New York’s governor and attorney general have launched an investigation into Apple’s apparent failure to tell iPhone owners about the Group FaceTime bug publicized this week.
The bug, which prompted Apple to shutdown the Group FaceTime feature on Monday evening, allowed any iPhone user to listen to another iPhone user's FaceTime call, even when the recipient didn’t answer it.
The issue could have been exploited between any two iPhones running iOS 12.1. Group FaceTime is a new feature that arrived on iOS with Apple’s release of iOS 12.1, which Apple released in late 2018. Apple intended to release Group FaceTime with iOS 12, allowing iPhone owners to make group calls on FaceTime. However, delayed the feature until iOS 12.1 for unspecified reasons.
A Texas-based lawyer has filed a lawsuit against Apple over the bug claiming that it let someone else listen in to a sworn testimony. The lawsuit accuses Apple of failing to properly test its software for privacy bugs, and claims the lawyer’s future income was harmed as a result of the FaceTime leak.
After the bug hit media on Tuesday, another Arizona-based lawyer detailed the difficulties she faced in reporting the bug to Apple, which she claims was first sent to Apple on January 20, just over a week before the issue became public.
Apple has said it plans to release a fix for the issue this week. A would-be attacker could have exploited the flaw by calling a person on FaceTime, swiping up and adding themselves to a group chat. The attack was disabled after Apple took the Group FaceTime feature offline.
But New York State's governor, Andrew Cuomo, isn’t happy with the speed of Apple’s response to the issue and threw his support behind an investigation into Apple’s handling of it by the state’s attorney general, Letitia James.
"In the wake of this egregious bug that put the privacy of New Yorkers at risk, I support this investigation by the Attorney General into this serious consumer rights issue and direct the Division of Consumer Protection to help in any way possible,” said Cuomo.
The state’s division of consumer protection has invited affected consumers to file complaints about the FaceTime bug to its helpline.
“My office will be conducting a thorough investigation into Apple's response to the situation, and will evaluate the company's actions in relation to the laws set forth by the State of New York. We must use every tool at our disposal to ensure that consumers are always protected,” said James.
Apple's FaceTime dilemma was overshadowed on Wednesday over its response to yet another Facebook privacy scandal, in which Facebook was caught abusing Apple's program that allows enterprise customers to distribute apps to employees outside of the Apple iOS App Store.
Facebook used the program to publicly distribute a market research app, called Facebook Research, under Apple's enterprise program. This runs against Apple's rules that restrict apps destined for public consumption to the App Store. Enterprise customers however can use Apple's enterprise program to distribute apps privately and outside the App Store.
Apple on Wednesday announced that it had revoked Facebook's digital certificates for the enterprise program, which in turn has prevented Facebook employees from using internal apps that were accessible on iPhones under Apple's enterprise program.