“FacePalm” Bug Is a Jarring Wake-Up Call. And Not Just for Apple


Apple is a global icon.

It was the first company in the world to reach a $1 trillion market capitalization, and it is the most valuable company in the world today.

For the second year in a row, Apple ranked as the world’s most-admired company, in a Fortune survey of 3,750 business executives.

PC magazine recently released its 2019 Readers’ Choice Awards and Apple finished #1 for Laptops, Desktop PCs, and Tablets.

The Apple “brand” alone is valued in access of $200 billion and the company’s customer satisfaction and loyalty are reflected the way consumers view it. According to NPS Benchmarks, Apple’s Net Promoter Score for 2017 was a resounding 72, significantly higher than the average NPS score in the consumer electronics industry.

A great company indeed.

What follows here is a wake-up call. And definitely not just for Apple.


On Saturday, Jan. 19, Grant Thompson, a 14-year-old high school freshman in Tucson, AZ, was using Apple’s popular video chatting software FaceTime to set up a Fortnite video-gaming session when he discovered he could eavesdrop on a friend’s phone even though the friend hadn’t answered his call.

When his first friend didn’t pick up the FaceTime call, Thompson added a second friend to the group call, which caused the original call to “pick up” on the first friend’s phone.

A bug in the FaceTime app had enabled Thompson to spy on the other line, hearing everything that was said. He and his friends re-created the spying hack several times to make sure what they’d experienced wasn’t a fluke.

Thompson’s mother, Michele Thompson, sent a video of the hack to Apple Support the next day to alert the company about the “major security flaw” that exposed millions of iPhone users to eavesdropping.

No response.

She tried calling, emailing, and even faxing Apple’s security team. Nothing. Posts to Twitter and Facebook were not fruitful.

On Friday, Feb. 1, Apple’s product security team encouraged Ms. Thompson to set up a developer account to send a formal bug report.

On Monday, Feb. 4, Apple finally took notice and disabled the Group Chat function after an article a developer wrote about the flaw on 9to5mac.com went viral.

On Feb. 7, 2019, Apple released iOS 12.1.4 which includes a fix for a group FaceTime bug.


Apple’s lack of urgency, its miscommunication, and its dithering in addressing the FaceTime flaw – aptly named FacePalm – are surprising and disturbing.

Needlessly, for more than two weeks, it left millions of its customers’ devices open to eavesdropping at a time when bad actors worldwide are using increasingly aggressive strategies in their efforts to hack the smartphones and other technology we rely on 24/7. Our mobile phones have become mission-critical systems, used for all forms of communication, much of it confidential and personal.

Stunning. And a very big black mark for Apple.

What happened exposed substantial deficiencies not only in Apple’s development processes and escalation procedures to surface urgent flaws. It also calls into question the efficacy of systems and processes for responding quickly to bug alerts from its customers.

Grant Thompson’s mom did everything short of knocking on CEO Tim Cook’s door to alert Apple to the FaceTime flaw, but found no takers.

With so much at stake, a company as smart and as resourceful as Apple is surely busy right now asking and answering hard questions about how the situation unfolded the way it did and making sure it makes changes that prevent a repeat performance.

While Apple has the red face in this instance, the FaceTime debacle is surely sending shudders through the C-suites and board rooms not only of Apple’s competitors but also of all the companies we trust to protect and secure our privacy and information. There is always pressure to release new products and features, and it is hard to test for and correct every bug. But a bug as severe as FacePalm should never have been released. And when it was clear it had been released, Apple should have released a fix immediately. They got lucky on this one.

Other companies, from financial service providers to retailers, from Amazon to Uber, should be asking themselves “are we more prepared than Apple was?”

Smart organizations look at the situation as an opportunity to pressure test their own systems. They’re asking “what are we doing to make it easy for our customers to talk to us? What are we doing to make sure we’re listening to our customers and following up?”

Apple has built up a vast reserve of credibility and good will with its customers and shareholders over a long time, and it will surely weather the FaceTime storm. It will come away chastened and committed to improve.

Unfortunately, other organizations – and there will be many in this category – will look at what happened with Apple’s FaceTime, shrug, and say “thank goodness it wasn’t us.”

Unfortunately, there are likely some ticking time bombs out there.

Lou Shipley is a Lecturer at the Martin Trust Center for MIT Entrepreneurship at the MIT Sloan School of Management. Most recently, he was CEO of Black Duck Software (acquired by Synopsys). Follow @loushipley

Trending on Xconomy