Privacy Audit

Most people don't realize how much their devices say to the room over Bluetooth. AirPods reveal battery levels and case state to any nearby listener. An iPhone broadcasts its lock state, last action, and iOS major version. A watch advertises persistently. This tutorial walks through using AirLeak to audit your own devices and tighten what they leak.

---

The setup

You'll do this best in a quiet space, your home or an empty room. Fewer ambient devices means easier focus on yours.

1. Pair the AirLeak in the app and switch to Monitor.
2. Open the Live tab.
3. Bring out the devices you want to audit: phone, laptop, AirPods, watch.
4. Wait about 60 seconds for them to populate.

Use Search to find them by name (e.g. your iPhone's name, or AirPods).

---

Auditing your iPhone

Tap your iPhone in Live to open its detail page.

• Name, does it contain personal info? Sarah's iPhone is identifying. Consider renaming it (Settings → General → About → Name) to something less personal, its BLE name follows the device name.
• Class confidence, should be high for a properly-broadcasting iPhone.
• Apple state, shows when the screen was last on/off and the lock state, broadcast continuously.
• OS major version, anyone in BLE range can read this. A phone broadcasting an old major version advertises that it's on a deprecated, possibly unpatched, release.
• AirDrop, if set to "Everyone", the device broadcasts Apple ID / phone-number hash prefixes and the airdrop_discoverable alert fires. Set AirDrop to Contacts-only.

---

Auditing your AirPods

Find your AirPods (search "AirPods" or the case name).

• Battery, AirPods broadcast L/R/case percentages openly, anyone nearby can see them.
• Lid state, opening the case is observable, and so is in-ear vs in-case.
• Advertising rate, pairing mode (lid open) advertises fast; idle advertises slowly. Frequent fast advertising means the lid is opening more than you'd think.

There's not much to "fix", AirPods are designed to broadcast pair-state so they connect instantly. But it's worth knowing the cost.

---

Auditing your laptop

Search for your laptop. Windows machines often show as DESKTOP-XXXXX; Macs show a user-set name.

• Name, a Mac's default <FirstName>'s MacBook is identifying, consider renaming.
• MAC, if the same address keeps reappearing across captures, the laptop's BLE address is stable.
• Service UUIDs, laptops typically expose Device Information (0x180A), Battery (0x180F), and HID (0x1812).

To reduce identifiability: rename to something generic, and turn Bluetooth off when you don't need it.

---

Auditing your watch

Apple Watches and other smart watches broadcast persistently.

• Name, Apple Watches inherit the iPhone's name pattern.
• Apple state, Apple Watches surface action / lock signals.
• MAC rotation, watches rotate addresses frequently; the fingerprint keeps them tied to one identity where the advertisement allows.

Watches can't really be "fixed" privacy-wise, constant connectivity to the paired phone requires constant advertising.

---

Auditing your smart-home devices

Search for [TV], Echo, Nest, etc., or use the Apple / Audio chips and browse. Many smart devices include their model in the BLE name ([TV] Samsung 5 Series (49)) and expose capability via service UUIDs. They're designed to be discoverable for setup, so leakage is a feature, the audit value is knowing what's on the air.

---

Auditing what you broadcast in public

Take the AirLeak with you to a coffee shop or co-working space, switch to Monitor, and watch your own devices appear as you move. It's a sobering look at the BLE traces you leave wherever you go, a strong motivator to rename devices, turn Bluetooth off when not in use, and set AirDrop to Contacts-only.

---

A simple BLE privacy checklist

For each of your devices:

• Friendly name doesn't reveal your real first name
• AirDrop set to Contacts-only (not Everyone)
• iOS / OS version is current (older majors broadcast more)
• Bluetooth turned off on devices that don't need it on

---