"Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up" 12 January 2024

Chinese authorities recently said they're using an advanced encryption attack to de-anonymize users of AirDrop in an effort to crack down on citizens who use the Apple file-sharing feature to mass-distribute content that's outlawed in that country.

According to a 2022 report from The New York Times, activists have used AirDrop to distribute scathing critiques of the Communist Party of China to nearby iPhone users in subway trains and stations and other public venues... [W]ith the release of iOS 16.1.1, the AirDrop users in China found that the "everyone" configuration, the setting that makes files available to all other users nearby, automatically reset to the more limited contacts-only setting. Apple has yet to acknowledge the move. Critics continue to see it as a concession Apple CEO Tim Cook made to Chinese authorities...

...According to the TU Darmstadt researchers, Apple has known since at least 2019 that AirDrop leaks the real-world identities of users. To this day, however, Apple has never publicly discussed or acknowledged any aspect of the leakage, including whether the company has plans to replace AirDrop’s hash-based [private set intersection] PSI with a more secure PSI, such as one devised by the researchers. Apple representatives didn’t respond to an email Thursday asking once again if it was aware of the leakage and if it has any plans to plug it...

...For now, there’s nothing AirDrop users can do to prevent their phone number and email address from being leaked, short of configuring the feature to “receiving off” and never initiating a send. Any protection beyond that will require the active participation of Apple, which so far has maintained radio silence on the topic.