There’s been a lot of fear-mongering surrounding Apple’s AirDrop feature circulating social media. But is any of it warranted?
Featured Video
TikToker @the_journey76 is contributing to the alarm, cautioning folks against keeping AirDrop enabled. According to him, Apple Pay users with AirDrop toggled on are rendering themselves susceptible to financial identity theft.
In a viral post that’s accrued over 1.1 million views, he urges folks to disable AirDrop. Comments who replied to his video were a mixed bag. While some expressed their dubiousness of the file-sharing tech, others said stealing Apple Wallet data with it is nearly impossible.
Beware AirDrop?
The TikToker begins, “If you are an Apple, an iPhone user. This new update is definitely something that you’re gonna want to listen now.”
He continues, “If you’ve had any kind of scams in the past. You’ve had anything purchased off of your cards. If you’ve done anything with Apple Pay from your wallet, you’re gonna want to go into your generalized settings. Just go into settings, go to general, and turn off AirDrop.”
Next, he details how to disable AirDrop settings to his viewers: “Under the AirDrop setting, you’re gonna scroll down a little bit. And you’re gonna see where it says sharing. Toggle that off. Do yourself a favor. Do not get caught up in this mess.”
Why? He claims people can “walk past you now and from one iPhone to another using that AirDrop setting, they can get all of the cards in your wallet. In your Apple Wallet.”
The TikToker appears to want to err on the side of caution, stating he’d rather be safe than sorry.
AirDrop doesn’t connect to Apple Pay
The Daily Dot has previously reported on claims circulating social media about this purported AirDrop security flaw. However, there is a fundamental misunderstanding of the way AirDrop works. There’s no indication that Apple Pay settings are in any way accessible via AirDrop’s device-to-device communication methods.
Furthermore, Apple Pay/Wallet information stored on user’s phones is encrypted. Moreover, they’re also stored in a section of the phone that isn’t accessible via the device’s file management/browser system. This means there isn’t any way to transfer or request a transfer of financial information stored on an iPhone via AirDrop.
So why do there seem to be so many posts about these potential security flaws? It appears to have to do with a number of worrisome reports issued in response to a 2023 iOS update.
AirDrop requests
Law enforcement officials in Massachusetts referenced the update’s Name Drop feature as a potential threat. After the iOS 17.1 update was released, many users had Name Drop enabled by default. This allowed iPhone users to scan their immediate area for other iPhone users. Consequently, they were able to send file requests to the user. Furthermore, they could also request contact card information with this functionality.
However, the user on the receiving end of this request still needs to accept this request. For the potential con artist in question to obtain the financial data of their target requires several hoops. Let’s say one does accept a request to accept a file from a scammer. That scammer would need to push a file that, let’s say, upon acceptance, immediately installs software that grants remote access to an iPhone user’s phone.
This would need to be an intricately developed piece of software that could somehow break through a trillion-dollar company’s encryption. Another scenario: you accept a Name Drop request and you include all of your banking information in your contact card information. This is something you’d have to do manually and if you’re in the habit of doing that, you should: A.) stop and B.) ask yourself, “Why?”
Remote device control
Moreover, the latest iOS 18.1 update allows users to grant remote access to their devices via FaceTime. Again, however, this is a permission that needs to be granted to someone who is requesting access. Additionally, this access can be revoked at any time during a FaceTime call. It isn’t as if all of your financial information is readily seen upon opening Apple Wallet, either.
So you would have to have a document on your phone with all of your financial information clearly visible. This means a scammer would have to ask for screen sharing or remote access on your phone. Subsequently, they’d have to access this document with all of your financial information. Which is only going to be there if you have a file like this on your phone.
It appears that most of @the_journey76’s fears can be allayed with a simple premise: don’t grant access to random AirDrop user requests. Furthermore, if you do, revoke their access immediately. Also, you can head to your iPhone’s AirDrop settings and only allow requests from users who are in your contacts list. This will prevent strangers from clocking your iPhone out in public and sending your AirDrop requests.
TikTokers are scared
Several who responded to @the_journey76’s post appeared concerned by his messaging. One person, alarmed by the cautions surrounding iPhone functionality, said they’ve severely limited the functionality of their device. “I have turned off everything to the point that my iPhone is just a calculator,” they said.
Others say they’re leery of utilizing Apple Pay for fear of having their financial data stolen. “That’s why I don’t use Apple Pay and I don’t connect no cards to my phone,” they wrote.
Someone else wrote, “I don’t use Apple wallet. My friend who is a IT guy said he would never use Apple Wallet, that was enough for me to never set it up.”
“Mine is always off. And I don’t use Apple wallet,” another remarked.
However, others countered the claims. “This is not true, it is not that easy,” one penned.
Another reminded users that AirDrop requests must always be accepted from the target user. “No they can not you have to hit accept,” one said.
And someone else said it’s easier to steal from physical cards with tap-to-pay functionality than Apple Pay. “Doesn’t work like that. It is easier to get your money if you [use] the physical card with the tap feature in your pocket,” they wrote.
The Daily Dot has reached out to Apple via email and @the_journey76 via TikTok comment.
Internet culture is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here. You’ll get the best (and worst) of the internet straight into your inbox.
