Apple's AirTag is finally available. This $29 tracker promises that you will never lose your keys again. However, as several reviewers have discovered, AirTag's privacy features have some major loopholes.

During the announcement, Apple talked about several features that would prevent AirTag from being used to secretly track people. For example, AirTags' privacy protections sound impressive, such as alerts that sound when an AirTag leaves a paired iPhone for a certain amount of time, and on-screen notifications to iPhone users when an unauthorized AirTag is accompanying them.

However, these protections do not appear to be sufficient.

For one thing, a lost AirTag does not sound until three days have passed, and only iPhones updated to iOS 14.5 will receive an on-screen notification after a few hours.

Like many good key finders, Apple's AirTags use Bluetooth to allow the phone to locate the fob. However, AirTags also use ultra-wideband communications to more accurately locate the fob.

iPhones with U1 chips (currently iPhone 11 and iPhone 12) display a directional arrow pointing directly to the AirTag's location.

On Apple's AirTags page, the company notes: "Only you can see where your AirTag is. Your location and history are not stored on the AirTag itself.

"The device relaying your AirTag's location also remains anonymous, and its location data is encrypted at every step. Therefore, not even Apple can know the location of your AirTag or the identity of the device that helps you find it.

"If someone else's AirTag gets mixed up with yours, your iPhone will notice that the AirTag is traveling with you and send you an alert. If you still can't find it after a while, it will start playing a sound to let you know the AirTag is there.

However, as Caitlin McGarry points out in Gizmodo's AirTags review, the iPhone must be running iOS 14.5 to receive the on-screen alert.

If you are using an iPhone or Android device with an older version of iOS, or no smartphone at all, you will have to wait for the stalking AirTag to play its sound. (The android phone can only interact with the AirTag when looking for an AirTag that has been marked lost by its owner.)

Even if your phone is the latest version of iOS, you will not receive alerts immediately. You will also receive alerts when you arrive home; at Mashable, Brenda Stoylar found that iOS 14.5 alerts pop up after an unpaired AirTag has been away from home for two hours.

Even worse: Android users, and iPhone users who have not updated to iOS 14.5, cannot hear the "This AirTag is not yours" sound for three days.

Last Thursday, before iOS 14.5 was released, Mashable's Stolyar gave each of her roommates an AirTag. She was able to track their movements in New York City for the next two days.

During this time, neither of her roommates received any alerts that Stolyar was tracking their movements, other than an email to confirm that the location tracking was accurate. (29]

Meanwhile, Stolyar attempted to replicate the experiment using the Tile tracker, but found that it could not track anyone more than 400 feet (Bluetooth range) away from her phone.

"Apple is rapidly approaching 1 billion active iPhone devices, which makes it the largest finder network in the world," Stolyar wrote. "That's not something to brag about when you're releasing a Bluetooth tracker that can also be used to track people"

.

Let's face it: in the US, just under half of all smartphones are iPhones. Worldwide, that's one in eight. That means billions of people could be tracked for up to three days using Air Tags.

"Considering how many Android users there are out there," writes McGarry in Gizmodo, "it's not hard to see how this could be exploited." It seems almost certain that iPhone owners will be able to exploit this to compete with their Android-using partners.

Suspicious spouses using iPhones or iPads could slip the AirTag into their partner's purse, clothes, or car and watch what they do for up to 72 hours.

This alert will only go off if the person being stalked is away from home. If the stalked person returns home each night and the outing countdown resets, the stalker may be able to track the person's daily activities indefinitely.

McGarry was able to track her husband's car for an entire day (with his consent) as he traveled around Los Angeles, but did not receive any alerts, even after updating her iPhone to iOS 14.5.

"Some publications even claim that AirTags are 'stalker-proof,'" Stolyar wrote.

"But I can assure you that is not the case.

The silver lining is that these privacy warnings are not hard-coded into AirTags. Apple could change them with a simple wireless software update.

McGarry expressed her concerns to Apple, who told her that Apple "may adjust the logic and timing of these features, which are adjustable over-the-air, to continually improve deterrence."

In the meantime, if you're buying Air Tags, make sure all your iPhones are updated to iOS 14.5. And if you're an Android user, as with iMessages, smile wryly at the fact that Apple is once again making you feel like a second-class citizen.