According to the good folks at Apple, they don’t just make products — they design ecosystems. This isn’t just spin, either. True to its word, Apple’s products, software, and services work harmoniously to immerse users in an environment where all of their devices talk to each other without any hiccups. As one of the company’s old slogans goes: “It just works.”
And that may be true most of the time, but where Apple excels at making compatible devices, it sometimes overlooks important details that can undermine the integrity of its products. A perfect example is a recent discovery that AirDrop, a popular sharing feature on iOS, can potentially broadcast your phone number, AppleID, and email.
If Apple is serious about its commitment to “privacy and security,” this issue requires immediate attention from both the company and the public at large. If you ever use AirDrop to share content with other devices, we have more info about how to secure your phone, as well as the data you might accidentally be broadcasting to everyone around you.
Airdrop doesn’t just put content into the air
A new report from Ars Technica is detailing how security researchers spotted a vulnerability in Apple’s popular AirDrop — which allows users to instantly broadcast content to any nearby Apple devices. Unlike text messaging, AirDrop uses Bluetooth — which has the benefits of a more robust connection that isn’t dependent on proximity to a cell tower.
What was discovered, however, points to an issue with other data that AirDrop includes with each item you share. Researchers found that when Bluetooth and AirDrop are enabled, a partially “hashed” code that contains private information like your phone number, AppleID, and email is sent to every iPhone in the immediate area.
“Hashed,” in this case, means that the data is encrypted — but not in such a way that it’s impossible to break open.
In a worst-case scenario, a smart hacker could easily siphon up the private phone numbers of people in a crowded area like a train or public square. This information could then be used to harass, bully, or blackmail a victim into submission or worse.
How can I stop AirDrop from sharing this data with strangers?
Let’s give Apple credit where it’s due: The company does, at least, seem to be aware of the fact that it’s distributing this information over AirDrop — which is why the data is encrypted, to begin with. If anything, this discovery suggests that the issue is more to do with the way AirDrop works than malice or incompetence.
That said, there are a few steps you can take to make sure you’re not accidentally sharing your phone number with everyone on the bus (or receiving unknown content from strangers, for that matter.)
To disable AirDrop, open your Settings app, select General, and tap AirDrop on the next page. In here, you’ll see the options to disable AirDrop altogether, turn it on for everyone, or just leave it for your contacts only.
I personally prefer the “Contacts Only” option, since it allows me to get the benefits of the feature — and the data being shared goes to people who already know me in the first place. If you wish to completely disable the feature, just tap Receiving Off.
To turn Bluetooth off, simply swipe up from the bottom of your phone’s screen (or down from the top-right if you’re on an iPhone X or above) and tap the Bluetooth Rune Icon. When it appears white, this means Bluetooth is disabled.
Over and above these precautions, one of the strongest steps you can take to keep your phone safe is to keep your internet use restricted to a private network that can’t be accessed from the outside.
This is why Virtual Private Networks, or VPNs, have become so popular for security-minded internet users. We recommend our sponsor ExpressVPN to help you safeguard the precious data you carry with you everywhere. Get three months free when you sign up for one year at ExpressVPN.com/Kim.