Apple generally doesn’t count such a discovery as a “bug bounty” but could make an exception just this once and cough up.
Apple has apparently done quite a bit of firefighting in the last couple of weeks after a fourteen-year-old user from Tucson, Arizona reported a major flaw in Apple’s FaceTime app. The bug in question, for which a fix will be available only next week, allowed callers using Group FaceTime to eavesdrop on other FaceTime users when their call wasn’t answered. Since then, Apple has disabled Group FaceTime, publicly apologised to its users, and has been sued by the user’s mother. According a new report by CNBC, an Apple executive flew in to meet with the user and take feedback. The young user could receive a reward for his discovery.
According to CNBC’s report, the executive (who wasn’t named) flew in to Tucson to meet with the fourteen-year-old bug reporter, Grant Thompson and his mother, Michele Thompson and “thanked [them] in person and also asked for [their] feedback, asked [them] how they could improve their reporting process.” Michele Thompson went on to say, “They also indicated that Grant would be eligible for the bug bounty program. And we would hear from their security team the following week in terms of what that meant.”
As far as offering the young bug reporter a reward goes, Apple is clearly making an exception in this case because its “bug bounty” programme, according to 9to5Mac, generally works on an invite-only basis and is limited to specific categories of security flaws. For example, demonstrating an iCloud account attack or showing how iPhone apps are getting around the security architecture of iOS could merit a bounty but reporting minor bugs does not. Grant Thompson, on the other hand, will reportedly continue to use Apple products despite the Group FaceTime debacle because he believes Apple is still committed to protecting users’ privacy.
Apple introduced Group FaceTime in eligible iPhones, iPads, and iPods as part of iOS 12.1 back in October 2018. According to Apple, the feature allows a maximum of 32 users to participate in a group video call. Additionally, it can detect the current speaker in the call and highlight their feed. iOS 12.1 brought other features with it like ringless notifications, Group FaceTime integration in the Messages app, and a pack of seventy new emojis.