Nov 21, 2025Ravie LakshmananData Safety / Expertise
In a shock transfer, Google on Thursday introduced that it has up to date Fast Share, its peer-to-peer file switch service, to work with Apple’s gear AirDrop, permitting customers to extra simply share information and pictures between Android and iPhone gadgets.
The cross-platform sharing function is at present restricted to the Pixel 10 lineup and works with iPhone, iPad, and macOS gadgets, with plans to increase to extra Android gadgets sooner or later.
With the intention to switch a file from a Pixel 10 cellphone over AirDrop, the one caveat is that the proprietor of the Apple system is required to ensure their iPhone (or iPad or Mac) is discoverable to anybody – which might be enabled for 10 minutes.
Likewise, to obtain content material from an Apple system, Android system customers might want to alter their Fast Share visibility settings to Everybody for 10 minutes or be in Obtain mode on the Fast Share web page, in line with a assist doc printed by Google.
“We constructed Fast Share’s interoperability assist for AirDrop with the identical rigorous safety requirements that we apply to all Google merchandise,” Dave Kleidermacher, vp of Platforms Safety and Privateness at Google, stated.
On the coronary heart of the longer term is a multi-layered safety method that is powered by the memory-safe Rust programming language to create a safe sharing channel that Google stated eliminates whole lessons of reminiscence security vulnerabilities, making its implementation resilient in opposition to assaults that try to use reminiscence errors.
The tech large additionally famous that the function doesn’t depend on any workaround and that the info just isn’t routed by means of a server, including it is open to working with Apple to allow “Contacts Solely” mode sooner or later.
“Google’s implementation of its model of Fast Share doesn’t introduce vulnerabilities into the broader protocol’s ecosystem,” NetSPI, which carried out an impartial evaluation in August 2025, stated.
“Whereas it shares particular traits with implementations made by different producers, this implementation is fairly safer. The truth is, the method of file trade is notably stronger, because it does not leak any info, which is a typical weak point in different producers’ implementations.”
That stated, its evaluation uncovered a low-severity info disclosure vulnerability (CVSS rating: 2.1) that might allow an attacker with bodily entry to the system to entry info, resembling picture thumbnails and SHA256 hashes of cellphone numbers and e mail addresses. It has since been addressed by Google.
The event comes as Google stated it blocked in India greater than 115 million makes an attempt to put in sideloaded apps that request entry to delicate permissions for monetary fraud. The corporate additionally stated it is piloting a brand new function within the nation in collaboration with monetary companies like Google Pay, Navi, and Paytm to fight scams that trick customers into opening the apps when sharing their screens.
“Units operating Android 11+ now present a distinguished alert if a consumer opens one in all these apps whereas display sharing on a name with an unknown contact,” Evan Kotsovinos, vp of privateness, security, and safety at Google, stated. “This function offers a one-tap possibility to finish the decision and cease display sharing, defending customers from potential fraud.
Lastly, Google stated it is also creating Enhanced Cellphone Quantity Verification (ePNV), which it described as a brand new Android-based safety protocol that replaces SMS OTP flows with SIM-based verification to enhance sign-in safety.
