Researchers claim that nearly 1.5 billion users are at risk of having their email addresses and phone numbers exposed to strangers through Apple's AirDrop. However, Apple has not yet acknowledged that there is something wrong with their file-sharing feature.

AirDrop May Be Sharing More Than Just Your Files

AirDrop is one of the most popular features used by many iPhone, iPad, and Mac users worldwide.

With the help of this service, you can share practically any file. Whether it's a picture, video, presentation, or document, Apple users can send it from one device to another via this built-in file-sharing tool.

Related: How to Turn On AirDrop on Your Mac and iPhone

However, it turns out that, according to researchers, AirDrop is not as secure as everyone thinks it is.

As outlined in a research paper, researchers from the Technical University of Darmstadt have discovered an AirDrop privacy leak that puts personal information at risk when sharing files between Apple devices. The researchers claim:

As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.

The discovered problems are rooted in Apple's use of hash functions for "obfuscating" the exchanged phone numbers and email addresses during the discovery process.

So, when the AirDrop feature is enabled on your device, anyone standing nearby can discover your phone number and email address. And the worst part is that it even doesn't require you to be the initiator of the file transfer.

Related: AirDrop Not Working? Fix It Fast With These Tips

According to the researchers, even if you only allow your device to connect with your contact list to share files through AirDrop, it's still possible for someone to get hold of your personal details.

There May Be a Solution to the AirDrop Security Flaw

The same TU Darmstadt researchers that discovered this AirDrop issue have already come up with a possible solution called PrivateDrop. But they haven't yet released many details about it.

PrivateDrop is based on "optimized cryptographic private set intersection protocols that can securely perform the contact discovery process between two users without exchanging vulnerable hash values."

Maybe Apple Will Now Fix the Issue

This is not the first time this AirDrop issue has been reported on. The German researchers reportedly informed Apple about the problem back in May 2019. However, the Cupertino-based company hasn't yet acknowledged the problem. Let alone fix it.

Until Apple rolls out a solution to the AirDrop flaw, it's recommended to keep this tool disabled when not using it. You can do this by clicking Settings > General > AirDrop > Receiving Off.