Skip to content

ZeroTrace AirLeak

Tracker Detection

Finding AirTags, Tile, SmartTag, and other unwanted trackers near you

One of AirLeak's most useful jobs: surfacing the small Bluetooth trackers around you. These devices broadcast continuously when separated from their owner, which is exactly what makes them findable, and exactly what makes them potentially abusable when used to follow someone.

What AirLeak can detect

TrackerHow AirLeak sees it
Apple AirTagFind My advertisements (separated state, public-key prefix)
Apple Find My-network accessorySame protocol as AirTag, different vendor
TileTile-specific Service UUID
Samsung SmartTag / SmartTag+ / SmartTag 2Samsung BLE advertisement with state byte
Google Find My Network accessoryFMDN (Eddystone-style) advertisement
Generic / unknown trackersTracker-class fallback when the advertisement shape matches

The recognized tracker classes are airtag, tile, samsung_smarttag, and google_tracker; anything else that looks like a separated tracker is surfaced through the tracker alerts.

Doing a one-off tracker sweep

The fastest privacy check. Takes about 2 minutes.

  1. Pair the AirLeak in the app and switch to Monitor.
  2. Wait 60 seconds for the Live list to populate.
  3. Open the Live tab and tap the Trackers filter chip.

You now have a clean list of every tracker in range. Some will be yours (the AirTag on your keys). Some may be strangers', left in a public place, in a car park, in a hotel. Most are harmless.

What to look at for each:

  • Name, sometimes a friendly name reveals a lot
  • Class, AirTag vs Tile vs SmartTag tells you the ecosystem
  • Signal, strong signal = close to you, weak = far
  • First seen, recent first-seen + persistent observation = it's been near you a while

Click any row to open its detail page for the full picture.

Catching a tracker that's following you

This is the scenario AirLeak was specifically built for. The multi_hour_follower alert fires when a tracker has been near you for more than 3 hours.

The workflow:

  1. Keep the AirLeak with you in Monitor mode while you go about your day. Take it on errands, commutes, meetings.

  2. Watch for the multi_hour_follower signal. It means a tracker has been with you across several hours. Find the device in the list, is it familiar?

  3. If unfamiliar, investigate further. Open its detail page; the first-seen timestamp tells you how long it's been around, and its separated state and observation count tell you how persistently it's broadcasting.

  4. Locate the device physically. Open the Hunt tab and lock onto it, AirLeak turns its live RSSI into a proximity gauge (with a radar dial) you can walk toward to find it. Modern AirTags can also be made to play a sound via the iOS / Android Find My app, even by non-owners.

  5. Document the encounter. Note the MACs, fingerprint, first/last-seen, and observation count from the detail page.

  6. If serious, contact authorities. Local police can subpoena Apple / Tile / Samsung for the tracker owner's identity.

Distinguishing yours from theirs

The most common false alarm is your own AirTag. The diagnostic question is always does the tracker move with you? Use Hunt to confirm whether the same device reappears wherever you go; a tracker you carry every day will, but so will the AirTag on your own keys, so cross-reference against your known trackers before treating it as a follower.

What separated mode tells you

A tracker in "separated from owner" mode is broadcasting more aggressively than a tracker that's near its owner, typically every 2 seconds vs every 30+ seconds.

In the device detail you'll see:

  • findmy_separated alert fired
  • Adv interval ~2000 ms (not the longer idle interval)
  • The Find My state byte indicating separated mode

Persistent separated mode for many hours means the tracker has been away from its owner for that whole time. That's the situation that triggers multi_hour_follower.

A tracker fluctuating between separated and near-owner suggests its owner is moving in and out of range, they're nearby but maybe in a different room.

Common false positives

ScenarioWhat you seeWhy it's not a stalker
AirTag forgotten in a public placePersistent separated modeThe owner lost it, not you. Walk away, the alert won't follow.
Neighbor's AirTag through the wallSteady RSSI, doesn't move with youIt's static; you're moving past it.
AirTag in your car when you're not drivingMostly separatedIt's tagged to your vehicle, one of your own trackers.
Conference / co-working space trackersMultiple trackers, all separatedHigh-density public spaces have lots of forgotten trackers.

The diagnostic question: does the tracker move with you? Use Hunt to lock onto it, then check whether the same device reappears in a different location. If yes, it's following. If only one, it's stationary.

What about Apple's built-in detection?

Modern iPhones detect AirTags following you through iOS's "Items Found Moving With You" feature. AirLeak's detection is complementary, not a replacement:

AirLeakiOS built-in
Detects AirTag, Tile, SmartTag, FMDNAirTag and Find My accessories only
Surfaces forensic detail (MACs, RSSIs, timestamps) you can read liveJust an alert
Works alongside any phone via the appRequires iPhone, Apple ID
Includes a built-in proximity locator (Hunt)Locates via Find My

For Tile and SmartTag, AirLeak is one of the few tools available to consumers.

Reading the tracker's broadcast in detail

Open a tracker's device detail page. The Identifiers and Find My sections show the tracker's:

  • Fingerprint (stable across MAC rotation)
  • Public-key prefix (for AirTags / Find My accessories)
  • Separated state and UTP (unwanted-tracking-protection) flag
  • Vendor / Service UUID

Together with its persistent observation count, this is what backs the tracker alerts.

Don't panic on first alert

A single multi_hour_follower alert is rarely a stalker. Forgotten trackers in public places are common. If the alert fires, walk to a different location and come back. If the same tracker reappears wherever you go, that's when to act.