No, Apple is not Listening to You through FaceTime
Earlier this week, reports broke that Apple’s popular video call service - FaceTime - had a software bug that allowed any user to hear and see the video and audio of the person that they were calling, even if that person had not answered. Reporting sparked concern into iOS users, and some reports even claimed Apple was using this bug to spy on its user base. What is this bug? Is it fixed and do I need to be worried? Those are all great questions!
Let’s dive in.
What is this FaceTime bug?
Before we can talk about what the issue with FaceTime is, we need to understand what a ‘bug’ is. No, it is not a tiny little insect walking around Apple’s servers. When speaking about software, a bug is a flaw in the code that makes up a piece of software that allows users to exploit or use the product in a way in which is was not intended.
Bottom line: There is no reason or evidence that Apple purposely left this security flaw in Group FaceTime. It was a bug that was not found until a user tried accidentally exploited the bug and then to report it to Apple, more on this later.
As mentioned earlier the bug allowed for any person to start a FaceTime call to any other person that had an iOS device with FaceTime turned on. The caller would then click on the “Add Person” button. This button is used with Apple’s Group FaceTime feature allowing up to 32 people on a single call. However, instead of adding a different person, the caller would just add him/herself. Once this is done, the caller would then be able to hear the audio of the person he/she was calling, even if he/she still had not answered. If the person he/she was calling then dismissed the FaceTime call by using his/her power/wake button, the caller would then gain access to the video of the person he/she was calling.
It was a very weird set of circumstances that led to this bug working. Hence, many bugs fly under the radar until real-world users can test software and make decisions that developers would not make. Apple’s Group FaceTime feature was not meant for people to add themselves to calls, but rather to add other people.
Many news agencies have videos demonstrating how this bug worked. Here is a great video from MacRumors.
Is this bug fixed?
Great, now that Apple is notified about the bug it is fixed already, right? Well, that is a more complex question. Initial reporting by most news outlets told people to disable FaceTime on their devices. That was good advice, until Apple disabled the Group FaceTime feature. (You can see the status of Group FaceTime, here.) With Group FaceTime now disabled on Apple’s servers, you no longer need to worry about disabling FaceTime on your iOS devices.
You can still FaceTime people, however, you cannot add anyone else to your call. This prevents the bug from continuing to be used. Most news agencies are still reporting that they only way to avoid this issue is to disable FaceTime entirely, and that is simply not true.
Apple has stated that a software update will be coming probably tomorrow (February 1, 2019) to address this bug on all of its devices that are capable of Group FaceTime. Once this update is pushed, I highly recommend updating all of your devices as soon as possible, because once Group FaceTime is restored and your device is not updated/patched it could be susceptible to this bug again.
So, why is it taking Apple so long to patch - or fix - this bug? Great question! When a company has an operating system, in this case iOS, running on over 1 Billion devices, it takes a lot of man hours to make sure once a solution is found that it works on every single device type. Not to mention finding a solution that fixes all of the existing problems without causing new problems is a very complex task. Writing bug-free software is virtually impossible. The public does not know how complex this issue is on a code level, and Apple wants to make sure it gets a fix out to the public on the first go-around. This is not something that Apple wants to do five or six times playing a guessing game until they get it right.
Do I need to be worried?
Another great question! At this time, I would make a strong argument that you should still feel secure using an iOS device and FaceTime. With Group FaceTime disabled, the bug is no longer active. If you still want to put your mind at ease, disabling FaceTime in the Settings area (Open Settings > FaceTime > Toggle the FaceTime Switch from Green to Gray) would be another great option. It is not necessary at this point, but you have that choice if you want it.
Apple has always taken a firm stance on the security of its devices and its consumers’ data. Currently, there is no evidence to suggest that Apple was using this bug to give law enforcement a back door listening device, or that they were using it to spy on its customers. Any news agency that reports this is simply working to damage Apple and is sharing false information. I would be very surprised if any evidence were to come to light suggesting the opposite.
Now, a teen did discover the bug over a week before Apple disabled Group FaceTime on its servers. The teen’s mother shared the news on her Twitter account. The two made several attempts to contact Apple about the bug, but never heard back. It was not until the two went to Fox News and had the bug go mainstream before Apple made a decision to disable its software feature.
So, why did it take Apple so long to find a “solution.” Well, that is another complicated answer. First and foremost, if Apple responded to all of its bug reports and reports by users claiming that they have found a major security flaw, that is all that they would be doing.
However, that does not excuse the fact that they had over a week to investigate and release a fix. Since they quickly disabled Group FaceTime after the bug was made public on a large scale, why did they not just disable the feature as soon as they learned and tested the bug? If they take security so seriously, they should have made that decision from the beginning, right? Well, yes. As of now, we do not know when Apple learned and tested the bug for itself. There is no evidence to suggest that they were trying to cover it up, either. They will need to answer and explain their internal decision making, but for now they are simply working to rectify the bigger issue at hand and that is the security and integrity of Group FaceTime calls.
In the coming days, make sure to be watching for Apple to release a software update for all devices to patch and secure the bug. Also be careful when listening to reports about the issue. Many news agencies do not have a strong background in more technical concepts, and because of this reports about these stories can cause more panic than need be. Before making any drastic decisions, make sure you are checking a number of sources to see if the information you are hearing seems to be the larger consensus. If not, do some more looking. The Verge and Mac Rumors are both great sources to get up-to-date information.
What are your thoughts about this bug? Do you feel any less secure and/or confident in your iOS device and/or Apple? Let myself and other readers know below!