Get the best of PhoneArena in your inbox!
Read Next

A flaw in AirDrop and Quick Share now threatens billions of iPhones, Android phones, and laptops

Apple has patched one of the three bugs, with two still to go.

Two iPhones showing the AirDrop sharing prompt on screen.
Two iPhones sharing a file over AirDrop, the feature now at the center of new security findings. | Image by PhoneArena
Security researchers have found flaws in AirDrop and Android's Quick Share that let someone nearby crash your phone's sharing features without touching it. The two systems run on phones like the iPhone 17 Pro Max, Galaxy S26 Ultra, and Pixel 10 Pro, and Apple has already patched one of the three AirDrop bugs. If you carry one of the best iPhones, here is what is going on.

A nearby laptop is all it takes


Researchers at the CISPA Helmholtz Center for Information Security took apart both AirDrop and Android's Quick Share and found six vulnerabilities across iPhones, Macs, Android phones, and Windows. A new report puts the reach at more than five billion devices.

All three AirDrop bugs do the same thing: A nearby attacker with just a Wi-Fi laptop within about 30 meters (around 100 feet) sends one malformed request that forces the background service running AirDrop to quit. Because that service also handles AirPlay, Handoff, Universal Clipboard, and Continuity Camera, all of them stop working at once.

Run on a loop, the attack keeps them offline until it stops, and no files are taken, since it only knocks the service out rather than pulling anything off your phone.



Recommended For You
Notably, the same weakness turned up on both, despite the two sharing almost no code.

How do you keep AirDrop or Quick Share set day to day?
0 Votes


What it means for iPhone and Galaxy owners


For most people this is more annoying than dangerous. Someone in range could keep your AirDrop or Quick Share offline for as long as it runs, which matters most if you move files with them all day.

Quick Share is not off the hook either. The researchers found two authentication bypasses in Quick Share, tested on a Galaxy S23 Ultra, plus a Windows memory bug Google has since patched. On a Galaxy S26 Ultra or a Pixel 10 Pro, it is the same feature we covered when Google pulled the always-on Everyone mode from Quick Share, and neither side comes out clean.

Who should care, and what you can do


The most exposed keep AirDrop or Quick Share open to Everyone, since that mode answers nearby devices before any prompt appears. If you only share with people you know, you are in a better spot.



Here's how to lower your exposure


  1. Open Settings on your iPhone, tap General, then AirDrop.
  2. Choose Contacts Only, or Receiving Off when you are not sharing.
  3. On your Android, open Quick Share and set visibility to your devices or contacts, not Everyone.

A patch is on the way, but check your settings now


Apple has fixed one of the three AirDrop bugs and given it a CVE, while the other two are still under coordinated disclosure, so the full fix is hopefully coming soon.

Still, a fix you have to wait on is a reminder that the Everyone setting does more than you think. I would set sharing to contacts only and forget about it, and I would love to see Apple and Google make that the default.

A couple more reads before you head out:
Recommended For You
COMMENTS (0)
Latest Discussions
by Tinamichelle • 2
by readdriver • 2
by ECPirate37 • 2