In context: Grant Thompson, the teen who discovered the Group FaceTime bug, might get a reward after all. Apple has indicated that the flaw may qualify for a cash award under its bug bounty program for iOS.
Last week we reported on a fairly severe bug on Apple devices using FaceTime. The 14-year-old Thompson had stumbled upon a quirk when using the Group FaceTime feature that allowed him to hear the recipient of the call even if it went unanswered. The glitch also turned on the receiver’s camera if the power button was pressed to silence the incoming call.
After reporting the bug, which required registering as an Apple developer, Grant’s mother Michelle Thompson was disappointed Apple had not acknowledged or thanked Grant in any way for making them aware of the serious flaw.
“Apple should reward people for reporting things of this nature — not just reward the developers or the people who are savvy with tech,” she said. “I think just thanking him would be great.”
While Apple did subsequently acknowledge and thank the Thompsons in a statement to the press, a “high-level Apple executive” later paid Grant and his family a visit to personally thank him. During the visit, the exec also told the Thompsons that Grant was eligible for a bug bounty.
“They also indicated that Grant would be eligible for the bug bounty program, and we would hear from their security team the following week in terms of what that meant,” Michelle told CNBC. “If he got some kind of bug bounty for what he found, we'd certainly put it to good use for his college because I think he's going to go far, hopefully.”
According to a talk given at Black Hat 2016 by Apple's head of Security Engineering and Architecture Ivan Krstić, bounties range from $25,000 to $200,000. Even if Grant only received the lowest reward, that money would go a long way in college.
The problem, which Apple had said was with the FaceTime servers, was reportedly fixed last week. Cupertino said it would have Group FaceTime re-enabled this week, but as of now it is still not available.