**To:** product-security@apple.com **Subject:** iOS Privacy Indicator Bypass in Facebook iOS v345.0 - CallKit/PushKit Abuse for Unauthorized Audio Capture
Dear Apple Security Research Team,
I am submitting a security vulnerability report documenting a sophisticated privacy bypass in the Facebook iOS application (v345.0, Build 333768490) that enables background audio capture while suppressing iOS 14+ privacy indicators.
Summary
Through static binary analysis, I identified code paths in the Facebook iOS app that:
- undefined
Impact
- undefined
Severity Assessment
I assess this as CRITICAL severity due to:
- undefined
Disclosure Timeline Request
I am requesting a 90-day coordinated disclosure period (deadline: March 29, 2026) before public disclosure.
Attachments
- undefined
Additional Materials Available
Upon request, I can provide:
- undefined
Contact Information
Researcher: Research Team Email: [YOUR EMAIL] PGP Key: [YOUR KEY FINGERPRINT IF AVAILABLE]
I am available for any questions or clarifications. I can also be reached via Signal at [YOUR SIGNAL NUMBER] for secure communication if preferred.
Thank you for your attention to this matter.
Best regards, Research Team
Pre-Submission Checklist
Before sending, ensure you have:
- undefined
Alternative Submission Methods
If email doesn't work or you want parallel submissions:
- undefined
Parallel Disclosure Considerations
After submitting to Apple, you may want to consider:
- undefined
The dual-track approach (Apple + public deadline) is industry standard and gives you leverage.