More than once, I've been AirDropped dick pics while making the grave mistake of riding the subway with my phone's Bluetooth turned on. I thought that was as nefarious as it gets, but now an Android vulnerability has been discovered that allows attackers to send malware over Bluetooth.
BlueFlag is a red flag — As detailed by ENRW, BlueFlag is a flaw within Android 8 Oreo and Android 9 Pie that allows attackers to discreetly transmit malware. All they need is the MAC address, which can sometimes just be guessed by looking at the WiFI MAC address.
A fix, for some — Some Android users can protect themselves by installing the February 2020 security patch. But because Google only requires phone makers to provide security updates for two years after a phone's release, some people may never get the patch to fix the issue. Android 8 is well past that mark, and researchers didn't check to see if even older versions of the software are affected.
If your phone's too old, unfortunately, the only way to protect yourself may be buying a new phone.