Bluetooth Tracking: How BLE Beacons Follow You

by
Dispatch #017 · Threat Briefing · Classification: Open

Bluetooth Tracking: How BLE Beacons Follow You Through Stores

There are small plastic devices mounted on the ceiling of the store you were in last week. They listened to your phone’s Bluetooth signal as you walked past. They know which aisle you entered first, how long you stood in front of the cereal, and whether you walked toward the checkout or circled back. You didn’t consent to this. You weren’t informed. Here’s how it works.

Dispatch filed by TINFOIL Intelligence Division · Permanent record

What BLE Beacons Are

BLE stands for Bluetooth Low Energy — a variant of the Bluetooth protocol designed for continuous, low-power broadcasting. Unlike classic Bluetooth (which requires pairing between devices), BLE allows one-way communication: a beacon transmits, and any BLE-capable device in range can receive the signal.

BLE beacons are small, inexpensive devices — typically the size of a coin or a deck of cards — that broadcast a unique identifier at regular intervals. They cost between $5 and $25 each. They run on button batteries that last one to three years. They require no wiring, no internet connection, and no maintenance. You mount them on a ceiling or shelf, and they broadcast until the battery dies.

The beacons themselves don’t collect data. They don’t “see” you. They don’t store information. They simply broadcast an identifier — a string of characters that says “I am beacon #4,271 and I am right here.”

Your phone does the rest.

How the Tracking Works

When your phone’s Bluetooth is enabled — and on most modern smartphones it is enabled by default, even when you think it’s off — your phone continuously scans for BLE signals. This is how your phone finds nearby AirPods, detects AirTags, connects to smartwatches, and maintains the “Find My” network.

When your phone detects a BLE beacon, it receives the beacon’s identifier and measures the signal strength (RSSI — Received Signal Strength Indicator). Signal strength correlates with distance: a stronger signal means you’re closer to the beacon. By deploying multiple beacons throughout a space and measuring which beacons your phone detects and at what strength, a system can triangulate your position within the space to approximately 1–3 meter accuracy.

The Data Flow

Step 1: Beacons mounted throughout the store broadcast unique identifiers.

Step 2: Your phone detects nearby beacons via BLE scanning.

Step 3: If you have the store’s app installed (or any app using their analytics SDK), the app reads the beacon identifiers and signal strengths and transmits them to the analytics platform.

Step 4: Even without a store app, some platforms use the phone’s Bluetooth MAC address or advertising identifier — detected by the store’s own BLE receivers — to track movement. In this model, the store’s infrastructure listens for your phone’s Bluetooth broadcasts rather than relying on your phone to listen for beacons.

Step 5: The analytics platform assembles a path: entrance → produce aisle (45 seconds) → cereal aisle (2 minutes, stopped at eye level) → checkout. This is your “customer journey,” mapped to the meter.

What They Measure

Metric · What It Means · How It’s Used
Foot traffic
Total number of Bluetooth-enabled devices detected in the store over time. Used to measure store traffic patterns, peak hours, and the effectiveness of advertising campaigns at driving physical visits.
Dwell time
How long you spend in a specific area — an aisle, a display, a department. Longer dwell time at a display is interpreted as higher engagement. Displays that generate low dwell time get changed. This is A/B testing applied to physical retail, using your body as the data point.
Path analysis
The sequence of zones you move through. Do customers go to produce first or packaged goods? Do they visit the electronics section before or after clothing? Path data informs store layout, product placement, and the positioning of high-margin items along the most-traveled routes.
Return visits
If your phone’s Bluetooth identifier is consistent between visits (and it often is), the system tracks how frequently you visit, on which days, and whether your path through the store changes over time. This is loyalty analytics without a loyalty card — you’re enrolled by carrying your phone.
Conversion zones
Correlating foot traffic with point-of-sale data reveals which store zones lead to purchases and which don’t. If 80% of people who dwell in the wine section for 2+ minutes buy a bottle, the store knows that dwell time threshold predicts conversion — and optimizes for it.
You didn’t sign up for a loyalty program. You didn’t download the store’s app. You walked into a building with your phone in your pocket, and a network of $10 devices mapped your movement through every aisle. This is the ambient surveillance infrastructure that exists in the background of your daily life.

Where This Is Deployed

BLE beacon tracking is not experimental or rare. It is deployed at scale across retail, hospitality, transportation, and commercial real estate. Major analytics platforms — including those from companies you’d recognize — provide turnkey beacon infrastructure to retailers worldwide. The technology has been commercially available since Apple introduced iBeacon in 2013.

If you’ve been in a major retail chain, a shopping mall, an airport, a museum, a stadium, or a conference venue in the last five years, you’ve almost certainly been tracked by BLE beacons. The beacons are small enough to be invisible — mounted in ceiling fixtures, shelf edges, or behind signage. There is no legal requirement to inform you they’re there in most U.S. jurisdictions.

What You Can Do

Turn off Bluetooth. The most direct countermeasure. If Bluetooth is disabled, your phone doesn’t broadcast BLE signals and doesn’t respond to beacons. However: on both iOS and Android, turning off Bluetooth via Control Center / Quick Settings does not fully disable BLE scanning — it disconnects active Bluetooth connections but allows passive scanning to continue for features like Find My and location services. To fully disable BLE, you must go to Settings → Bluetooth and toggle the master switch off. Even then, some system-level scanning may persist.

Disable location services for apps. Apps that use beacon data require location permissions. Revoking location access for retail apps prevents them from reading beacon identifiers — though it doesn’t prevent the store’s own infrastructure from detecting your phone’s Bluetooth broadcasts.

Use a Faraday pouch. A properly engineered Faraday bag blocks all wireless signals, including BLE at 2.4 GHz. Phone in pouch = no Bluetooth broadcast = no beacon detection. This is the only method that provides complete signal isolation regardless of software settings or OS behavior.

Leave your phone elsewhere. The simplest solution. If the tracking device isn’t in the building, it can’t be tracked in the building. Impractical for most people, but technically perfect.

The Bigger Picture

BLE beacon tracking is one layer of the ambient surveillance infrastructure that Dispatch #002 mapped at the frequency level. Your phone’s Bluetooth broadcast is one of the 30+ simultaneous RF signals your body is transparent to at any given moment. Each signal serves a function — and many of those functions involve tracking your location, behavior, or identity.

Bluetooth beacons are worth understanding specifically because they demonstrate how RF signals create surveillance capabilities that most people don’t know exist. You can’t see the beacons. You can’t feel the signal. You weren’t asked. The tracking happens passively, continuously, and at a scale that makes individual awareness almost irrelevant — which is exactly why individual awareness matters.

Dispatch #013 covered relay attacks — another case where a continuously broadcasting RF signal (your key fob) creates a vulnerability you didn’t consent to. The pattern is consistent: ambient RF signals, designed for convenience, create surveillance and security surfaces that operate without your knowledge or consent. Awareness is the first layer of defense. Signal management is the second.

Every wireless convenience is also a wireless vulnerability. Your phone’s Bluetooth exists so you can connect to headphones. It also exists — from the retail analytics industry’s perspective — so they can track you through stores without your knowledge. Same signal. Different purposes. Only one of them is yours.

Control Your Signal

Awareness is the first layer. Signal management is the second. TINFOIL products give you control over the signals closest to your body — including the ones being used to track you.

Browse Collections Dispatch #004: Faraday Guide Dispatch #002: RF Map