Viral videos circulating on TikTok have ignited fears of a new iPhone scam involving AirDrop, falsely claiming that thieves can steal users’ card details through the file-sharing feature. These videos allege that iPhone users who have AirDrop enabled are vulnerable to a “walk-by tap-attack,” where a stranger could surreptitiously extract their financial data. This claim, however, is entirely baseless and technically impossible. While AirDrop allows for quick file sharing between nearby devices, its functionality is restricted in several crucial ways. First, while the feature can be toggled on for extended periods, its active range for interaction with non-contacts is limited to a brief 10-minute window. After this period, AirDrop only functions with devices listed in the user’s contacts. Secondly, and most importantly, the sensitive card data stored within Apple Wallet or Apple Pay is not shareable via AirDrop or any other means. This information is encrypted and securely locked down, preventing any unauthorized access or transfer.
Apple emphasizes the robust security measures implemented within Apple Pay, asserting that it is even safer than using a physical wallet. Unlike traditional cards, Apple Pay does not store the actual card numbers on the device. Instead, when a card is added to Apple Wallet, the issuing bank provides Apple with a unique Device Account Number (DAN). This DAN is then encrypted and stored within a dedicated Secure Element, a hardware component specifically designed for secure data storage. This isolated storage ensures that the DAN remains inaccessible to the operating system (iOS), Apple’s servers, and iCloud backups, effectively shielding it from potential threats. Furthermore, any Wallet data transmitted over the internet, such as transaction information, is encrypted during transit and stored in an encrypted format on Apple’s servers, adding another layer of security. While AirDrop has been associated with other types of malicious activities, such as phishing attempts and unsolicited explicit content (cyberflashing), the notion that it can be exploited to steal financial details is categorically false.
The misinformation appears to stem from a misinterpretation of Apple’s NameDrop feature, introduced in 2023. NameDrop facilitates the convenient exchange of contact information between devices in close proximity. However, this feature is exclusively designed for sharing contact cards and cannot be used to transfer any other type of data, including financial details. The false narrative surrounding AirDrop’s supposed vulnerability has gained traction on TikTok, fueled by user-generated content that misrepresents the feature’s capabilities. This spread of misinformation coincides with ongoing scrutiny of TikTok’s data security practices and its ties to the Chinese government.
The US government is currently pursuing a ban on TikTok, citing national security concerns related to data privacy and the platform’s ownership by the Chinese company ByteDance. Lawmakers from both political parties have expressed support for legislation that would prohibit the app’s use by all 170 million US users unless ByteDance divests its ownership of TikTok. Despite TikTok’s legal challenges and assertions that the proposed ban is unconstitutional, a US court recently rejected the platform’s attempt to block the legislation. This development has led TikTok and ByteDance to appeal to the US Supreme Court in a bid to prevent the nationwide ban from taking effect.
In its filing to the Supreme Court, TikTok argued that the ban would infringe on freedom of speech by silencing the millions of Americans who utilize the platform for various forms of expression, including political discourse, commerce, artistic expression, and other matters of public concern. The platform further emphasized the potential disruption caused by the ban, particularly its proximity to the 2025 presidential inauguration. The ban is slated to come into effect on January 19, 2025, unless ByteDance sells TikTok before that date.
The proliferation of misinformation regarding AirDrop and financial security highlights the potential for false narratives to rapidly spread on social media platforms. It underscores the importance of critical thinking and verifying information from reliable sources before accepting and sharing claims that may appear sensational or alarming. In this case, the reality is that Apple Pay and Apple Wallet are designed with robust security measures that protect users’ financial data, and AirDrop’s functionality does not allow for the unauthorized transfer of sensitive information like card details. The spread of this false narrative, however, coincides with broader concerns about data security and the potential influence of foreign governments on social media platforms, as exemplified by the ongoing legal battle surrounding TikTok’s future in the United States.
