The “A [?]” iPhone Bug Spread Like a Virus

The A[?] Bug affecting iPhone users may have been a virus that spread from user to user.

Nov 10, 2017

tldr: The A[?] Bug affecting iPhone users may have been a virus that spread from

user to user. I analyze infected users on Twitter to investigate this, demonstrating 3 properties of viruses: exponential growth, location-centric spreading, and network edge-centric spreading (spreading via friends).

Analysis of 2.5M tweets from 1M infected users

The A[?] Bug

Apple rolled out iOS 11.1 on November 1st, releasing a multitude of issues and bugs. But nothing quite matched the magnitude, attention, and hysteria that the A [?] bug has received this past week.

For the uninitiated, the A[?] bug affects iOS users who try to type the letter “I” and their keyboard autocorrects “I” to “A [?]”. With one of humanity’s oldest and most important words destroyed, this bug understandably drove people crazy. Here is a screenshot of the bug in action:

This bug was so severe it regressed many people back to the stone age, with “me” once again becoming the preferred term of self-identification.

A Theory Forms

There was much speculation on what caused this bug, and why it didn’t affect all users. The most interesting speculation arose around the fact that reports of the bug seemed to grow every day, as if it were spreading. A theory arose that the bug only manifested itself if the autocorrect software saw the A [?] character in a received text. Basically: if someone sent it to you, you were infected.

This properly fits the mold of a virus (though I’m sure Apple would not use that term). However, all of this was just speculation, so I set out to quantitatively answer this question by tracking the spread of this bug on Twitter.

The bug frustrating users on both Twitter and Snapchat.

Unicode, Emoji, and A [?]

The character in question is not actually A [?], but is actually a series of unicode emoji characters “\x49\xEF\xB8\x8F”. Some software renders this as “A [?]”, and some software renders this as “I”. The interesting thing about this bug is that many users were unaware of it, because the unicode characters were rendering as “I” for them. Because of this, they sent many corrupted messages, tweets, etc, without editing the character out.

Twitter Data

I used the Twitter API to search for and download ~2.5 Million tweets in the past week that contained the offending character to investigate 3 key questions about the spread of this bug.

1. Viruses Grow Exponentially

Something becomes immediately apparent when looking at the distribution of these tweets: they are accelerating in frequency. The number of infected tweets effectively doubles every day, in an exponential, virus-like growth. This relationship also applies to the number of infected users.

2. Viruses Spread By Location

Viruses often spread in a geographic fashion amongst populations. Here, I show the spread of the virus across the United States as each minute passes. Notice how clusters form around initial points of infection and spread outward.

3. Viruses Spread Among Friends

Anyone who has ever caught mono knows that viruses spread through close contact. I investigate networks of friends to see how the A [?] bug spreads among networks. The animation is of a group of 100 friends (mutually following each other). Each node is a user, and every edge is a friendship connection. An edge is only shown when both friends have contracted the bug. Notice how the virus spreads fastest among nodes with many infected friends. The animation also shows the overall growth pattern of the virus, with few being initially infected, and exponentially spreading through the network.

Was the A [?] Bug a Virus?

Maybe.

This investigation indicates that the A [?] bug spread in a viral-like fashion. It is possible this effects are due to the progressive adoption of the 11.1 update, but that should show linear, not exponential growth. Apple has since patched this bug in the newest 11.1.1 update, but has not released a statement on the original bug’s cause. It is important to remember that we cannot be certain of anything until Apple releases an official report on what went wrong. And until then, all we can do is speculate.


Tools Used:

python, matplotlib, numpy, d3, twitter api… code available soon

Hacker News link: *https://news.ycombinator.com/item?id=15681249

Medium Post

Questions? Reach out to nicholasjlocascio at gmail dot com