Apple’s Airdop Under the Hood

The sharing of information has been an integral aspect of thriving societies since, well, the beginning of time. Even cavemen had methods of “securing” their data. Natural placeholders like sticks and rocks were used to represent transactions, and combined with a nomadic lifestyle, they ensured that any information not destroyed by nature would be useless by the time other tribes came across it.

This paper describes how the proprietary Apple software “AirDrop” , how and why it does what it does, i.e. share files securely without the need for a WiFi connection, so that the data is both accessible and safe at all times between iOS and MacOS devices. It aims to argue in favour of use of AirDrop as opposed to other alternatives such as Android Beam and Shoutr as well as identifying some disadvantages and weaknesses it has.

In the beginning there were floppy disks, well that wasn’t quite the beginning but it’s a good starting point for this paper. As long as there were more than one computer in existence there has been a need to transfer data securely between those computers. To this day there are still many pain points associated with this process. Many people still physically share files using thumb drives, which is barely a step above floppy disks. A much more elegant, fast and impregnable solution was released Apple on July 20 2011: AirDrop.

How AirDrop works

Airdrop is a two sided affair, there are two completely different perspectives to how it works, namely the perspective from a user’s standpoint and the perspective from a technical standpoint.

A user journey with AirDrop

The following instructions supplied by Apple outline some use cases for AirDrop.

Under the hood

Sharing

In order to share files both devices must first have airdrop switched on. There are three modes that Airdrop can be set to for the receiving party, “off”, “contacts only” and “everyone”. “Off” mode is pretty self explanatory, the receiver can not be seen by any other iOS or MacOS devices trying to send files or objects via Airdrop. “Contacts only” means that the receiver can be sent objects by someone who is currently in their iOS contacts,, and “everyone” means that the receiver can be sent a file by anyone in the vicinity(10 meters) with an iOS device.

Bluetooth and Wi-Fi combined.

Airdrop works by creating an ad-hoc Wi-Fi connection between two iOS devices using a combination of Wi-Fi and Bluetooth connectivity resources. The multipeer connectivity framework is the layer in which developers can interact with these networking tools that the iOS device has. AirDrop uses bluetooth to “broadcast, discover and negotiate connections to other devices” , it is also possible to use just bluetooth to transfer the data itself. The advantage of this is that bluetooth uses much less power than wifi, as is shown in figure.1.

However, “The downside to bluetooth is that it takes significantly longer to transfer data than Wi-Fi”. Airdrop therefore combines bluetooth and Wi-Fi effectively so that bluetooth is responsible for establishing a Wi-Fi connection between those two devices and Wi-Fi is responsible for transferring data through said connection.

Wifi-direct

The following explanation outlines how a Wifi-Direct connection works and is used to transfer data with Airdrop.

“When AirDrop is enabled, it triggers Bluetooth to look for other AirDrop-enabled iOS devices that are in the area. This process is similar to pairing your iPhone with your car’s Bluetooth system. The devices “advertise” that they are open for business, and if they are within range of each other, then they start the connection process. Once the connection is made, a simple device-to-device Wifi link, called Wi-Fi Direct, is created between the two. The Wi-Fi Direct link can be created even if you are in the middle of nowhere, without a Wi-Fi network. So, you get the fast file transfer speed of Wi-Fi without a router or an internet connection.”

This demonstrates how the connection achieves Wi-Fi comparable speeds without any external Wi-Fi sources. Some Android devices only support NFC(near field communication). Near field communication is extremely slow and low in range by comparison to WiFi direct as shown below.

Multipeer Connectivity and AirDrop (iOS)

There are other advantages to Wi-Fi direct aside from speed and security. Wifi-Direct is also much more useful than NFC or bluetooth because of its increased range. This enables more broad use cases such as swapping contact information at networking events in larger rooms to become possible.

Security

Security of Airdrop data transfers is handled by a TLS(transport layer security) connection. TLS is the most widely used and secure file transfer protocol.

History of TSL

The secure sockets layer was invented by Netscape in 1994. The problem that it was initially invented to solve was that communication between the client and the server was not secure prior to this. This was especially needed in industries such as e-commerce, where impenetrable connections were needed in order to securely transfer funds between accounts. HTTP(the hypertext transfer protocol) was being used since 1990 as the method by which connections were being made. However, this method was rightly deemed as not being secure enough to transfer sensitive data. Over the years SSL has been integrated with other protocols for data transfer. The first of these was HTTP, which became HTTPS, e-mail(SMTP), phone calls (VOIP). TLS is an enhancement of SSL, TLS has a number of advantages over SSL, the most useful being mutual authentication on both the client and server sides of the connection.

How the SSL and TLS Protocols work

The TLS protocol is structurally identical identical to the SSL protocol. The SSL protocol is a five-step process. The following steps outline the handshake at a high level.

1. The client requests an SSL Connection(SSL Hello)
2. Server responds with the SSL certificate(which includes the public key; SSL done)
3. Client validates the certificate/public key.
4. Client generates a symmetric key(aka session key) and transmits it to the server.
5. SSL session is established.

The following diagram(figure 2) outlines the entire handshake visually and extends the process to the point where the two systems are actually sharing data. The five steps above only reach a point where a secure connection has been established.

figure 2

How Airdrop uses TLS

Upon activation of the AirDrop feature by a user the device generates a 2048-bit RSA identity.

which facilitate a TLS encryption over bluetooth. This makes Airdrop also an extremely secure method of file transfer which is another advantage over other file transfer protocols.

Specified file types

Another security benefit of Airdrop is the ability to create unique file types that can only be opened by a specific application. This is possible if a user is designing an iOS or MacOS application that has Airdrop functionality built in.

Disadvantages of Airdrop

For all the strengths of Airdrop, there are a few undeniable weaknesses to the platform.

Apple specific

As is the case with a lot of proprietary software built by Apple Airdrop is not usable outside of their ecosystem. This is a huge disadvantage to people with Android phones and Apple computers or visa versa and renders the software useless for their personal use.

Larger files

Airdrop is not the best solution for larger file transfers. Alternatives for this purpose such as Google Drive and Dropbox are far superior in their speed and accessibility. They also have the added advantage that the file can be stored in the cloud permanently until they need to be accessed.

Airdrop is undoubtedly the most secure, fast and easy to use file transfer method in existence today. It outstrips the competition while remaining impenetrable to nefarious sources, which is no mean feat given the volume of hacks that are occurring today. It’s improvement over time from it’s beginnings as an iOS only tool, to becoming a MacOS specific tool and finally becoming a tool that was universal across both platforms. Although there are some disadvantages, there are very clear reasons why there are. For example, the fact that AirDrop is a proprietary software makes it much more secure.