In a surprising announcement on Thursday, Google revealed a significant update to Quick Share, its service for peer-to-peer file transfer. The update now allows Quick Share to interact with Apple’s proprietary AirDrop, thereby facilitating a much easier method for users to share files and photos between devices running Android and those within the iPhone ecosystem.
The newly introduced feature supporting cross-platform sharing is currently limited in its rollout, initially becoming available only to users of the Pixel 10 smartphone lineup. It is confirmed to operate seamlessly with devices including the iPhone, iPad, and macOS. Google has indicated that there are definite plans to extend this capability to a broader range of Android devices in the near future. The one minor requirement for users wishing to transfer a file from a Pixel 10 phone via AirDrop is that the recipient on the Apple side must ensure their device—be it an iPhone, iPad, or Mac—is set to be discoverable by anyone, a setting which can be enabled for a period of ten minutes.
Conversely, for an Android device user attempting to receive content from an Apple device, they must similarly modify their Quick Share visibility settings. As outlined in a support document released by Google, this involves adjusting the visibility to “Everyone” for ten minutes or activating “Receive” mode directly on the Quick Share interface. Dave Kleidermacher, Google’s vice president of Platforms Security and Privacy, affirmed the company’s commitment to safety, stating, “We built Quick Share’s interoperability support for AirDrop with the same rigorous security standards that we apply to all Google products.”
The foundation of this forward-looking feature is a multi-layered security framework, significantly powered by the memory-safe Rust programming language. Google asserts that the use of Rust helps establish a secure sharing channel that effectively eliminates entire categories of memory safety vulnerabilities, thereby making the implementation highly resilient against attacks that specifically target memory errors. The tech giant also emphasized that this functionality does not rely on any kind of workaround or server-based routing for data. Furthermore, Google expressed openness to future collaboration with Apple to implement a “Contacts Only” sharing mode.
An independent assessment conducted by NetSPI in August 2025 corroborated the security of the feature, noting that “Google’s implementation of its version of Quick Share does not introduce vulnerabilities into the broader protocol’s ecosystem.” The assessment further stated that while the implementation shares certain attributes with those of other manufacturers, Google’s version is “reasonably more secure,” particularly highlighting that the file exchange process is “notably stronger” as it avoids leaking any information, a common flaw in competitors’ implementations. However, the analysis did uncover a low-severity information disclosure vulnerability (CVSS score: 2.1) that could allow an attacker with physical access to the device to potentially access data such as image thumbnails and SHA256 hashes of phone numbers and email addresses. Google has since patched this specific issue.
The introduction of this cross-platform sharing update coincides with other security initiatives from Google. In India alone, the company reported blocking over 115 million attempts to install sideloaded applications that request access to sensitive permissions with the intent of committing financial fraud. In response to this, Google is currently piloting a new feature in the country, working with financial services partners such as Google Pay, Navi, and Paytm, designed to combat scams where users are tricked into opening specific applications while sharing their screens. Evan Kotsovinos, vice president of privacy, safety, and security at Google, explained that “Devices running Android 11+ now show a prominent alert if a user opens one of these apps while screen sharing on a call with an unknown contact.” This system provides a simple, one-tap option for the user to terminate the call and stop the screen sharing, serving as a protective measure against potential fraudulent activity. Finally, Google also announced it is developing Enhanced Phone Number Verification (ePNV), a new Android-based security protocol intended to improve sign-in security by replacing traditional SMS One-Time Password (OTP) flows with SIM-based verification.
Reference:
