Is Apple's AirDrop safe to use in China?

The company has yet to comment on concerns that user anonymity is no longer guaranteed.
By Wang Yun for RFA Mandarin
Is Apple's AirDrop safe to use in China? "Keep your personal information safe. It's very iPhone," says the Apple iPhone advertisement, as workers fix cable near a large screen in Beijing in May 2023.
Andy Wong/AP

Chinese authorities recently announced they are able to harvest user data of those using Apple's AirDrop file-sharing function, breaking the anonymity of a service that was once reportedly used to send photos and videos of Peng Lifa's daring Sitong Bridge banner protest in October 2022.

While Apple products, particularly devices bought outside of China, have a reputation as a relatively secure option for anyone wishing to evade government monitoring, questions remain about their ability to protect users' privacy in an all-encompassing surveillance state like China.

The Chinese government has had its eye on AirDrop for some time, calling it "a major problem" for police, because it offers a way for people to share content without going through the country's tightly monitored and heavily censored internet.

The Beijing municipal judicial affairs bureau said on Jan. 8 that it had managed to de-anonymize AirDrop users, sending a warning to anyone hoping to share banned content without triggering censorship alerts or leave evidence that might be used to target them in criminal proceedings.

A senior IT engineer in the United States said the bureau's claim was feasible. 

"Fields related to the sender’s mobile phone number and email address sent by AirDrop are recorded in the form of hash values," he said, in a reference to a form of basic encryption. 

"Although it's not possible to directly derive the sender’s mobile phone number or email address from the password-level hash value, you can make a list of hash values ​​of various common mobile phone numbers and email combinations, and then use the list to find the corresponding name," he said, in a reference to a technique described by Ars Technica as "rainbow tables."

Criticism of Xi

The New York Times reported in 2022 that activists had used AirDrop to disseminate content critical of President Xi Jinping ahead of the 20th Party Congress, at which he was nodded through for a third, indefinite term in office.

The content reportedly referred to Xi as a "despotic traitor." By the time Apple updated its iPhone operating system to iOS 16.1.6, the "send to everyone" option had been disabled, the report said, amid widespread rumors that Apple CEO Tim Cook had allowed the tweak as a concession to Beijing.

It appears that didn't stop people using AirDrop to distribute content containing banned keywords, including references to democracy, constitutional government, or the 1989 Tiananmen massacre.

"Some people reported that their iPhones received a video with inappropriate remarks in the Beijing subway," the bureau said in a Jan. 8 post on its official website. "After preliminary investigation, the police found that the suspect used the AirDrop function of the iPhone to anonymously spread the inappropriate information in public places." 

"Due to the anonymity and difficulty of tracking AirDrop, some netizens have begun to imitate this behavior. Therefore, it was necessary to locate the sender and determine their identity as soon as possible to avoid negative impacts," the post said.

People are silhouetted as they visit an Apple Store to try out the latest iPhone 15 handsets at an outdoor shopping mall in Beijing in September 2023. (Andy Wong/AP)

People "with malicious purposes" had also used AirDrop to transmit "illegal pictures, videos, audio ... illegally delivering and spreading bad information to nearby people in crowded places such as subways, buses, shopping malls, etc," it said.

The government has also indicated that it plans to fully regulate the use of local wifi networks, forcing providers to get a license in order to "safeguard national security and the public interest."

In draft rules published in June 2023, the Cyberspace Administration of China announced plans to force providers of Bluetooth, Wi-Fi and other information technologies to register as "near-field ad hoc network information service providers." 

‘Promote core socialist values’

Providers will be required to "promote core socialist values, adhere to the correct political direction, public opinion guidance and value orientation, and keep cyberspace clean," the draft rules, which are out for public consultation, said.

They will also need to "prevent and resist the spread of bad content," disable anonymous sharing, and keep user logs for the authorities to check at any time.

Users will also be banned from the "production, copying, and publishing of bad content," and required to report it to the authorities, the draft rules state.

Activists have been racking their brains for ways around the new developments.

"I suggested maybe registering with an overseas email address you can buy for 10 yuan on Taobao, and using an iPhone without a SIM card," an activist who gave only the pseudonym Lu Qing for fear of reprisals told RFA Mandarin. "Wouldn't that make it impossible for them to detect?"

Lu said somebody had responded in his WeChat friends circle that he shouldn't be giving the authorities hints and tips about possible workarounds.

He said he and his fellow activists think the judicial bureau post is a bid to scare people off trying to unite in any kind of resistance to the ruling Chinese Communist Party.

"It's about scaring rights activists who may want to come out and take action, [particularly] young people who have just started spreading news of resistance, and who may not feel very safe doing so," he said, citing the satirical cosplay on the streets of Shanghai by young people at Halloween.

"They may be thinking that this kind of resistance among the people is a bit like the fragmented protests and the increasing spread of information of the last years of the Soviet Union," Lu said. "The National Security Agency recognizes this trend."

Many of the activists detained in the wake of the nationwide "white paper" protests of November 2022, some of whom called for Xi's resignation, were young, as well as being predominantly women.

Requests to Apple for comment went unanswered by the time of publication of the Mandarin version of this report on Jan. 10.

‘Courting death’

Yet despite the issues, Lu and other activists said they still rely on Apple devices to offer at least some privacy protection for users living in a surveillance state.

An activist in Shanghai who gave only the nickname Mr. Bao for fear of reprisals said he has two separate Apple devices, one to offer to police during searches, and another for making contact with the world outside the Great Firewall, using a foreign-registered Apple ID. That device stays permanently at home.

He said he would never use AirDrop to transmit any information, however.

"Sending stuff in the subway like that is courting death," Mr. Bao said. "It's too easy for them to discover, because all of China's iCloud accounts are real-name only, and even Apple ID usernames are real-name only."

But he still relies on his foreign-registered Apple device to view content that is uncensored by the Chinese government.

"It's only safe if you use a foreign-registered Apple ID, and never install any apps from the Chinese store," he warned.

Raised their game

Even that approach doesn't seem to be foolproof, as police are also monitoring overseas social media platforms for dissent originating from China, or from Chinese nationals overseas, according to a former white paper movement protester who gave only the pseudonym Yang Yunjuan.

Yang said police had paid a call on a student friend of hers after she made a comment critical of the Chinese Communist Party on an overseas social media platform, and the college counselor had continued to put pressure on her since the incident.

"It seems they've recently raised their game when it comes to the monitoring of various platforms and communications apps," she said.

Yang's friend isn't the only student to have been reprimanded after making dissenting comments on overseas websites, "even on some niche platforms that were originally believed to be safe," she said.

The Telegram messaging app, a mainstay of protester communication during the 2019 Hong Kong protest movement, is also now subject to restrictions for users in mainland China, Yang said.

"It's very hard to sign up for Telegram in mainland China now ... I think phones with the 86 country code have been blocked [from using it] now," she said, adding that some people had gotten around the problem of the verification code by using virtual phone numbers.

Overseas media have reported recently that sales of iPhones plummeted by 30% in the first week of 2024, citing a ban on their use by Chinese government employees, compared with flat sales for other makes of smartphone.

Translated with additional reporting by Luisetta Mudie. Edited by Malcolm Foster.


Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.