Democrats on the House Energy and Commerce Committee have asked Apple to explain how it handles security bug reports, following claims it responded slowly to the FaceTime privacy glitch.
The bug allowed FaceTime users to listen in on other users' calls even without the recipient answering the call. Apple faced criticism over claims that it had been notified of the bug by an iPhone user a week before it hit mainstream media and forced Apple to take the Group FaceTime feature offline.
The bug was found by 14-year-old Grant Thompson, whose mother reported the issue to Apple, but only after several unsuccessful attempts.
The House committee, headed up by Frank Pallone Jr (D-NJ), on Tuesday sent a letter to Apple CEO Tim Cook demanding written answers by February 19 about the company's response to the FaceTime bug.
"As a first step, we believe it is important for Apple to be transparent about its investigation into the Group FaceTime vulnerability and the steps it is taking to protect consumers' privacy," the letter states. "To date, we do not believe Apple has been as transparent as this serious issue requires."
The committee wants to know whether Apple knew about the FaceTime bug before being notified by Thompson's mother and if so, when did it become aware of the bug. It also wants Apple to provide a timeline of steps it took after first identifying the issue.
The lawmakers also have questions about how Apple tests its products for vulnerabilities before releasing them to the public and why Apple took so long to disable Group FaceTime after Thompson's report.
SEE: Apple iOS 12: An insider's guide (free PDF)
The committee expects Apple to reveal whether it intends to notify and compensate consumers for any privacy violations that may have been caused by the bug.
It also wants to know of any other undisclosed bugs that Apple has yet to address and which could similarly give unauthorized access to an iOS device's microphone or camera.
Apple issued a statement last week explaining that it disabled Group FaceTime "as soon as our engineering team became aware of the details necessary to reproduce the bug".
However, it also promised to improve the processes it uses to escalate reports it receives.
Apple is planning to release an iOS patch that addresses the bug this week.
Previous and related coverage
Apple sued over FaceTime eavesdropping bug and faces criticism for not responding to bug reports.
Group FaceTime calls are currently disabled for all users through the server, and a software update will arrive next week to completely fix the issue.
The probe is focused on Apple's response to the eavesdropping vulnerability.
The teen's mother attempted to contact Apple with no success.
Apple iPhone users discovered a serious FaceTime bug that lets you hear audio from another iPhone or even view live video without the recipient's knowledge.
The bug that allows people to listen in to other people's phones and even see video hits Apple where it truly hurts -- in its protestations of privacy protection.
The update includes bug fixes and FaceTime improvements.
An Apple FaceTime bug can let callers hear and see you, even if you don't accept the call. Here's how to protect yourself until there's a permanent fix.
At WWDC, Apple announced a new feature for iOS 12 that will allow FaceTime to accommodate up to 32 people at once. This could make Apple a contender in the enterprise video conferencing realm.