Researchers at the Georgia Institute of Technology scrutinized the security of the popular Tile tracker and came out disappointed.

Bluetooth trackers are a steadily growing market, and Life360 is one of the major players. In 2021, Amazon expanded its Sidewalk network to include Tile. That means Ring cameras and Echo devices can act as relays, picking up the location of Tile trackers and phones running the Tile app.

Reportedly, some 88 million Tile trackers are in use worldwide, but they are not as safe as we’d expect. The major problem the researchers found is that the trackers broadcast an unencrypted, static MAC address and unique ID. To allow users to find their wallet or lost items, other Bluetooth devices or radio-frequency antennas in a tracker’s vicinity can pick up these signals to follow the movements of the tracker.

That’s the whole point, you’d think. But let me clarify what’s wrong with this method. Other trackers don’t broadcast their actual MAC address. Instead, they send out a temporary ID based on it, which makes long-term tracking harder. Tile does things differently: while it rotates the unique ID, it still transmits the same MAC address. Researchers also found the way Tile generates its rotating ID isn’t strong enough to stop someone from continuously tracking a device.

It gets worse. The receiver then sends the tag’s location, MAC address, and unique ID to a server without encryption. Researchers believe the server stores this information in cleartext. If that’s true, Life360 can continuously monitor the location of trackers and their owners who have the app installed, despite the company’s claim that it does not have this capability.

As one of the researchers put it while warning about the dangers:

“An attacker only needs to record one message from the device … to fingerprint it for the rest of its lifetime.”

This could pose a major problem in case of a breach or if your tracker gets caught in a mass scan. In other tracker systems, the information about the location of a tag is decrypted by using a key only available on the user’s phone, so only the owner can see this information.

Another issue to Tile’s anti-stalking feature. After concerns were raised about the ability to stalk persons with these trackers, most manufacturers added automatic alerts that warn the user if a tracker that is not theirs is following them around.

Tile’s system is weaker. The app doesn’t scan in the background—the users has to start the scan manually. Even then, it only works if the user keeps moving around for 10 minutes.

This behavior could be due to a feature that Tile offers and other don’t: anti-theft mode. Tile users have the ability to make their trackers invisible to others, so would-be thieves can’t scan an area to see if there are any items with a Tile in the vicinity.

But stalkers could abuse the same feature. They would still see the tag’s location, while the victim’s scan would not detect it, leaving them unaware of a rogue device.

To enable Anti-Theft Mode, Tile requires a government-issued ID, a live photo of the user, and agreement to a $1 million fine if convicted of stalking. While this could deter some abusers, researchers note it isn’t clear whether the penalty is enforceable.

The researchers concluded that many of the problems they found with Tile trackers could be solved by encrypting the signals it broadcasts, and they don’t understand why the company apparently hasn’t followed the example of its competitors.

That sounds easier than it might be though. In February 2025, researchers found a way to track any Bluetooth device using nRootTag vulnerability in the ‘Find My’ network. Apple has a partial fix out, but full protection may take years. This shows that a redesign from (almost) scratch, could be a lengthy and costly process.

Life360 hasn’t said what fixes it made after researchers disclosed the findings. Its only public statement was that it had “made a number of improvements,” without offering any details.

To help you find the main differences between Tile and other trackers, we constructed this overview.

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.