Last year, Apple had announced at the Black Hat security conference that it will be providing security researchers with ‘jailbroken’ iPhones to allow them to find more vulnerabilities in iOS. Almost a year later, the company will finally start providing these iPhones to security researchers and analysts that meet the eligibility criteria.
The Apple Security Research Device Program is “designed to help improve security for all iOS users, bring more researchers to iPhone, and improve efficiency for those who already work on iOS security. It features an iPhone dedicated exclusively to security research, with unique code execution and containment policies.”
The iPhone or the Security Research Device (SRD) provided by Apple as a part of this program will have shell access thereby allowing researchers to run any tools and entitlements of their choice. The company will be providing these iPhones on a 12-month renewable basis and at all times, they will remain the property of the company itself.
This is the first time that Apple is providing devices with shell access to security researchers and hackers. The company also made it clear to TechCrunch that it will be working closely with researchers instead of just shipping them the devices and then forgetting about it. Security researchers and hackers will be able to file for bugs that they find in such devices to Apple’s bug bounty program where they can receive up to $1 million in payouts.
To be eligible for the program, you must have an Apple Developer Program account along with a “proven track record” of finding security issues in Apple products or other OSes. The program is also only available in selected countries including Australia, Austria, France, Hungary, Ireland, Japan, Norway, Poland, the U.K., and the United States.
Apple will individually review all applications and if your application is not approved for this year, it will be automatically considered for 2021. You can apply for Apple’s Security Research Device Program here.
Over the last couple of years, Apple has been increasingly welcoming of security researchers and hackers and has shown its willingness to work with them in making iOS and its other products and services more secure. The impact of this SRD program from Apple is not going to be noticeable immediately but it should still have a positive impact on the overall security of Apple products and services.