> While AirDrop’s device-to-device communications channel is typically protected from third-party snooping by its own layer of security, that wouldn’t shield someone who may have been tricked into connecting with a stranger, perhaps by tapping on a deceptively named device in a list of contacts or by thoughtlessly accepting an unsolicited connection request. This step is required for the sender to be identified, according to security experts.
Apple already acted on this, didn’t they? AirDrop now defaults to off and you can only switch it on for ten minutes at a time – you can’t forget to switch it off again. When Apple implemented this change, I remember that they were criticised because people said they were doing what China wanted by cracking down on P2P communication. Now it’s the opposite situation but the same criticism.
I believe what they changed is the ability for "everyone" to discover you to a 10 minute toggle. It defaults to always being discoverable to your contacts.
I assume that it still broadcasts your hashes even in the contacts-only mode, so you'd need to turn receiving off to stop that. Or go a step further and disable Bluetooth entirely* when you don't need it.
* If you disable Bluetooth in the Control Center pulldown it won't actually disable Bluetooth or beacons. It just won't connect to devices. You need to go into Settings to actually disable Bluetooth.
Your phone isn't passively broadcasting hashes if it's just an AirDrop receiver no matter what mode it's in. This vuln only poses a privacy risk for those sending AirDrops.
I understand why they put it on a 10 minute time-out, but it still makes me slightly sad. Sending (or receiving!) goofy cat pics on the subway had its own kind of charm.
Apple already acted on this, didn’t they? AirDrop now defaults to off and you can only switch it on for ten minutes at a time – you can’t forget to switch it off again. When Apple implemented this change, I remember that they were criticised because people said they were doing what China wanted by cracking down on P2P communication. Now it’s the opposite situation but the same criticism.