Users of Apple FaceTime have uncovered a serious privacy issue this week, which Apple is racing to address. A bug affecting the Group FaceTime service meant that users could listen in and even potentially watch another person using the service, even without joining the call.
There's never a great time for your company to drop a huge privacy breach, but it's especially embarrassing for Apple, given that the news happened to land on Data Privacy Day.
Apple has temporarily removed the Group FaceTime feature while it urgently fixes the issue and seeks to reassure its customers.
How Does the Group FaceTime Bug Work?
The Group FaceTime bug was first uncovered by prominent Apple site 9to5mac.com. Using the bug, callers are able to listen in to a recipient's microphone while their phone is still ringing, with the person receiving the call unaware.
Here's how it works. The user starts a FaceTime Video call. While the call is still dialling, they then select the option to add another person to the call, and select their own number. After this action, a group FaceTime call will begin, and the caller will be able to listen in on the recipient before they even pick up.
So what's the risk? Well, under these circumstances, it would be a pretty embarrassing moment to notice your phone ringing and exclaim, “Oh no, not Jack again…”
That's bad enough, but it doesn't stop there. During experimenting, 9to5mac.com also realized that if the person receiving the call pushes the power button (to silence the ringing), the caller will also have access to the video camera and be able to see the recipient.
While this only lasts as long as the phone is ringing for, it's still a huge invasion of privacy, and could be replicated on any Apple device that has FaceTime, including iPhones, iPads and Macs.
It appears that the issue affects devices running iOS 12.1 or later.
How Has Apple Responded?
Apple acted quickly in light of this news, and immediately removed the Group FaceTime feature from its devices. You can check it yourself on Apple's System Status page.
FaceTime is still available for one-on-one chats, although many users are disabling it entirely on their phones until confirmation that the issue has been resolved.
As for a time-frame for when we can expect this fix, Apple has stated this will occur “later in the week”, although we've not been given anything more concrete than that.
Data Privacy Day Embarrassment for Apple
The news comes at a rather awkward time for Apple. It happens that the issue was reported on Data Privacy Day, with Tim Cook himself marking the occasion on Twitter with a message about the dangers and consequences of not protecting our privacy.
We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.
— Tim Cook (@tim_cook) January 28, 2019
Many Twitter users immediately responded to Cook about the irony of posting such a message on the day that your company experiences a major privacy flaw in one of its services.
The company even paid for a 14-floor banner to be displayed at this year's CES, with the message “What happens on your iPhone, stays on your iPhone”. Apple has even fallen out with police and government authorities for refusing to unlock potential criminals' Apple devices for evidence.
While its track record on privacy matters is fairly good, the FaceTime bug is certainly a setback for Apple. That said, its quick response does at least show commitment to its platitudes about data security.