Beacon security and privacy


Signals that are broadcast using BLE are considered public, meaning another mobile app can potentially use the signal for their own purposes. This is practice is known as piggybacking. However, beacon manufacturers have started rolling out features that prevent others piggybacking off your beacons. For example, Estimote have rolled out secure UUID which uses a mechanism called UUID rotation. Beacons with this feature change their ID at a fixed time interval on pattern that is safely stored in the cloud. This means that even if someone manages to sniff out the ID’s of your beacons, they are not able to piggyback off them as the ID’s keep changing and it’s not possible to identify the pattern.

Here are some of the most common beacon security myths:


In order for beacon technology to proliferate special consideration has to be given to the end users privacy. If consumers are constantly bombarded with unsolicited or low value content they are likely to delete your app or revoke location permissions. What’s more, companies leveraging beacon technology must be as transparent as possible and clearly explain to the user how you are going to use their location and what value they should expect from your app.

Here are some key recommendations related to privacy: