Apple AirDrop and Android Quick Share are the kind of phone features you probably use without thinking much about them. You want to send a photo across the room. You want to move a file from your phone to your laptop. So you tap share, pick a nearby device and move on.
Now, new security research shows those handy nearby-sharing tools can also create a wireless opening around your phone.
Researchers at the CISPA Helmholtz Center for Information Security examined Apple AirDrop and Android Quick Share. They found six vulnerabilities across Apple, Samsung and Google implementations. The flaws include AirDrop crash bugs, Samsung Quick Share protocol issues and a Google Quick Share for Windows bug that could potentially lead to remote code execution.
BEFORE YOU CONNECT ANOTHER SMART TV, TABLET OR PHONE, LOCK IT DOWN
That can affect you in a very everyday way. Your phone may be sitting in your pocket at an airport gate, in a coffee shop or inside a packed conference room while it listens for nearby sharing requests. If a bad actor gets close enough, they could try to take advantage of that open wireless doorway before you even realize anything happened. So, before you leave AirDrop or Quick Share open again, here is what the research found and the settings worth checking now.
Free live CyberGuy class: Sick of Spam? Join us July 22.
Join us Wednesday, July 22, at 1 p.m. ET for a free CyberGuy Live class that will help you cut down on robocalls, spam texts, junk email and other unwanted messages. Kurt “CyberGuy” Knutsson will walk you step by step through simple ways to filter spam, clean up your inbox and recognize the messages that could put your personal information at risk. No technical experience is needed. You’ll also receive our spam-stopping checklist, and every registrant will get a link to the class recording afterward.
Reserve your free spot today at CyberGuyLive.com.
The researchers call this a proximity problem. AirDrop and Quick Share are built to find nearby devices without the usual setup of pairing first. That convenience is the whole point. It also means the sharing software has to listen before it fully trusts the other device.
According to the research, the affected protocols are used by more than five billion devices. Apple reports more than 2.2 billion active devices running the sharing service tied to AirDrop. Google reports more than 3 billion Android devices with Quick Share available system-wide or used as a default sharing tool on many phones.
The study found three AirDrop issues that could be triggered before authentication. It also found two Samsung Quick Share protocol flaws. In addition, researchers found one Google Quick Share for Windows use-after-free bug. Apple, Samsung and Google acknowledged the reports, according to the researchers.
Most phone attacks we talk about involve bad links, fake login pages or shady apps. This research points to a different kind of risk because it starts with physical proximity. A nearby attacker may not need your password. They may not need you to open a website either. In some cases, the target device only needs to be discoverable or in a sharing mode that listens for nearby devices.
That does not mean someone can grab every photo on your phone by standing next to you. The known flaws are narrower than that. Still, the research shows that file-sharing features sit closer to sensitive parts of the system than many of us realize. AirDrop interacts with Apple’s sharing service, which supports features beyond file transfers. Quick Share also moves through low-level networking and device-to-device connection steps. That is why bugs in this area deserve your attention.
The most immediate risk is disruption. Researchers found AirDrop bugs that could crash Apple’s sharing service. That service supports AirDrop and other continuity features.
On Samsung Quick Share, researchers found protocol weaknesses that could let an attacker manipulate connection behavior before full authentication. Another issue could allow certain control messages to be injected during an active transfer.
The Google Quick Share for Windows bug is more serious on paper. Researchers described it as a heap use-after-free issue and said Google awarded a bug bounty for it. The paper says this type of bug could potentially be developed into a full remote code-execution exploit.
Google told CyberGuy it has addressed the Windows issue. “We’ve patched the flaw identified for Quick Share for Windows. As a best security practice, users should always ensure they apply the latest security updates available for their device,” a Google spokesperson said.
For most phone owners, the daily takeaway is clear. Nearby sharing is useful, but you should avoid leaving your device open to everyone when you do not need it.
You should be extra careful with AirDrop or Quick Share when you are around a lot of strangers. That includes airports, trains, hotels and large events. These are places where a nearby attacker could sit close enough to reach many devices at once.
The risk goes up when your phone is set to receive from everyone. On iPhone, Apple says the “Everyone for 10 Minutes” setting reverts after 10 minutes if you are signed in to your Apple Account. If you are not signed in, it reverts to Receiving Off. That time limit helps. Even so, you should treat “Everyone” as a temporary setting. Turn it on only when you need it.
The good news is that a few quick settings checks can make your phone much harder for nearby strangers to reach. You can also review these iPhone and Android security settings for more ways to lock down your device.
Start with regular software updates. The researchers responsibly disclosed the findings, and fixes are underway across vendors. Install iOS, iPadOS, macOS, Android, Samsung updates, Google Play system updates and Quick Share for Windows updates as soon as they become available. Also check the apps or utilities tied to sharing on your computer. Quick Share for Windows was part of this research, so remember the PC side if you use Android-to-Windows transfers.
On iPhone, keep AirDrop limited unless you are actively using it. The safest everyday choice is Receiving Off or Contacts Only.
On a Samsung phone, Quick Share controls who can see your device and send you files nearby. The safest everyday choice is No one or Contacts only.
GOOGLE TURNS OLD PHONES INTO CLOUD SERVERS
A file request from a stranger should be a red flag. Even if the file name looks harmless, decline it. Attackers often rely on curiosity. They may use a funny photo name or something that looks like it came from a nearby event. If you did not ask for the file, decline the request.
If you are traveling or sitting in a packed public place, turn receiving off. This is especially helpful at airports, train stations and large events. You can still turn AirDrop or Quick Share back on when you actually need it. That small habit gives you more control over when your phone is visible.
If you use AirDrop or Quick Share to send personal files, slow down before you tap send. Check the recipient name carefully. When possible, confirm the device in person before sharing. Be extra careful with photos, tax documents, travel confirmations, medical forms, school paperwork or anything that includes your address, phone number or financial details. Avoid sending private files to devices with generic names like “iPhone,” “Galaxy” or “Laptop.” For sensitive documents, use a trusted cloud storage or file-sharing service where you can confirm the recipient, manage access and add password protection when available.
Nearby sharing often relies on Bluetooth and Wi-Fi to discover and transfer between devices. You do not need to turn both off all day. However, it is smart to disable sharing features when you are done. Also, skip random public Wi-Fi networks just because they look familiar. Your phone can do a lot in the background. Give it fewer chances to talk to strangers.
Strong antivirus software can help detect malicious files if you accidentally accept something you should not have. This is especially important on computers, since Quick Share for Windows was part of the research. Keep your security software updated and scan any file that looks suspicious before opening it. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
AirDrop and Quick Share are useful, and most of us will keep using them. I know I will. But this research is a good reminder that nearby sharing should not stay wide open by default. The issue comes down to convenience. Phone makers made file sharing feel effortless. That is great when you are sending vacation photos to family or moving a file to your laptop. It feels different when the same feature is listening in a packed airport, coffee shop or hotel lobby. What stands out to me is the range. A bad actor may only need to be close by. So, my advice is straightforward. Update your devices. Keep AirDrop and Quick Share limited to people you trust. Turn off receiving when you are in a crowd. And never accept a file request you were not expecting.
Should phones make nearby sharing harder to leave open in public places? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
Copyright 2026 CyberGuy.com. All rights reserved.
