A federal judge squashed Apple’s complaint against security startup Corellium. Apple sued Corellium in 2019, accusing it of violating its copyright for offering researchers ’virtual’ iPhones that can help them find bugs in iOS products. Apple also accused Corellium of violating Digital Millennium Copyright Act by bypassing its security to create its iPhone emulator. The court is yet to rule on it.
Corellium’s software allows security experts to run virtual iPhones on a browser on their computer. It gives them deeper access to iOS even without a physical iPhone installed with special software.
Judge Rodney Smith ruled, however, that Apple’s claims are “puzzling, if not disingenuous.” He wrote in his ruling “Weighing all the necessary factors, the Court finds that Corellium has met its burden of establishing fair use. Thus, its use of iOS in connection with the Corellium Product is permissible.” The judge also pointed out that Apple tried to acquire Corellium in 2018 and was able to test its product before their talks fell through. If Apple pushed through with Corellium’s acquisition, the latter’s software would’ve apparently been used for internal testing and validation. The ruling discussed how Corellium vets its customers before selling them the software, as well.
Apple has long been criticized for making it difficult for researchers to take its mobile platform apart to check for vulnerabilities. Recently, though, it launched the Security Research Device (SRD) Program that sends qualified security experts hacker-friendly iPhones they can use to find bugs in iOS itself and in third-party apps. Apple sent out its first batch of SRD iPhones a few days ago and is expected to accept more applicants into the program in the future.