Chinese Institute Claims It Cracked Apple's AirDrop to Uncover Sender Email Addresses, Phone Numbers

China's government has announced that it can now uncover the identities of Apple device owners who send messages and content using AirDrop, the company's wireless sharing protocol. A Chinese institute has found a way to decrypt the device log of an iPhone to reveal both the email address and phone numbers of users who send content via AirDrop. In the past, activists and dissidents have relied on AirDrop to anonymously send messages to other users in a manner that cannot be easily monitored.

According to a post shared on a Chinese government website (via Bloomberg) an institute in Beijing found that Apple stores the phone numbers and email addresses of users who have shared content via AirDrop on an iPhone's log files, which are encrypted. The Chinese institution was able to extract and analyse records from phones provided by law enforcement, according to the post.

Apple stores details such as an AirDrop sender's device name, their email address, and phone number in the form of hash values, according to the Chinese government. The institute used a detailed rainbow table — a table of reversed hashes — to access the encrypted data, which would then reveal the identity of the sender via their email address and their phone number.

Images shared by the Chinese government show details captured from an iPhone
Photo Credit: Beijing Municipal Bureau of Justice

The Chinese government also says that law enforcement has managed to identify "multiple suspects" in a case. The institute managed to achieve this by analysing both the sender's device and the receiver's device. It is currently unclear whether Apple plans to issue a patch that fixes the flaw identified by the government.

Bloomberg reported in 2022 that Apple limited the capability of its AirDrop wireless sharing feature as part of the iOS 16.1.1 update in China. While the US firm previously allowed users to receive files from all users, their contacts, or no one, the first option was reduced from an always-on mode to a limited 10-minute window. This limitation was later expanded to all iPhone models globally.

The detection method listed by the Chinese government suggest that both the sender's and receiver's smartphones are required in order to confirm the user identities. AirDrop wirelessly transfers data between Apple devices without requiring an Internet connection, while both devices do not need to be on the same Wi-Fi network. As a result, the cracking of AirDrop would allow the government monitor transfers that are difficult to track as they work without access to the Internet.