Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up.

Chinese authorities recently said they’re using an advanced encryption attack to de-anonymize users of AirDrop in an effort to crack down on citizens who use the Apple file-sharing feature to mass-distribute content that’s outlawed in that country.

According to a 2022 report from The New York Times, activists have used AirDrop to distribute scathing critiques of the Communist Party of China to nearby iPhone users in subway trains and stations and other public venues. A document one protester sent in October of that year called General Secretary Xi Jinping a “despotic traitor.” A few months later, with the release of iOS 16.1.1, the AirDrop users in China found that the “everyone” configuration, the setting that makes files available to all other users nearby, automatically reset to the more contacts-only setting. Apple has yet to acknowledge the move. Critics continue to see it as a concession Apple CEO Tim Cook made to Chinese authorities.

↫ Dan Goodin at Ars Technica

The most damning aspect of this story is that Apple has been aware of this vulnerability in AirDrop since 2019, and has not addressed it in any way. The use of AirDrop by dissidents in China to spread critique of the Chinese government has been well-known, so it’s not entirely unreasonable to conclude that Apple has been weary of closing this security vulnerability in order to not offend China – as further evidenced by the sudden changes to AirDrop as mentioned above.

What’s going to be interesting now is what Apple is going to do about this. Are they going to finally address this security hole, and thereby risking offending China? Will it fix the hole, but only in non-totalitarian countries? Will it just leave it open? Whatever they do, they’ll end up offending someone.

2 Comments

  1. 2024-01-13 3:33 am
  2. 2024-01-15 9:36 am