Interoperability and Security Changes in Android Quick Share and Apple AirDrop
Google has introduced a new feature that enables its Android Quick Share tool to interoperate with Apple’s AirDrop, allowing file sharing between the two platforms for the first time. This functionality is currently limited to Google’s Pixel 10 smartphone and requires iOS users to enable the 'Everyone for 10 minutes' mode on AirDrop, which temporarily makes their device discoverable to anyone nearby. Both companies have highlighted the convenience of cross-platform sharing, but security concerns remain, as these modes can expose users to unsolicited or potentially malicious file transfers. Organizations often mitigate these risks by disabling such features through mobile device management solutions.
In parallel, Apple is testing a new AirDrop feature in its iOS beta that introduces PIN pairing, allowing users to share files for up to 30 days without needing to be in each other's contacts. This change aims to enhance usability but may also introduce new security considerations, as it extends the window during which devices are open to file sharing from non-contacts. Both developments reflect ongoing efforts by Google and Apple to balance ease of use with the need to protect users from abuse and unauthorized file transfers.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Google adds AirDrop compatibility to Android Quick Share
Google linked Android's Quick Share with Apple's AirDrop, enabling file sharing between Android devices and iPhones without requiring Apple's direct participation. Reports described the implementation as using Rust-hardened security and initially highlighted Pixel-to-iPhone sharing.
Apple adds AirDrop PIN pairing in new iOS beta
A new iOS beta introduced AirDrop PIN pairing, allowing users to share files with people outside their contacts list and keep the pairing active for up to 30 days.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Google enables Pixel-to-iPhone file sharing via Quick Share, AirDrop
bleepingcomputer.com
Open sourceGoogle links Android’s Quick Share to Apple’s AirDrop, without Cupertino’s help
go.theregister.com
Open sourceGoogle Brings AirDrop Compatibility to Android's Quick Share Using Rust-Hardened Security
thehackernews.com
Open sourceAirDrop PIN Pairing Arrives: New iOS Beta Allows 30-Day File Sharing Without Contacts
securityonline.info
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AirDrop and Quick Share flaws expose billions of devices to nearby attacks
Researchers at the CISPA Helmholtz Center for Information Security disclosed six proximity-based vulnerabilities in Apple AirDrop and Google/Samsung Quick Share that could be exploited by attackers within wireless range or on the same local network. The issues include three denial-of-service flaws in AirDrop affecting privileged sharing and parsing components on macOS and iOS, two authentication and encryption bypass flaws in Samsung's Quick Share on Android, and a use-after-free bug in Google's Quick Share client for Windows that could potentially be exploitable. The findings show that both ecosystems expose significant pre-authentication attack surfaces despite using different implementations. Apple has reportedly fixed one AirDrop flaw and assigned a non-public `CVE`, while Google has patched the Windows Quick Share bug and issued a bounty, with its `CVE` still pending. The remaining Apple issues and the Samsung Quick Share flaws are still under coordinated disclosure or investigation, and no in-the-wild exploitation has been reported. Researchers also released a custom fuzzer, crash scripts, and protocol notes to help validate the bugs and support further testing across nearby-sharing features used on roughly five billion devices.
Jun 30, 2026
Mobile OS Privacy Features and Advice Content Around Data Privacy Day
Apple rolled out a new iOS feature on select recent **iPhone** and cellular **iPad** models that, when enabled, reduces the precision of location data shared with a user’s **cell carrier**, aiming to make it harder for law enforcement, spies, and criminals to obtain precise location via telecom providers. Apple said the change does not reduce location precision shared with apps or with first responders during emergency calls, and initial support is limited to specific devices on **iOS 26.3** and a small set of carriers in markets including Germany, Thailand, the UK, and the US; the move lands amid ongoing concerns about carrier targeting and telecom surveillance, including reported China-linked intrusions into major US carriers. Samsung separately described an upcoming **Galaxy** privacy feature intended to mitigate “shoulder surfing” by obscuring on-screen content in public settings, with configurable visibility controls for apps, sensitive entry fields, and notification pop-ups. A third item is a **generic privacy tips** article tied to Data Privacy Day that recaps Apple ecosystem features (e.g., Safari anti-tracking, a Passwords app, Hide My Email, and app hiding/locking) rather than reporting a specific new security event or disclosure.
Jun 29, 2026
Recent Security Features and Best Practices for Consumer Devices and Services
Several recent updates and advisories highlight new security features and best practices for consumer devices and services. *elementaryOS 8.1* introduces Secure Session as the default, enhancing privacy by requiring explicit app permissions and improving support for modern hardware. Android 16 now offers an Advanced Protection mode, which consolidates Google's strongest security and privacy features, blocking sideloading, spam, unsafe links, and insecure networks, though it must be enabled manually. Additionally, enabling Private DNS mode on Android encrypts DNS queries, protecting users from eavesdropping on public networks. For iPhone users, a shortcut can be configured to trigger the device's camera and location sharing via text, providing a rapid recovery option if the phone is lost or stolen. Passwordless authentication is gaining traction, with passkeys allowing users to sign in securely without traditional passwords, reducing phishing risks and simplifying cross-device access. The TSA has also reiterated warnings about the risks of public Wi-Fi and USB charging stations at airports, advising travelers to use VPNs and power-only cables to avoid data theft and malware. For organizations using Google Workspace, the Passwd password manager offers enterprise-grade encryption, zero-knowledge architecture, and compliance features, ensuring secure credential management within the Google ecosystem. These developments reflect a broader industry trend toward stronger, user-friendly security measures and increased awareness of digital hygiene for both individuals and organizations.
Jun 29, 2026