2.4.11 Ensure AirDrop Is Disabled

Information

AirDrop is Apple's built-in on demand ad hoc file exchange system that is compatible with both macOS and iOS. It uses Bluetooth LE for discovery that limits connectivity to Mac or iOS users that are in close proximity. Depending on the setting it allows everyone or only Contacts to share files when they are nearby to each other.

In many ways this technology is far superior to the alternatives. The file transfer is done over a TLS encrypted session, does not require any open ports that are required for file sharing, does not leave file copies on email servers or within cloud storage, and allows for the service to be mitigated so that only people already trusted and added to contacts can interact with you.

While there are positives to AirDrop, there are privacy concerns that could expose personal information. For that reason, AirDrop should be disabled, and should only be enabled when needed and disabled afterwards.

Rationale:

AirDrop can allow malicious files to be downloaded from unknown sources. Contacts Only limits may expose personal information to devices in the same area.

Impact:

Disabling AirDrop can limit the ability to move files quickly over the network without using file shares.

Solution

Perform the following to disable AirDrop:
Graphical Method:

Open Control Center in the Menu Bar

Select AirDrop

Set AirDrop to disabled

Open System Preferences

Select Dock & Menu Bar

Select AirDrop

Set Show in Menu Bar to Off

Terminal Method:
Run the following commands to disable AirDrop:

$ sudo -u <username> defaults write com.apple.NetworkBrowser DisableAirDrop -bool true

example:

$ sudo -u seconduser defaults write com.apple.NetworkBrowser DisableAirDrop -bool true

Profile Method:

Create or edit a configuration profile with the PayLoadType of com.apple.NetworkBrowser

Add the key Forced

Set the key to the following:

<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>DisableAirDrop</key>
<true/>
</dict>
</dict>
</array>

See Also

https://workbench.cisecurity.org/files/3573