Dear Mr, Cook:
We are deeply troubled by the recent press reports about how long it took for Apple to address a signiﬁcant privacy violation identiﬁed by Grant Thompson, a 14-year-old in its Group FaceTime feature. As such, we are writing to better understand when Apple first learned of this security ﬂaw, the extent to which the ﬂaw has compromised consumers’ privacy, and whether there are other undisclosed bugs that currently exist and have not been addressed,
In today’s world, nearly every adult and many children walk around with a device in a purse, a backpack, or pocket that has a microphone and camera According to one study, the average age children ﬁrst get a smartphone is 10 years old.2 Moreover, the marketing of smart home devices encourages consumers to place cameras and microphones in the most personal and intimate rooms in their homes. While these are wonderful tools when used right, the serious privacy issue with Group FaceTime demonstrates how these devices also can become the ultimate spying machines. That is why it is critical that companies like Apple are held to the highest standards Your company and others must proactively ensure devices and applications protect consumer privacy, immediately act when a vulnerability is identiﬁed, and address any harm caused when you fail to meet your obligations to consumers.
We found out about the FaceTime bug after a teen discovered it and his mom reported it to Apple. It tricked FaceTime into believing a call was underway before it was accepted. This let the caller get transmitted audio from the other device and use it to spy on the person. A fix for the bug was delayed.