsourced positioning systems, integrating BLE reverse engineering, traffic replay, identifier correlation analysis, and server log modeling. Empirical validation confirms four exploitable vulnerabilities. The contributions include a novel risk taxonomy for crowdsourced positioning systems and an evidence-based benchmark for privacy-aware design—providing both conceptual frameworks and actionable insights for securing real-world BLE infrastructure.

We present a detailed privacy analysis of Samsung’s Offline Finding (OF) protocol, which is part of Samsung’s Find My Mobile (FMM) location tracking system for locating Samsung mobile devices, such as Samsung smartphones and Bluetooth trackers (Galaxy SmartTags). The OF protocol uses Bluetooth Low Energy (BLE) to broadcast a unique beacon for a lost device. This beacon is then picked up by nearby Samsung phones or tablets (the finder devices), which then forward the unique beacon, along with the location it was detected at, to a Samsung managed server. The owner of a lost device can then query the server to locate their device. We examine several security and privacy related properties of the OF protocol and its implementation, from the perspectives of the owner, the finder and the vendor. These include examining: the possibility of identifying the owner of a device through the Bluetooth data obtained from the device, the possibility for a malicious actor to perform unwanted tracking against a person by exploiting the OF network, the possibility for the vendor to de-anonymise location reports to determine the locations of the owners or the finders of lost devices, and the possibility for an attacker to compromise the integrity of the location reports. Our findings suggest that there are privacy risks on all accounts, arising from issues in the design and the implementation of the OF protocol.