A teenager was the first to discover the Apple FaceTime bug

Teen first to find Apple FaceTime bug

FaceTime—the preferred communication method for people who believe regular phone calls aren’t inconvenient enough—came under intense scrutiny on Jan. 28, as it was revealed that the app features a major privacy flaw. As 9to5Mac reported, the bug allows users to call others on FaceTime and hear audio before the other party answers the call.

Callers can activate the bug by faking a conference call (swiping up while ringing and adding their own phone number to the call), upon which the caller can then hear everything on the other phone’s end. iPhone users dug deeper and also found that if a person hit the power button from the lock screen, FaceTime would share the other person’s video as well.

In response to the bug, an Apple spokesperson said the company is “aware of this issue and we have identified a fix that will be released in a software update later this week.” In the meantime, the company placed group FaceTime offline as a temporary stopgap.

Manage your supply chain from home with Sourcengine

But Apple’s week doesn’t stop there, as it seems the company knew of the bug before it hit the internet.

How a 14-year-old Found the FaceTime Privacy Issue

While news of the FaceTime bug hit the internet on Monday, several outlets discovered that the bug was first reported on Jan. 20. A Twitter user tweeted to Apple that her teenage son had discovered “a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval.”

According to tech entrepreneur John Meyer, who contacted the teenager’s parents, the 14-year-old discovered the flaw while setting up a FaceTime chat with his friends during a game of Fortnite.

The parent (who has been identified as Michele Thompson of Tucson, Arizona) reported the bug to Apple support. In subsequent emails, Thompson also brought up Apple’s bounty program which rewards users for discovering bugs.

With Apple support unresponsive, Thompson went to greater lengths in reporting the bug, including sending a video to Apple that demonstrated how to activate the bug and faxing the company about the issue.

Eventually, Apple responded…but only to instruct Thompson to report the bug via the formal process of registering as a developer.

Exposing Vulnerabilities with FaceTime and Reporting

Even beyond exposing a significant privacy issue with one of its flagship apps, the subsequent story of Apple’s convoluted bug reporting system does no favors for the company, as Thompson quickly learned.

“It’s extremely difficult for a citizen to report this and then get it noticed,” said Thompson. “I’m sure they get a lot of fake reports, but it’s frustrating because there is no clear way to report this issue.”