Warnings have been circulating on social media raising security concerns about a feature on the iPhone iOS 17.1 software update called ‘NameDrop’. But some of these are misleading.
One post says: “Anyone with iPhones…..BEWARE! If you have an iPhone and have done the recent iOS 17.1 update. They have set a new feature call [sic] NameDrop to default to ON. This allows the sharing of contact info just by bringing your phones close together.”
Another on Instagram claims: “if you’re even close to someone else’s phone, they can instantly access your contacts, photos and even more”. Other posts suggest ‘NameDrop’ may share your number “with a stranger” when phones are in close proximity “without the owner’s awareness”.
A video on TikTok from CBS News claims NameDrop means “anyone could potentially get your information, even if you don't want them to”.
While it’s true that the NameDrop feature is automatically turned on when iOS 17.1 is installed, it’s not true that it allows information to transfer between phones without the owner’s consent.
Honesty in public debate matters
You can help us take action – and get our regular free email
How does NameDrop work?
NameDrop was introduced in September and is similar to the existing AirDrop function. AirDrop allows users to wirelessly share and receive photos, links and documents, among other things, with nearby Apple devices providing both devices have Wi-Fi and Bluetooth turned on.
According to Wired, NameDrop can be activated when two iPhones with the feature turned on are unlocked and held with the top ends of the phones a few centimetres apart. The feature also works for Apple Watches using watchOS 10.1. A glow emerges from both devices and Apple Watches will vibrate when the connection is made.
The user’s own contact card, which can be made in Contacts and may include their email and phone number, will then appear on their own screen with a prompt asking if they want to “share” it or “receive only”. If the user chooses “share”, their contact information will be sent to the other device. If they opt to “receive only”, they will only receive the other person’s contact card, providing they consented. NameDrop only works for new contacts, rather than updating existing contacts.
The transaction reportedly ends if the phones are moved apart or locked. A video from Apple Support demonstrates how the feature works and explains that “both you and your recipient must be signed into iCloud”.
iPhone users have to choose to share with NameDrop
In a June press release about privacy and security features, Apple said NameDrop allows an iPhone user to share their contact information “with only their intended recipients.”
It says: “Users can also choose the specific contact details they want to share—and, importantly, what information they don’t want to share. Users can also share content like photos or links the same way...these new features securely share content over an encrypted connection”.
Rob Lee, a security expert and technical advisor to the US government, explained on X (formerly Twitter) that “it’s not as simple” as a passerby being able to swipe your personal information. He said: “NameDrop not only requires permission from both parties first, the type of info shared is also under their control.”
A blog post from cybersecurity company, Bitdefender, also points out that a phone would have to be left unattended and unlocked for someone to steal contact information using NameDrop, which it could do anyway in this scenario without NameDrop.
The Washington Post reported Chester Wisniewski, a digital specialist at the cybersecurity company Sophos, called some of the warnings “hysteria” and “nonsense”.
Full Fact has contacted both Apple and CBS News for comment and will update the article if we receive a response.
How do you disable NameDrop?
NameDrop can be turned off by going to Settings and selecting General, then AirDrop, and deselecting the option “Bringing Devices Together”, which will slide the colour from green to grey.
Full Fact has also written about other false claims relating to concerns around technology and privacy, including that all messages and images on Instagram are becoming public, the UK government’s emergency alerts “breach GDPR” and that Asda self-checkout tills use facial recognition.