Can headphones transmit malware?

While I would not say "impossible", I can say that you don't need to worry.

Headphones do not have any storage that could be used to store malware. Also, they usually do not actively send much data to the phone they are plugged into that could be used. For example, only send sound data if there is a mic, and maybe some simple play/stop/skip/volumeup/down signals. However, they do not send complex commands like "install a driver" or some other more complicated commands that could have a bug which could be exploited.

Maybe one could create a fake headphone that exploits a bug that could somehow execute something on the device. However, that won't happen on the common headphones that you or you friend have, for sure. It could be possible especially when talking about USB or bluetooth headphones, since they use a more flexible communication channel, and it is harder, but not impossible, in common jack ones - e.g. take a look in these card readers - note that for that you would need a buggy software that expects other data in the sound jack, as a card reader software, pre installed to be exploited).

As mentioned in a comment to your question, the most important thing to do when borrowing a headphone may be "wipe the earbuds down with rubbing alcohol". Other than that, don´t worry!

Potentially, yes -- but it depends! Quite a number of Android devices (and potentially a lot of others) enable access on a serial UART console on the headphone jack during boot (a nice wrapup also exists on pentestpartners.com). You don't need a lot of electronics (and space requirements) to build a headphone that can (ab)use UART access to do something evil, from reading information to changing software.

If you're connecting headphones through USB (which will probably occur much more often with USB-C) or Apple's lightning connector, generally the same issues as with other USB devices apply -- especially if the device supports the USB host mode.

This does not fit your very special scenario where you borrow your own headphones. Somebody would have to modify the headphones and add up malicious electronics, and it does not seem your mistrust your friend to have applied something like this. But generally, headphones are a potential attack vector.

As far as I can establish, these headphones don't have memory, so they would not be able to store malware.

Also, the datastream should only be from the computer or mobile to the headphones. Even if an attacker managed to put malware on the headphones, it would be hard to send the malware to another computer or mobile.
If it were a headset (i.e. with a microphone), there would be a datastream to the device. But as long as the device has no memory, there shouldn't be a problem.

Something that looks like headphones and plugs into the headphone jack could be evil -- it could fry your audio chip by pushing electric current beyond normal limits. But without extra software already on the device, it can't save data to the hard drive of the device.

No, it is not possible because a common jack cable headphone lacks 3 things that are necessary for a malware infection:

1. Storing data
2. Executing code
3. Transferring data

This is something we might see coming onto headphones in the future. For example USB-headphones might come with such features which would make a malware infection and propagation possible.

Speakers and microphones are essentially the same thing: a vibrating element controlled by an electronics signal. Because of that, you can turn a speaker into a microphone quite easily by messing with the cables.

In theory, a modified headset equipped with bluetooth or a data cable (like the upcoming Lightning-connected earpieces might be) could spoof a keyboard or other connection and listen to specially crafted audio signals and transmit data directly into your phone. however, this would be a quite difficult assignment and I am unaware of any real-life attacks that use this method.

However, a standard headset or mass-produced brand of earbuds should not be able to send data to your phone.

No, you can't give your Android phone malware by using Apple earbuds.

Pretty much, earbuds, like any headphones, are just two small speakers each soldered to two wires that complete the circuit between the earphone and the headphone jack.

Some headphones have a volume switch, small microphone, playback control (pause/play, stop, rewind, fast forward, etc.) or a combination there of. It still would not hack into your phone unless the schematics showed anything but what was necessary for that sort of functionality.

But for your simple Apple earbuds, no it would not, and definitely should not, harm your phone.

The way I see it, you are asking if an Android phone infected with an Android malware could

1. store data on your headset

2. infect your iOS device

The first question has already been answered quite clearly.

The second however hasn't been answered. If Android code could possibly run on iOS, well a lot of programmers would be so satisfied. One could argue that the malware is capable of infecting the headphone with both compatible malware, but we know that is unlikely.

If they're standard headphones with an analogue audio cable, then they can't transmit malware. If they've got a digital connection such as HDMI, they can theoretically transmit malware but a vulnerability in the headphones would have to be exploited by the device transferring the malware to the headphones, and the malware on the headphones would then have to exploit a vulnerability in the devices connected later in order to infect them. If they're USB headphones, they could be reprogrammed to behave as a USB flash drive if a vulnerability in them was exploited, and USB flash drives can be used as a vector for all sorts of malware. If they've got a proprietary connector on them, you might not be able to find out what kind of data bus this connector provides and it may be possible for this to be exploited.