Good QA and QC includes security if your product handles sensitive data. This should have been cought during design phase. Or is it actually a hidden feature that got accidentally exposed by the group calling front end bug? That would explain a lot.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's iOS 12.1.4 Update to Fix FaceTime Eavesdropping Bug Showing Up in Analytics
- Thread starter MacRumors
- Start date
- Sort by reaction score
I'm a coder myself, I adhere to sound coding practises, and any loopholes in the code are immediately apparent and there is no need to try to "break" things after the fact, i.e., after it's been compiled, by attempting every permutation and combination of key-presses, &c. (I'd say it's impossible in many cases to try every combination & permutation of everything. The problem needs to be identified and solved at the coding stage, by the coder... not by some QA/QC guy down in the basement). All Apple needs to do is hire reasonably good coders. People who can write beautiful and readable code. As it is now, it's pure amateur hour down there,.... spaghetti code and endless whack-a-mole. I have zero confidence the update will be bug free. Hardware is where Apple excels. Outsource the iOS to China or India, or somewhere, I say. They're disciplined and know their stuff.
Last edited:
Is there any reason to allow remote initiation of video and mic feed without UI interaction in face time app?
Samsung an others have paid folks all up and down Apple forums trying to control opinion. Macrumors does very little to moderate this place to be Apple friendly for Apple fans as all hits are considered profit. I think we need someone to start a new site that focuses on Apple and their fans exclusively as MacRumors has gotten too big and the lack of quality shows.
Pretty much any update (or even no update) for anything can have all kinds of bugs. Kind of neither here nor there.
You know what they say... The first step to fixing a problem is acknowledging that you have one.It's about time. I tried the bug out on a friend and the results were… eye-opening.
View attachment 819296
That's not relevant to my question. Bug X happens as a result of Action Y; sure Bug X should be fixed, but should Action Y be allowed in the first place?
Only if it can be demonstrated that the responsible developers knew this was a possible feature … err - bug.
Okay, reading it again doesn't help since it's just badly written, so the details aren't clear. But checking out the videos made it clearer (sorry, but I usually finding it tiresome and irritating to watch videos on websites... old school, I guess).
On the data selling, it was my impression that B2B companies like GroundTruth only allow users to "consent" to their data usage insomuch as they consent to some specific usage in a specific app, like WeatherBug. But that doesn't secure their data beyond that app. Anyway, my broader point is that, as much as it feels more personal to have a FaceTime call intercepted, you can't track a person's physical location from a FaceTime call (if I'm wrong, then by all means enlighten me, but now without some supporting documentation). Also, a user naively consenting to allow their data to be used in a specific app by no means suggests that they understand how that data might be used down the line. And this kind of practice has been commonplace for some time now. Apple is trying to make that kind of privacy a top priority, and they're one of the few big tech companies bothering to do it. That may only be because it's not a source of income, but that doesn't matter.
Anyway... It's a bug. It's a bad one that should have been discovered, for sure, but a bug nevertheless. My feeling is that Apple was the first to the trillion dollar mark, so they've become the whipping boy for every form of tech scrutiny. Google and Facebook, imho, are far more egregious offenders when it comes to jeopardizing individual privacy.
IMHO, AppleInsider seems to have a more "Adult" userbase. There are knee-jerk Apple Haters on there, too; but not NEARLY to the extent that MR has.
[doublepost=1548972860][/doublepost]
Just like a Magic Trick, every bug looks "very simple" once you know the secret.
But...but apple is all about security and privacy. But..bu...don’t you feel safe? HehIf you want to know when the update is coming out, just call Apple, don't worry if they don't pick up... !
Seriously, this was a bad bug (perhaps more in terms of the company's image than anything else) and I hope they issue the fix as soon as they can. I think they should really hold their hands up and say sorry too, if only to repair the PR damage a little.
Then you should understand the relatively short delay.
[doublepost=1548973922][/doublepost]
The REAL problem is, Apple probably gets an UNBELIEVABLE number of "Bug Reports" every single day. Consider the fact that:
1. Some people have nothing better to do than to pester others with false "bug reports";
2. Most people cannot accurately remember/describe the steps to duplicate a bug (VERY IMPORTANT!);
3. Some HUMAN(s) have to "triage" putative Bug Reports;
4. Some HUMAN(s) have to assign already-busy Resources to analyze/determine a response to each Bug Report;
5. Any "Fix" has to be thoroughly "Regression Tested" to make sure it doesn't BREAK something else;
6. Someone(s) have to Package the "Fix" for Distribution, and TEST the Distribution Package;
7. Steps 5 and 6 may have to be adjusted/repeated for other Countries/Languages...
And you can see how what seems to be a simple "Bug Reporting System" suddenly becomes a MAJOR DEAL!!!
[doublepost=1548974022][/doublepost]
Good thing you aren't in a managerial position, right?
[doublepost=1548974188][/doublepost]
Honestly, all the constant hand-wringing and Monday-Morning Quarterbacking on this Site is absolutely appalling.
I know it drives "Clicks"; but it is very tiresome.
[doublepost=1548974271][/doublepost]
Most of the time, and relative to MR, yes.
[doublepost=1548974353][/doublepost]
Well, if you don't use FaceTime then it hardly concerns you then, does it?
Poor assumption on your behalf, but I’ll let it slide since it’s the Internet. Anyways, yes, in this particular situation with the severity of this type of glitch, somebody at minimum will be reprimanded or terminated.
That's just part of the Escalation Procedure, and perfectly understandable.
And they weren't "Demanding", they were "Requesting". This is done for two reasons:
1. So they are sure they can document the steps to REPRODUCE the alleged "bug", so that the Engineer who's desk the Bug Report actually lands on has ANY chance of "making it happen".
2. To make sure it wasn't a one-time "Restart Fixed It" type thing, or (as is almost ALWAYS the case, honestly!) User Ignorance/Error.
Hope that helps you understand that the "Advisors" aren't there just to TORTURE you.
[doublepost=1548974869][/doublepost]
But it STILL has to rise out of the TORRENT of "Bug Reports" that Apple receives Every. Single. Day.
I don't care if it caused your iPhone to EXPLODE, it would STILL take a few days (and a week is a "few days") to make its way through ANYONE's Bug-Reporting system, not just Apple's.
[doublepost=1548974954][/doublepost]
this will be included in the quickest manner possible.
[doublepost=1548975162][/doublepost]
They probably will include that on the Server-Side of the Fix, or perhaps, the entire fix will be implemented Server-Side, which would actually be best all-around. Afterall, their Servers have to arbitrate/connect EVERY FaceTime call.
And then you ignore it for a week or so until Fox News gets tagged.You know what they say... The first step to fixing a problem is acknowledging that you have one.
You mean "Welcome to the Apple that has to consider HUNDREDS OF MILLIONS of Users all across the planet."
Um... my post was in response to another user's – not touching on the FaceTime issue at all – but, you know, feel free to take my words out of context to prove your own point.
Not according to THIS Poster:
https://forums.macrumors.com/thread...-up-in-analytics.2167870/page-2#post-27053728
[doublepost=1548975576][/doublepost]
No. That's why it wasn't caught sooner.
You can never make software foolproof. Fools are far too clever.
[doublepost=1548975845][/doublepost]
Anyone who says the vast-majority of Chinese or Indian contract-coders are "Disciplined and know their stuff" is EXTREMELY suspect.
[doublepost=1548976071][/doublepost]
Why? The entire "Fix" can be handled "Server-Side".
You press the buttons, but it is Apple's SERVERS that decide what happens (or doesn't happen) when you do. In this case, all Apple has to do is figure out the "Logic Hole" that the "Add a Caller" Server-Side code falls into when it FAILS internally to add the "Organizer" as another "Participant".
[doublepost=1548976274][/doublepost]
Because Apple will want to fix this in a manner that is NOT dependent on waiting for (or initiating) an "Emergency Update" to iOS (which Apple can't FORCE on ANYONE!), they will (and should) Fix this "Server-Side".
I think you misunderstood what i was saying. They should double check and see if there are additional bugs that could be fixed.
and people are willing to allow digital mesh of their face to be stored. only a matter of time until this data is compromised with the only difference being that you can not replace your face. remember that every single sensitive data had leaked or was stolen to this day from various places.
But again that's about fixing the bug. I'm talking about whether there's a valid use case for the action that happened to expose the bug.
I’m not worried. Was it reported that fingerprint data was compromised? Why should a digital representation of your face be any different?
I disagree. It’s a serious protocol design flaw if the calling Party can initiate the pick-up of the receiving party. Makes one wonder if this was not rather implemented as designed. It’s not „just a slip“.