AirDrop & Nearby Share Privacy Risks: What You Need to Know

You are on a crowded train. Your phone buzzes with a notification: someone nearby wants to send you a file. You did not ask for it. You do not know who sent it. But they already know your name.

This is the reality of proximity file sharing features like Apple's AirDrop and Google's Nearby Share (now called Quick Share). They are incredibly convenient for sharing photos with friends or transferring files between your own devices. But when left with default settings, they turn your phone into a billboard that broadcasts your identity to every stranger within Bluetooth range.

How AirDrop and Nearby Share Actually Work

Both features use a combination of Bluetooth and Wi-Fi to discover nearby devices and transfer files directly, without using the internet.

AirDrop (Apple)

• Uses Bluetooth Low Energy (BLE) to discover nearby Apple devices
• Establishes a peer-to-peer Wi-Fi connection for the actual transfer
• When set to "Everyone," your device name (often "John's iPhone") is visible to all Apple devices within roughly 10 meters

Nearby Share / Quick Share (Android/Google)

• Uses BLE, Wi-Fi Direct, and NFC to find nearby devices
• Supports sharing between Android phones, Chromebooks, and Windows PCs
• When set to visible to everyone, your device name and Google profile info can be exposed

The convenience is real. But so are the risks.

The Privacy Risks You Should Know About

1. Your Real Name Is Exposed

When AirDrop is set to "Everyone," nearby strangers can see your device name. Most people never change the default, which is usually "First Name's iPhone." That means anyone on the subway, in a coffee shop, or at a concert can learn your first name just by opening their AirDrop interface.

In 2019, security researchers demonstrated that AirDrop's discovery protocol leaked partial phone numbers and email addresses through hashed identifiers. While Apple has addressed some of these issues, the fundamental problem remains: your device name is broadcast openly.

2. Unsolicited and Inappropriate Content

AirDrop harassment became a well documented phenomenon, particularly on public transit in major cities. People received unsolicited images, including explicit content, from anonymous senders nearby.

Notable incidents:

• New York City subway riders reported waves of unsolicited AirDrop images, leading the city to consider legislation against "cyber flashing"
• Airlines have dealt with passengers AirDropping disruptive content to everyone on the plane
• In the UK, cyber flashing via AirDrop was made a criminal offense under the Online Safety Act 2023

3. Tracking and Surveillance

Researchers from TU Darmstadt found in 2021 that AirDrop's device discovery mechanism could be exploited to track individuals. By monitoring the hashed Apple ID values that devices broadcast, it was possible to identify and follow specific people in crowded areas.

4. Malicious File Delivery

While less common, there have been cases of attackers using proximity sharing to deliver:

• Phishing links disguised as shared contacts or files
• Malicious configuration profiles (particularly on iOS)
• Social engineering attacks that exploit the trust implied by a "nearby" sender

Real Incidents That Made Headlines

Year	Incident	Impact
2019	AirDrop phone number leak discovered by TU Darmstadt researchers	Affected all Apple devices with AirDrop enabled
2022	Protesters in China used AirDrop to share materials, prompting Apple to restrict the feature	AirDrop's "Everyone" mode limited to 10 minutes in China
2023	UK criminalized cyber flashing via AirDrop under Online Safety Act	Set legal precedent for proximity harassment
2024	Quick Share vulnerability allowed attackers to send files without user approval on some Android devices	Google issued security patch

How to Configure AirDrop Safely (Step by Step)

iPhone / iPad

1. Open Settings > General > AirDrop
2. Select "Receiving Off" or "Contacts Only"
3. If you choose "Everyone for 10 Minutes," it automatically reverts (Apple added this time limit globally after the China restriction)
4. Change your device name: Settings > General > About > Name (use something generic, not your real name)

Mac

1. Open Finder > AirDrop (or System Settings > General > AirDrop & Handoff)
2. Set "Allow me to be discovered by" to "Contacts Only" or "No One"

Android (Quick Share / Nearby Share)

1. Open Settings > Google > Devices & sharing > Quick Share
2. Set visibility to "Your devices" or "Contacts"
3. Turn off "Show notification" if you want to avoid prompts from unknown senders
4. Change your device name to something that does not reveal your identity

Windows (Nearby Share)

1. Open Settings > System > Nearby sharing
2. Set to "My devices only" or turn it off when not needed

When Proximity Sharing Is Not the Right Tool

AirDrop and Quick Share work great for sharing files with people standing next to you. But there are situations where they are the wrong choice:

Sharing with people you don't fully trust. At a conference, meetup, or any gathering where you want to share a link or document with acquaintances rather than close friends, proximity sharing exposes your device name and opens you up to receiving unwanted files in return.

Sharing sensitive content. Passwords, private documents, personal photos. If these get AirDropped to the wrong person by accident (and it happens more than you think), there is no way to recall them.

Sharing with people not physically present. Obviously AirDrop requires proximity, but many people default to iMessage or Messenger to share links that deserve more protection.

For situations like these, a password-protected link is a better choice. Services like LOCK.PUB let you wrap any URL, memo, or file behind a password. You share the link through any channel, and only someone with the password can access the content. No device names exposed, no accidental sends, and you can set the link to expire after a certain time.

Building Better Sharing Habits

The convenience of tap-to-share features is hard to resist. But a few simple habits can protect you:

1. Keep proximity sharing set to "Contacts Only" by default. Only switch to "Everyone" when you actively need it, and switch back immediately after.
2. Change your device name. "iPhone" is better than "Sarah Johnson's iPhone" from a privacy perspective.
3. Never accept files from unknown senders. If you receive an unexpected AirDrop request, decline it.
4. For anything sensitive, use a protected sharing method. A password-protected link via LOCK.PUB gives you control over who accesses your content, without exposing your device or identity.
5. Keep your OS updated. Both Apple and Google regularly patch proximity sharing vulnerabilities.

The Bottom Line

AirDrop and Quick Share are fantastic tools when used between trusted devices. The problem is that most people leave them wide open, broadcasting their names and accepting connections from anyone nearby.

Take two minutes to check your settings. Change your device name. Set discovery to "Contacts Only." And for sharing anything that matters, consider whether a password-protected link on LOCK.PUB might be a safer choice than beaming it through the air to whoever happens to be in range.

Your phone should not introduce you to strangers without your permission.