Should you drop ‘NameDrop’? Latest iPhone feature is raising privacy alarm bells
Police departments across the US are sounding the alarm about a new feature rolled out to iPhone and Apple Watch users with the latest operating system update. The feature, called ‘NameDrop,’ simplifies sharing contact information between nearby Apple devices, namely watches and phones. The ‘nearby’ qualifier is the key, as such sharing is only possible when the two Apple-born devices are within a few centimeters of each other.
NameDrop is enabled by default and available to all users who have updated to iOS 17.1 or watchOS 10.0. The very fact that the feature is automatically turned on has not gone down well with the US law enforcement, who have urged users to disable it ASAP, citing privacy concerns. So what exactly did rub them wrong? And is the feature really that bad for privacy? Let’s set the record straight.
False alarm or a real threat to privacy?
Over the last several days, a number of US police departments, including in Ohio, Florida, Pennsylvania, and Massachusetts, have been crying foul over the ‘NameDrop’ feature. Thus, the Middletown Division of Police in Ohio has posted a message on their FB page, calling on all iPhone users to turn ‘Name Drop’ off. The message was accompanied by a special plea to parents to make sure the feature is disabled on their children’s phones “to keep them safe as well.”
The warnings issued by the police and carried by the local media sounded ominous, but they did not go into much detail about what makes Apple’s new feature so dangerous in terms of privacy. If anything, one could assume that “holding phones together” was enough to transfer data and that no other action on the user’s behalf was required. This indeed would be scary: imagine, a cybercriminal approaches you, stealthily moves their phone closer to yours — and voilà, all your photos and all your contact information are in their possession.
However, this is simply not the case. The reality is that the feature requires both the user and the recipient of the contact information to agree to the transfer before it happens. That means that the user has to confirm the transfer on their phone, and the recipient has to accept the transfer on their device. Moreover, the phones should be positioned in a certain way relative to each other. Naturally, this makes accidental or malicious data exchange much less likely. So let’s go into more details as to how ‘NameDrop’ works exactly.
How NameDrop actually works
NameDrop allows you to share your contact information with a fellow iPhone or Apple Watch user. This information will include your contact photo and either your email address or your phone number, or both — depending on what you choose to share. The transfer only happens if your device and that of your counterpart are positioned closely to each other.
Source: Screenshot from Apple’s tutorial on NameDrop
Once you’ve done that, an option to share your contact information will pop up on your screen, and you’ll be asked to choose what exactly you want to do. At this point, you may opt to only receive or only share information, or both.
Then you need to decide which information you want to share, such as your email address, your phone number, or both, and tap Share to start the transfer. In case you change your mind at the last minute, you can also tap Cancel to stop the transfer while it’s still in progress. You can also cancel the transfer by simply moving your device further away from that of the other person. That is because the feature is powered by Near-field Communication (NFC) connectivity technology, which is only suitable for short-range wireless transfers. The same NFC is behind the vast majority of contactless payment methods that allow you to pay with your phone at stores.
In the end, the most your fellow Apple user (and it has to be an Apple user, because the feature is not compatible with Android) will get from you through ‘NameDrop’ is your contact photo, your email address, and your phone number. And not your entire phone library or the entire contents of your iCloud, for example.
Are there any risks still?
Like any new technology, ‘NameDrop’ is not completely risk-free. The main source of risk, as usual, is human nature. A 2019 study revealed that about 16% of smartphone users still would not lock their phones with a code or biometric. However, for iPhones users, there’s hardly an excuse to leave their phones unlocked. By default, iPhones automatically lock themselves after 30 seconds of inactivity, unless you change the setting to a shorter or a longer time interval, or turn it off completely. Alternatively, you can lock your iPhone screen manually with the side button or a swipe gesture. Unlocking your phone should not be a problem either, since users have three different ways to do so: Touch ID, Face ID or a passcode.
In a nutshell, unless the other person has physical access to your unlocked iPhone, there’s very little chance that your contact information will be leaked through ‘NameDrop’. And if your unlocked iPhone does fall into the hands of a bad actor, then… well, the perceived dangers of ‘NameDrop’ will be the least of your worries.
So, while there’re inherent risks to every new technology, there’s probably no need to panic and dash to disable ‘NameDrop’ on your iPhone. But it may be a good idea to tell your children not to share contacts and/or phones with strangers.