Google joins Bluetooth snoop pals with iBeacon rival tech Eddystone
Apple isn't the only one that wants to track your smartphone
Google has jumped on the Bluetooth Low Energy (BLE) beacon bandwagon with a set of open standards and software interfaces to give Apple's iBeacon a run for its money.
Apple rolled out iBeacon in 2013, and has been pushing it as a way for companies to do things like tracking potential customers' movements as they wander around retail stores.
Google sees lots of other uses for the Bluetooth-based tech, and to that end it has developed a new BLE beacon format that's cross-platform and available for anyone to use under the open source Apache 2.0 license.
Dubbed Eddystone – no doubt named after the famed Eddystone Point lighthouse on the northeast coast of Tasmania, Australia – the spec defines an extensible "frame format" that beacons can use to communicate with the world.
Google says Eddystone isn't a radical departure from the way some vendors have been implementing BLE beacons already. In fact, it says some of its partners have already built Eddystone-compliant beacons, and existing beacons can be upgraded to support the new format with a firmware update.
The idea is really to create a common format that supports versioning and is open enough to allow it to be easily extended with new features as vendors come up with them. To keep vendors from wandering too far afield, however, Google plans to introduce an Eddystone certification program in the near future.
Fair enough, so what about security? Security researchers have raised lots of red flags about BLE beacon security in the past. In particular, they say, most vendors' attempts to mask the uniquely identifiable properties of smartphones, such as MAC addresses, are ineffective – meaning it's easy for snoops to track individuals long-term.
The Chocolate Factory claims it's got that licked, via a security features called Ephemeral Identifiers (EIDs). While these sound an awful lot like the MAC address randomization used by other systems, Google says only authorized clients will be able to decode EIDs.
"EIDs will enable you to securely do things like find your luggage once you get off the plane or find your lost keys," Google's dev team said in a blog post. "We'll publish the technical specs of this design soon."
To accompany Eddystone, has also published a new Proximity Beacon API that allows developers to associate beacons with resources in the cloud, making it easier to batch-update a beacon fleet with the latest information without re-provisioning them by hand.
Nearer, my GOOG, to thee
The new beacon format is only one portion of what Google has in mind. Beacons aren't much good unless other devices can chat with them, and so the coders in Mountain View have also come up with a new API to make it easier to write apps that find and communicate with nearby devices.
Naturally enough, it's called the Nearby API, and it lets Android and iOS devices establish proximity to each other, discover each other's available services, and exchange messages with each other and with BLE beacons.
The tech sounds superficially similar to the Wi-Fi Alliance's Wi-Fi Aware program, which uses Wi-Fi hardware to establish proximity and trade short messages between devices, although in practice it uses a somewhat different approach.
"Nearby uses a combination of Bluetooth, Wi-Fi, and inaudible sound (using the device's speaker and microphone) to establish proximity," Google product manager Akshay Kannnan explained in a blog post.
As for privacy, the user must give explicit permission for apps to access the Nearby API, and Google doesn't necessarily store any personally identifying information if they do.
"Nearby doesn't use or require a Google Account. The first time an app calls Nearby, users get a permission dialog to grant that app access," Kannan said.
The online ad giant says it has already incorporated Nearby into a number of products, including Chromecast and games, and with the launch of Google Play Services 7.8, the API will become generally available to all Android and iOS developers. (For what it's worth, your humble Reg hack's Moto X running Android 5.1 is currently on Google Play Services 7.5.74.)
There is one tiny catch, though. Google Play Services 7.8 will only be available on Android 2.3 "Gingerbread" and above, meaning the approximately 0.3 per cent of Android devices that are still running lesser versions will be left out. ®
Sponsored: Becoming a Pragmatic Security Leader