You’re most likely to encounter AirDrop in a public space when you’re blocking some random stranger from sending you a weird picture or greeting. But if you ever need to toss a file between devices — maybe that funny picture you just took of your friends at a bar — wait until you’re home, for security’s sake.
According to recent reports, an attacker can already sniff out more detail about you than you’re probably willing to give out simply because you have Bluetooth activated on your device. If you fire up AirDrop or use iOS’ handy feature that allows you to share a Wi-Fi password to a friend, an attacker could also extract your full phone number.
To Apple’s credit, this is more a problem with the technology that powers these features — Bluetooth LE — than any kind of vulnerability with AirDrop itself. And there are a few ways to address it, as Hexway notes in a blog post:
This behaviour is more a feature of the work of the ecosystem than vulnerability. We’ve detected this behaviour in the iOS versions starting from 10.3.1 (including iOS 13 beta).
Unfortunately, the only thing you can do is to turn off Bluetooth on your device. But also we noticed that the old devices (like all before iPhone 6s) are not sending BLE messages continuously even if they have updated OS version. They send only limited number of messages (for example when you navigate to the Wi-Fi settings menu) probably Apple does that to save battery power on an old devices.
It’s great advice if you don’t have any external devices you connect to your phone, such as a pair of wireless headphones or an Apple Watch. If you do, though, then you’ll probably want to leave Bluetooth on, even though doing so means that someone could easily grab your “phone status, Wi-Fi status, buffer availability, OS version, and so on,” as Hexaway describes.
That isn’t so bad, since that’s all relatively minor information that doesn’t really impact your day-to-day privacy.
I would still limit your use of AirDrop and Wi-Fi sharing in public spaces. While it’s unlikely someone is going to be sitting there with a laptop waiting to pull your phone number, there’s no reason you can’t wait to share information via Airdrop until you’re in a more private location. Otherwise, just send a text or an email.