The FaceTime video-chat app on your iPhone may have let people eavesdrop on you — an embarrassment to Apple Inc., which yanked the flawed feature and said Tuesday that it’s hurrying to fix the underlying problem.
An apparent bug in FaceTime’s new group chat function allowed callers to remotely activate the microphone on another person’s iPhone, iPad or Mac without that person’s knowledge and hear whatever sounds the microphone picked up.
More than a week ago, a Twitter user — described by consumer technology website CNET as a Tuscon lawyer named Michele Thompson — said that her teenage son had found the problem and that she’d submitted a bug report to Apple. The user’s tweets flagged Apple customer service, Fox News and, a day later, Apple Chief Executive Tim Cook.
After the report, Apple disabled FaceTime’s group chat function Monday evening and said it was working on a patch. “We’re aware of this issue, and we have identified a fix that will be released in a software update later this week,” it said in a statement.
Apple did not immediately respond to a Times email asking when the company became aware of the bug.
The problem is a black eye for Apple, which has promoted itself as being more conscientious about user privacy than rival tech giants. On Monday, before news of the bug exploded, Cook noted in a tweet that it was Data Privacy Day and that everyone should “insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important.”
Apple’s system status page on Tuesday indicated that “Group FaceTime is temporarily unavailable.” That “ongoing issue” with the service began Monday night, according to the status page.
Before Apple yanked the feature, the eavesdropping process involved placing a FaceTime video call and then adding your own phone number as an additional participant while the call was dialing. A group FaceTime call would start at that point, and the microphone on the device of the call’s original recipient would be activated even if that person hadn’t accepted the call.
Additionally, if the recipient of the call pressed the power button, they would unknowingly send a live video feed to the caller. The Times independently replicated the feature Monday evening before it was pulled.
Apple added multi-person FaceTime calling at the end of last year via a software update that was, in part, designed to address previous software bugs.
New York Gov. Andrew Cuomo said the bug was “an egregious breach of privacy” and, in a statement, called on Apple to fix the problem “without delay.” He also urged New Yorkers “to disable their FaceTime app until a fix is made available.”
Apple says protecting user data is baked into its business model: Unlike Facebook Inc., Alphabet Inc.’s Google and other tech giants, Apple gets most of its revenue from selling hardware to consumers, not from selling targeted advertising space to third parties. Therefore, Apple contends, people don’t have to worry that it will peddle their personal data to boost ad revenue.
Apple does admit to collecting information about users’ behavior to improve some of its features. But the company says it aggregates and “scrambles” millions of users’ data together to look for general patterns, not specific individuals’ traits.
“These patterns help us identify things like the most popular emoji, the best QuickType [predictive text] suggestions, and energy consumption rates in Safari,” Apple says on its website.
Some in the technology industry predicted little fallout for Apple because of the company’s reputation for safeguarding user data.
“Apple has a pristine privacy record, so the FaceTime bug is noteworthy and a small setback,” said Gene Munster, co-founder of venture capital firm Loup Ventures. “Even with the bug, Apple is still the most trusted tech company when it comes to privacy.”
News of the bug appeared to have little effect on Wall Street, where investors saw signs of stability in the company’s quarterly earnings report. Shares held relatively stable in extended trading Tuesday after Apple reported that although iPhones sales had fallen, revenue from other businesses, such as services and wearable devices, grew from a year earlier. The company had lost about a third of its market value since October on concern about a saturated smartphone market as well as rising trade tensions and a slowing economy in China.
U.S. lawmakers increasingly have been turning their attention on the practices of high-tech companies. Last summer, top Republicans on the House Energy and Commerce Committee sent letters to Apple and Google seeking details about how much the tech giants track smartphone users’ locations and collect snippets of audio from requests to voice assistants such as Apple’s Siri.
Bloomberg was used in compiling this report.