Apple had filed a lawsuit against Corellium, a mobile device virtualization company. Apple accused the company of copyright infringement for copying the iPad and iOS operating system. Corellium has now filed the response and claims that Apple owes them $300,000.
Corellium insists that its software allows Apple’s security researchers to hunt iOS bugs. Meanwhile, Apple had used a screenshot of the Corellium website that shows a virtual iPhone. The Cupertino company insists that “Corellium has simply copied everything: the code, the graphical user interface, the icons – all of it, in exacting detail.”
Corellium maintains that it is easier for security researchers to track down bugs in a virtual environment instead of an actual device. The company also adds that its software has encouraged hackers and researchers to find bugs and inform Apple about the same. Furthermore, Corellium argues that it adheres to Apple’s code fair use policy.
Through its invitation-only research device program and this lawsuit, Apple is trying to control who is permitted to identify vulnerabilities, if and how Apple will address identified vulnerabilities, and if Apple will disclose identified vulnerabilities to the public at all.
Things are not as black and white as it seems. Corellium’s claim of helping hackers and security researchers is not watertight. As Motherboard pointed out Azimuth is one of the companies that don’t report bugs to Apple. Instead, they sell hacking tools to law enforcement agencies in countries like the United States and Canada.
On the other hand, Corellium puts forth the argument that Apple has known the company for very long and is also in touch with Corellium’s founders. Apparently, Chris Wade, Corellium founder was invited to join Apple’s bug bounty program.