Track AirDrop Traffic

New Contributor III


Anyone else having an issue of students changing the name of their iPad, sending inappropriate pictures via AirDrop and then quickly changing the name of their iPad again? I'm wondering if there's a way to track AirDrop traffic. Is this difficult because it's Bluetooth over Wi-Fi?

We had our iPads enrolled before the option to force iPad names was added. Also, students can still change iPad names even if this is option is enabled in the pre-stage enrollment. It will default back to the forced name after each inventory update.

I understand we can block AirDrop on individual or all iPads, but it is also used educationally and would rather not block it en mass. If there was a way to find out who AirDropped something by serial number or even IP of the iPad we could block those individuals.



New Contributor

Hi @danny33c

I totally understand how problematic this can be.

AirDrop is a combination of Bluetooth for discovery and AdHoc Wi-Fi connection, it's gonna be hard to track, both devices do accept to connect together without using any existing Wi-Fi connection.

Regarding the name, iOS 9 brought a real way to block name changing if the devices are supervised. You can find this in the restrictions, it's called "Allow modifying device name (supervised only)", it's not related to the option you have in the pre-stage enrollment profile or in the inventory that would change the name back to its original one, it really blocks the name on the device itself.

But you need to be running iOS 9 and your JSS must be running 9.8 at least...

New Contributor III

Thanks! I didn't realize that new restriction was added!

New Contributor

Hello Danny,

We just experienced a very similar situation at our school and have been racking our brains for a solution. We thought there must be a way to track where it was sent from at least (due to the fact it must go through our WI-FI). This is the method we have found that worked in our situation, but this all relies on knowing the device name that sent the file.

Once we knew the device name that had sent it, in this case "No-One", we did a search for the name on our DNS radius server. This showed us the device names of every device that was currently connected and had connected in the last 8 days. From this we where able to get the IP address that was connected at that time and then we just searched from the IP address on our internet filtering to see what user was assigned to the IP address.

This is how we went around it at least. But this is a very situational fix i.e. it will only work as-long as your DNS is up-to-date and the user has not changed their device name (Most students we find just forget to do that).

New Contributor III

I really don't have anything to add to the conversation but can't you track MAC address as well? As far as I know, there's no way to spoof a MAC address on an iOS device.. I could be completely wrong too.

New Contributor III

We will probably rename of the iPads with their username and then enforce a no renaming policy. Then they can never be anonymous, they've learned they can get away with it if they change the name of their iPad immediately. I like that idea of looking it up in DNS. Thanks!

New Contributor

I am having an issue with my son at school on this subject. He took a test in class and somehow someone took a pic of his test and airdropped it to the next period class. He is a good kid, even studying law enforcement in school, but they matched the pic of the test to his writing and answers and he got a zero on the test and a 70 for class participation. He’s very upset because now he’s not going to get honors. Anyway, no one asked the students that received the airdrop the name of the phone that sent it and they made everyone delete it. I need to prove he didn’t take that pic of his teat and that he didn’t send it. Help