A Secure Approach to Cross-Platform File Sharing

Posted by Dave Kledermacher, Google’s vice president of platform security and privacy

Technology should bring people closer, not create walls. It should be easy to be able to communicate and connect with friends and family, no matter what phone they use. That’s why Android is building experiences that help you stay connected across different platforms.

As part of our efforts to make cross-platform communication more seamless for users, we’ve made Quick Share interoperable with AirDrop, allowing two-way file sharing between Android and iOS devices, starting with the Pixel 10 family. This new feature makes it possible to instantly share your photos, videos, and files with people you want to communicate with, without worrying about what type of phone they use.

Most importantly, when you share personal files and content, you need to trust that it will be secure. You can share with confidence across devices, knowing that we built this feature with security at its core, your data is protected with strong security measures that have been tested by independent security experts.

Secure by Design

We built Quick Share’s interoperability support for AirDrop with the same rigorous security standards we apply to all Google products. Our approach to security is proactive and deeply integrated into every step of the development process. This also includes:

• Threat Modelling: We identify and address potential security risks before they become problems.
• Internal Security Design and Privacy Reviews: Our dedicated security and privacy teams thoroughly review the design to ensure it meets our high standards.
• Internal Penetration Testing: We perform extensive in-house testing to identify and fix vulnerabilities.

it Secure by Design The philosophy ensures that all our products are not only functional but also fundamentally safe.

The feature is also protected by a multi-layered security approach to ensure a secure sharing experience from end to end, no matter what platform you’re on.

• Secure Sharing Channels: The communication channel itself has been hardened by our use of Rust to develop this feature. This memory-safe language is the industry benchmark for building secure systems and provides confidence that the connection is protected from buffer overflow attacks and other common vulnerabilities.
• Built-in Platform Security: This feature is strengthened by the strong built-in security of both Android and iOS. On Android, security is built in at every layer. Our deep investment in Rust at the OS level strengthens the foundation, while preferring proactive security Google Play Protect Work to keep your device secure. This is complemented by the security architecture of iOS which provides its own robust security measures that reduce malicious files and exploits. These overlapping protections on both platforms work together with the secure connection to provide comprehensive protection for your data when you share or receive.
• You are in control: Sharing across all platforms works the same way you’re used to: A file requires your approval before it’s received, so you have control over what you approve.

The Power of Rust: The Foundation of Secure Communications

A key element of our security strategy is the use of the memory-safe Rust programming language for the interoperability layer between Quick Share and AirDrop. Recognized by security agencies around the world including NSA And CISARust is widely considered the industry benchmark for building secure systems because it eliminates an entire class of memory-protection vulnerabilities by design.

Rust is already a cornerstone of our broader initiative to eliminate memory safety bugs in Android. Its selection for this feature was deliberate, driven by the unique security challenges of cross-platform communications, which demand the strongest possible protection for memory access.

The core of this feature involves receiving and parsing data sent over a wireless protocol from another device. Historically, when using a memory-unsafe language, bugs in the data parsing logic are one of the most common sources of high-severity security vulnerabilities. A malformed data packet sent to a parser written in a memory-insecure language can lead to buffer overflows and other memory corruption bugs, creating an opportunity for code execution.

This is where Rust provides a strong protection. Its compiler enforces strict ownership and borrowing rules at compile time, which guarantees memory safety. Rust removes a whole range of memory related bugs. This means that our implementation is inherently resilient against attackers attempting to use maliciously crafted data packets to exploit memory errors.

Secure sharing using AirDrop’s “Everyone” mode

To ensure a seamless experience for both Android and iOS users, Quick Share currently works with AirDrop’s “Everyone for 10 minutes” mode. This feature does not use workarounds; The connection is direct and peer-to-peer, meaning your data is never routed through a server, shared content is never logged, and no additional data is shared. Like the “Everyone for 10 minutes” mode on any device, when you’re sharing between non-contacts, you can individually confirm their device name on your screen to make sure you’re sharing with the right person.

This implementation using the “Everyone for 10 Minutes” mode is the first step in seamless cross-platform sharing, and we welcome the opportunity to work with Apple to enable a “Contacts Only” mode in the future.

Tested by independent security experts

After conducting our own secure product development, internal threat modeling, privacy reviews, and red team penetration testing, we joined netspiA leading third-party penetration testing firm, to further verify the security of this facility and conduct independent security assessmentThe evaluation found that interoperability between Quick Share and AirDrop is secure, “significantly stronger” than other industry implementations and that no information is leaked,

Based on these internal and external evaluations, we believe our implementation provides a strong security foundation for cross-platform file sharing for both Android and iOS users. We will continue to evaluate and enhance the security of the implementation in collaboration with additional third-party partners.

To complete this in-depth technical audit, we also sought expert third-party perspective on our approach dan bonehA renowned security expert and professor at Stanford University:

“Google’s work on this feature, which includes the use of memory-safe Rust for the core communications layer, is a strong example of building secure interoperability, ensuring that cross-platform information sharing remains secure. I applaud the effort to open up more secure information sharing between platforms and encourage Google and Apple to work together on this.”

The future of file-sharing must be interoperable

This is just the first step as we work to improve the experience and expand it to more devices. We look forward to continuing to work with industry partners to make connecting and communicating across platforms a secure, seamless experience for all users.