Apple is starting to deliver special iPhones to security researchers
Apple has begun to provide dedicated iPhones for security researchers. The company has now informed several researchers that the phones from the Security Research Device Program are coming their way.
It’s not clear how many researchers have been notified or whether they have received the phones, but Apple has already contacted multiple researchers, MacRumors said. These are iPhones with fewer restrictions than consumer versions. Researchers can use the devices to find vulnerabilities in iOS. With standard iPhones this is often difficult due to container policies in the operating system, but with the special iPhones the researchers have more rights. For example, shell access is possible on the phones, and users can run all kinds of tools that are normally not allowed. Researchers also gain access to certain hardware components such as the Secure Enclave.
Apple already announced the Security Research Device Program in July, but didn’t start handing out the phones at that time. There are requirements for the program. The phones are only intended for researchers who are members of the Apple Developer Program, and researchers must have discovered vulnerabilities in iOS in the past to be eligible for a device.
The telephones are provided on loan for a maximum of one year, although this period can be extended on request. Program participants will have access to a dedicated Apple forum to discuss bugs with Apple engineers, as well as additional documentation on the iPhone. However, researchers are required to report bugs through Apple’s bugbounty program. With that they can earn up to a million dollars. That is less than what is paid in the commercial market for iOS vulnerabilities.