Corellium exploits iOS jailbreak to install Android on iPhone
Cybersecurity startup Corellium, which is being sued by Apple over alleged copyright infringement, on Wednesday revealed Project Sandcastle, a beta product that leverages the checkra1n jailbreak to launch a version of Android on older iPhone models.
Shown off to Forbes, the Android-on-iPhone beta is designed as a type of proof of concept that demonstrates Apple's walled garden can — to some extent — be compromised.
"Apple restricts iPhone users to operate inside a sandbox, but users own that hardware, and they should be able to use that hardware the way they want. So where sandboxes create limits and boundaries on the hardware that users own, sandcastles provide an opportunity to create something new and wonderful from the limitless bounds of your imagination," Corellium said in a statement.
Corellium built Project Sandcastle with first-party tools, specifically virtualization software capable of creating an "ephemeral" phone within an iPhone. Because it relies on the checkra1n jailbreak, Corellium's beta product can infiltrate the latest iOS 13, but is restricted to iPhone 7, iPhone 7 Plus and iPod Touch. Support for other iPhone versions is in the works, though the jailbreak is unable to penetrate iPhone 11 and above.
If a new jailbreak is discovered, however, Project Sandcastle could use the exploit to run Android on current generation iPhones.
The new initiative is salt in the wound for Apple, which last year sued Corellium for allegedly infringing on iOS copyrights by selling iOS and device virtualization software. According to the lawsuit, the product portfolio includes virtual versions of iOS devices running what Apple calls unauthorized copies of iOS.
"Apple has, for years, attempted to lock down the iPhone and iPad under the guise of security when, in reality, it sought to exclude competition," David Hecht, partner at Pierce Bainbridge and Corellium's counsel told Forbes. "Apple's dominance allows it to decide everything from what apps will be allowed in the market to the commission it charges developers. Corellium's solution to run Android on iPhone will finally provide customers with a viable alternative to Apple's App Store and iOS."
Most recently, Apple roped Santander Bank and L3Harris Technologies into the legal fray with subpoenas demanding the companies turn over information detailing how they use Corellium's software. Apple also requested all communication between the firms and Corellium, as well as contracts and information about Corellium founder Chris Wade.