**Prepared:** December 29, 2025 **Researcher:** Research Team **Target:** Facebook iOS v345.0 (Build 333768490)
Evidence Package Contents
Core Evidence Files
| File | Location | Size |
|---|---|---|
| Runtime Evidence Appendix | `evidence/Facebook-iOS-Runtime-Evidence-Appendix.md` | 301 lines |
| Runtime Supplement (Extended) | `evidence/Runtime-Evidence-Supplement-20251229.md` | 682 lines |
| Binary Analysis Supplement | `evidence/Binary-Analysis-Supplement-20251229.md` | 361 lines |
| FTC Complaint | `ftc/FTC_CONSUMER_PROTECTION_COMPLAINT.md` | 477 lines |
| Apple Security Disclosure | `apple/APPLE_SECURITY_DISCLOSURE_FINAL.md` | 1088 lines |
| FBI Wiretapping Disclosure | `fbi/FBI_WIRETAPPING_DISCLOSURE_FINAL.md` | (existing) |
| Media Press Release | `media/MEDIA_PRESS_RELEASE.md` | (existing) |
| Public Disclosure | `public/PUBLIC_DISCLOSURE_FACEBOOK_iOS_SURVEILLANCE.md` | (existing) |
Technical Artifacts
| File | Location | Purpose |
|---|---|---|
| `fb_bypass_monitor.js` | ` | Main Frida monitoring script |
| `fb_silent_push_monitor.js` | ` | VoIP/push monitoring script |
| `fb_quick_validate.js` | ` | Quick validation script |
Key Evidence Metrics
| Evidence | Value | Significance |
|---|---|---|
| Bypass duration | 39+ minutes | Sustained indicator suppression |
| Audio captures | 20,248+ | Massive covert capture |
| PKPushRegistry instances | 321,700+ | Extreme VoIP API abuse |
| Background tasks | 35 in 25 min | Infinite renewal loop |
| MQTT renewals | 4x | Persistent covert channel |
| Active calls | 0 | No legitimate VoIP purpose |
SUBMISSION 1: Apple Security Research
Portal
**URL:** https://developer.apple.com/security-bounty/
Documents to Submit
- undefined
Key Vulnerabilities to Highlight
- undefined
Requested Actions
- undefined
Apple-Specific Points
- undefined
SUBMISSION 2: Federal Trade Commission (FTC)
Portal
**URL:** https://reportfraud.ftc.gov/
Documents to Submit
- undefined
Legal Violations to Cite
- undefined
Key Arguments
- undefined
Evidence Highlights for FTC
| Claim | Evidence |
|---|---|
| Bypass exists | `allowCallKitActiveAdjust: false` captured |
| No legitimate call | `isCallKitActive: null` throughout |
| Massive capture | 20,248+ audio captures, 400-600/sec |
| VoIP abuse | 321,700+ PKPushRegistry, 0 calls |
| Infinite loop | 35 background tasks renewing every ~8 min |
Requested Remedies
- undefined
SUBMISSION 3: FBI (Federal Wiretapping)
Contact
**URL:** https://tips.fbi.gov/ or local FBI field office
Documents to Submit
- undefined
Applicable Federal Laws
- undefined
Key Arguments
- undefined
Evidence for Criminal Referral
| Element | Evidence |
|---|---|
| Interception | 20,248+ audio captures via `startAudioCaptureWithEchoCancellationEnabled` |
| Without consent | Indicator suppressed, users unaware |
| Willfulness | Bypass code deliberately named, architectural coupling |
| Interstate commerce | Facebook servers, nationwide user base |
SUBMISSION 4: State Attorneys General
Priority States (Strong Privacy Laws)
- undefined
Documents to Submit
- undefined
SUBMISSION 5: Media Disclosure
After Regulatory Submissions (Recommended 30-60 Day Delay)
Target Outlets
- undefined
Documents to Provide
- undefined
Journalist Contacts (Research Required)
- undefined
Pre-Submission Checklist
Documentation Review
- undefined
Legal Considerations
- undefined
Technical Verification
- undefined
Submission Order (Recommended)
- undefined
Evidence Preservation
Backup Locations
- undefined
Hash Verification
Bash
cd . -name "*.md" -exec sha256sum {} \; > evidence_checksums.txtContact Information
**Researcher:** Research Team **Email:** [your email] **PGP Key:** [if available]
*Checklist prepared: December 29, 2025* *Evidence collection complete* *Ready for submission*