Apple (AAPL) talks a good game on privacy when the rest of the tech industry continues to fumble—with Facebook (FB) at the top of the list based on recent headlines. Most of the time those words come backed by sound and smart design choices, but then there’s AirDrop.
Almost five years after AirDrop’s debut on iPhones in Apple’s iOS 7 release, this file-sharing feature continues to enable abusive behavior by creeps who enjoy sending unsolicited photos to nearby strangers.
Phrased more bluntly: AirDrop helps creeps send explicit photos to unknowing iPhone users.
Apple seems uninterested in fixing this (the company declined to comment on the record for this story) and instead keeps telling its customers to change their settings.
How AirDrop can dupe you
AirDrop’s default setting, which only lets people already in your contacts list send you files, isn’t the problem. But if you spend enough time with other people who use iPhones, you’ll probably find somebody not in your contacts list offering to share a file via AirDrop.
For example, Donald Glover used AirDrop to give away shoes at Coachella. And after my daughter’s Brownie troop had an event at our neighborhood’s Apple Store two weeks ago, the staff offered to AirDrop pictures of the kids to the parents on hand.
My wife was unable to take them up on this offer, since she uses an Android phone. But anybody with an iPhone would have only had to switch AirDrop to accepting files from “Contacts Only” to “Everyone,” either via the iOS Control Center or in the Settings app under the General heading.
And from then on, AirDrop would remain open to accepting a file from anybody with an AirDrop-compatible Apple device (not just iPhones, but newer iPads and Macs) within Bluetooth and WiFi range. And when a file arrives, AirDrop splashes a preview of its contents across the phone’s screen.
The predictable result: Creepy guys exploiting this to send photos of a particular body part to iPhones, especially those whose names suggest they’re used by women. It seems to happen most often on crowded trains, but in 2017, a friend had this happen on an airplane.
Unfortunately, the flight attendants she summoned for help were unable to locate the offender and transfer him to the cargo hold.
How Apple could fix this
Apple’s response every time—see, for instance, this April 6 @AppleSupport tweet—has been to remind iPhone users that they can switch AirDrop back to “Contacts Only” or to “Receiving Off.” That’s not good enough.
AirDrop’s architecture enables this abuse, and telling targets of it to change how they use this feature is a lame response.
The simplest fix would be to have AirDrop’s Everyone setting expire after a few minutes—the suggestion cybersecurity consultant Ken Munro offered to the BBC in 2015 after what appears to be the first reported case of “cyber flashing."
That’s exactly how an older form of wireless file sharing, Bluetooth, starts: You set your device to be discoverable briefly by any nearby Bluetooth devices. Alas, Apple doesn’t support Bluetooth file transfer on iOS.
Caroline Sinders, a design researcher and a fellow with the Mozilla Foundation and Harvard University’s Kennedy School of Government, pointed to how Instagram handles photos sent in direct messages from strangers. That app presents a dialog saying the other person wants to send you a message, and tapping the “Allow” button only shows a generic photo icon that you have to tap again to view.
“Having a few more steps for consent is helpful and safe,” she wrote in an email.
Memo to Apple: Falling behind Facebook in combating digital abuse is not a place you want to be.
The whole tech industry needs to do better
Seeing Apple fail its users here is especially maddening when this company keeps touting how it, unlike those other evil tech companies, puts the privacy and security of its customers first.
But the entire tech industry has a huge problem in failing to consider the possible abuses of its work and then leaving too much of the damage control to individual users.
That reflects not just a lack of imagination but a lack of diversity: If your development teams remain dominated by men who never have to deal with the sexist behavior of other men, it’s easy to wind up with products that unintentionally enable that behavior.
“People design from what they know and the users they interview,” Sinders said. “It’s not rocket science that tech, and big tech, keeps amplifying and recreating bias when you look at whose experiences they are designing from and whose personal experiences are being elevated.”