Apple accused of using copyright law to harm security industry

Back in August, Apple filed a lawsuit against Corellium, a virtualization company that allows developers and researchers to use virtualized instances of iOS in a web browser. Apple accused Corellium of copyright infringement for illegally replicating the iOS operating system and its applications.

“Corellium serves up what it touts as a perfect digital facsimile of a broad range of Apple's market-leading devices–recreating with fastidious attention to detail not just the way the operating system and applications appear visually to bona fide purchasers, but also the underlying computer code. Corellium does so with no license or permission from Apple” reads the lawsuit.

Corellium uses virtualization to help researchers identify security risks in software.

Corellium uses virtualization to help researchers identify security risks in software.

On October 29, Corellium responded saying that their use of Apple's code constitutes fair use and in fact supports the iOS ecosystem by making it easier for researchers to identify vulnerabilities. They also claimed that Apple owes them $300,000 for identified security bugs.

Daniel Cuthbert, head of cybersecurity research at Santander bank, said that his team used Corellium to test the bank’s apps on different iOS versions. “The real power and strength of Corellium is that it helps people write better apps by distributing and testing them in an automated fashion that doesn't depend on physical devices,” Cuthbert said. “Apple is hurting the business world more than they think.”

You’re completely missing the point. This is not some company copying iOS and launching their own devices for end users, this is a tool for security researchers. They’re using copyright as an excuse to shut down independent security research.

— Guilherme Rambo (@_inside) December 28, 2019

On November 7, Corellium published a statement addressing the lawsuit. “This comes as a surprise to our team, given our long-standing relationship with Apple. Apple has been aware of our ground-breaking technology since the company was founded, and at any point in the past two years, Apple could have notified us of their concerns. We think Apple’s lawsuit is driven by its own business interests rather than a genuine belief that we violated any of its rights,” reads the statement.

I am SO unbelievably disappointed that Apple has declared war on the security scene.

They lost all those years ago with the DMCA exemption, but now they’ve decided to go after the researchers, the people keeping US safe.

— Jamie Bishop (@jamiebishop123) December 28, 2019

This copyright case has now been turned into a full on assault of our rights.

It’s a war on freedom and it’s a war on understanding what is on YOUR device.

— Jamie Bishop (@jamiebishop123) December 28, 2019

Critics argue that Apple is shutting down independent security research for profit motives. iOS developer Jamie Bishop tweeted yesterday about Apple's latest filing, arguing that it sets a dangerous precedent: “It effectively will set a precedent which makes unsanctioned research of Apple products ILLEGAL. This “security focused” company is sending a clear message here: look into our shit and we will ruin your life.”