A brief reading actually surprises me to some extent. It would seem they actually brought on people who really know about security issues from strangers and rogue employees both. It looks as though the least amount of data needed to transmit the location is all that is handled off phone, and all of it is E2E.
It was bound to happen, and frankly I'd rather have access to these kinds of things and choose if/where to use them than to not. Provided stalker-detection remains the priority it appears to be currently.
The new Find My Device network on Android was designed with a strong focus on user security and privacy.
The network uses a crowdsourced approach to locate lost or misplaced devices and belongings, even when they are offline.
The location data reported by participating Android devices is end-to-end encrypted, ensuring Google cannot access or use the location information.
The network has "aggregation by default" as a safety feature, requiring multiple nearby devices to detect a Bluetooth tag before reporting its location to the owner.
The network also has protections to avoid contributing location reports when near the user's home address.
Rate limiting and throttling are used to prevent malicious real-time tracking, while still allowing the network to be useful for finding lost items.
The network is compliant with industry standards for unwanted tracking, triggering alerts on both Android and iOS devices.
Users have full control over which of their devices participate in the network and how.
The network design has undergone internal security testing and is part of Android's vulnerability rewards program.
Prioritizing user safety and privacy is an ongoing commitment as the team continues to improve the Find My Device protections.