[masom]

This isn't how Airdrop works.

The first step is a device lookup with "Bonjour", which allows devices to ping each other an see who's who. Any network device since the 1980s pretty much does this by default unless you disable it. Remember Netbios?

The second step, is Airdrop requesting a device to accept a connection.

At that point, you see who is sending you the send request, and you can accept/deny. Airdrop is also disabled by default from unknown senders since a dude sent a dick pick on an airplane. Your Apple device will only accept connections from known contacts by default, and you can override that setting to allow connections from anyone.

You can disable this behaviour in Settings by blocking Airdrop.

From the article: > While AirDrop’s device-to-device communications channel is typically protected from third-party snooping by its own layer of security, that wouldn’t shield someone who may have been tricked into connecting with a stranger, perhaps by tapping on a deceptively named device in a list of contacts or by thoughtlessly accepting an unsolicited connection request. This step is required for the sender to be identified, according to security experts.

[lxgr]

> The second step, is Airdrop requesting a device to accept a connection.

> At that point, you see who is sending you the send request, and you can accept/deny.

Revealing the identity hash must happen earlier than that, since the entire point of the "only contacts" feature is that you can't even see non-contacts on your AirDrop share sheet.

And since Apple (correctly, in my view) didn't want receiving devices to publicly broadcast their identities (or even worse the set of acceptable senders), it's on the sender to initially broadcast their identity to all devices within range.

The candidate devices (i.e. those that have the sender in their contacts) then respond and get populated in the share sheet target list.

What's potentially surprising is that this must happen even before selecting AirDrop as a share target, since (at least on my device) I can already see nearby AirDrop contacts in the "frequently contacted" part of the general share sheet...

[masom]

Yes, there's a more complicated explanation as it's all happening as part of Bonjour https://developer.apple.com/bonjour/

The sender device broadcasts their identity, while the receiving devices will follow the Airdrop settings. When in contacts only and/or disabled, your device will not broadcast your personal identity in the clear.

Your device itself broadcasts its presence through various protocols.

This is a follow-up to the NetBIOS protocol that did the same (Windows shares is another example).