Apple acquired malware detection firm SourceDNA in 2016

By Mike Peterson

Apple acquired malware detection startup SourceDNA in 2016, an acquisition that went unreported until it was revealed during testimony in the Epic Games v. Apple trial.

Credit: James Yarema/Unsplash

SourceDNA was a startup that created an automated system for checking apps for malware or malicious code. Emails revealed during Apple's trial with Epic Games indicate that the company was interested in acquiring SourceDNA in 2015.

"The XcodeGhost issue has generated much more interest in acquiring SourceDNA," said Trystan Kosmynka, a senior director of Apple's App Review process. "Now would be an opportunistic time to resume these conversations."

The email refers to XcodeGhost, a piece of malware that tainted a slew of apps on the App Store in 2015. SourceDNA in 2015 also revealed the existence of third-party developer tools that were secretly recording information in violation of Apple's guidelines.

According to the email, Kosmynka's case for acquiring SourceDNA included its "world class" engineer and security expert founder Nate Lawson, its patented binary analysis technology, and its custom built decompiler, among other reasons.

During his testimony on Thursday, Kosmynka also expanded on the tools that Apple uses to catch malware in the App Store review process. He said that SourceDNA engineers re-built a newer tool based on the startup's technology after it was acquired by Apple.