Addictive Tips posted the details of an alleged conversation it had with a member of the "iPhone Development Department" who claims that not only are iPhone 4 calls made via FaceTime unencrypted, but that iOS 4 sends details of every FaceTime call back to Apple's mothership in Cupertino.
According to its source, "FaceTime is going be the biggest privacy break ever. It was the first thing that kinda set me on a rampage to leak info."
The problems are two. First, FaceTime's lack of security:
The issue is with Wifi is that anyone can get on a Wifi Signal and potentially see what the viewers and broadcasters are looking at without them know, now Apple will deny this and say its not our problem you were not on a secure connection, in my mind I think that its all bull****. People should be able to have some type of security during those calls.
The allegation is that iOS 4 sends Cupertino the details, including the parties involved and their locations, after every FaceTime call:
Worse yet is once a person connects to another person on FaceTime it, for some reason none of us in the office can figure out, sends us (APPLE) a message and says those two people are connecting via Facetime and gives out their location to us. So for whatever reason we need that information just blows my mind. As a consumer why would you need to let Apple know that you are connecting with a person via FaceTime, its none of Apple’s business.
Note: minor typos in the quotes were corrected.
Keep in mind that this is only a rumor at this point and remains unconfirmed. Hopefully someone in the developer/jailbreak community will be able to confirm or deny these serious allegations.
Emails to Apple for clarification on this issue weren't returned when this story was posted. I will update this post if/when they do.
Update: Apple has responded to the allegations with the following response:
The site you mention is alleging that FaceTime is sending user names and locations back to Cupertino after each FaceTime call. That is incorrect.
Apple creates a unique ID for each FaceTime user, ensuring FaceTime calls are routed and connected properly. No other user information is stored for FaceTime and Apple cannot retrieve the data for any other purpose (it is stored in a hash format). No location information is ever used or stored during FaceTime registration or a FaceTime conversation. Additionally, the entire FaceTime conversation stream itself is encrypted.