Mike Peterson
Apple is reportedly preparing to send out "jailbroken" iPhone devices to the first participants of its Security Research Device (SRD) program, which is meant to facilitate iOS security research.
The SRD program centers on specially configured iPhones that are less locked down than consumer devices, allowing security researchers to more easily find flaws and vulnerabilities. The program was announced in August 2019, and Apple began accepting applications for it in July 2020.
On Tuesday, Apple began notifying the first applicants who will be receiving the specialized iPhones, according to MacRumors. The company says that the devices will be sent out right away.
The devices are being loaned to researchers on a 12-month renewable basis. Apple notes that only approved researchers will be able to get their hands on them and that they're only "intended for use in a controlled setting."
Security researchers will be able to achieve shell access on the devices, run any tools, and choose their entitlements. Beyond those special configuration, an SRD behaves much like a normal iPhone so that they can serve as a "representative research target."
The goal of the SRD program is to allow researchers to more easily find and report security vulnerabilities in Apple platforms without needing to jailbreak devices. In a way, the program also serves as an olive branch to security researchers, who have long complained about Apple's bug bounty programs and security policies.
Alongside access to an SRD, participants will also be granted access to a special collaborative forum with Apple engineers and extensive documentation on Apple platforms.
In addition to the SRD, Apple also announced that it would be paying more for vulnerabilities found in its software as part of its bug bounty program.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
5 Comments
This is a great idea and will hopefully make iPhones more secure.
Apple should make iPhones more secure, but just like Macs can be fully secure, incl. secure boot, etc. having a secure iPhone and preventing advanced users from having root access to their own device is NOT the same.
There is NOTHING inherently INSECURE about users having root access to their own devices, all it does is prevent users from running useful apps that don’t fit AppStore guidelines (like network scanners which are a standard network admin tool for which I had to get a cheap Android device) and from inspecting what processes are doing suspicious things (oh, like my iPhone SE at random times being hot as hell while supposedly doing nothing), and which for that reason I’d long have scrapped had it any potentially sensitive information on it.
It’s basically one huge lie from Apple that device security is compromised by the device owner having optionally full access. What might be potentially compromised are Apple’s DRM schemes and carrier settings that distinguish between on-device and tethering data use, the latter is utterly anti-competitive anyway, as if a user pays for data, it’s none of the carriers’ business to know what’s the ultimate destination of that data, and charge extra depending on the data destination.
In other words: EVERY user should have the option of configuring his device like these security research phones.
except - most users don't want this. If they would, they would get cheap Android crap.
I'm confused. People have been jailbreaking iPhones since the first one came out and I always assumed that would be the first step by anyone doing serious security research, so how is this program really doing anything different, other than giving apple's blessing to possessing a jailbroken phone?