Security Researchers Afraid to Use iPhone Virtualization Corellium After Apple Lawsuit
Apple in August 2019 filed a copyright infringement lawsuit against Corellium, a mobile device virtualization company that works with iOS. In the lawsuit, Apple claimed that Corellium had illegally replicated the operating system and apps that run on the iPhone and the iPad.
"Corellium has simply copied everything: the code, the graphical user interface, the icons - all of it, in exacting detail," reads Apple's lawsuit.
Corellium initially responded by suggesting that its software helps Apple by making it easier for security researchers to track down iOS bugs, but later said that Apple was waging war on jailbreaking and that the lawsuit should concern security researchers, jailbreakers, and app developers.
Though the legal battle between Apple and Corellium is ongoing, it has successfully scared people away from Corellium's software because Apple has sought information from companies that have used Corellium's software and those companies are afraid of retribution.
"Apple has created a chilling effect," a security researcher familiar with Corellium's product, who asked to remain anonymous because he wasn't allowed to talk to the press, told Motherboard.
"I don't know if they intended it but when they name individuals at companies that have spoken in favor [of Corellium], I definitely believe retribution is possible," the researcher added, referring to Apple's subpoena to the Spanish finance giant Santander Bank, which named an employee who had Tweeted about Corellium.
Some security researchers told Motherboard that they're afraid to use Corellium because of the possibility of retribution from Apple, while others refused to comment at all. One security researcher said he'd have a legal look into it if he needed Corellium's software, while another said he'd get legal advice before using it in the future.
Not all security researchers, however, are worried. One researcher, Elias Naur, told Motherboard that he uses Corellium to test code written in the Go language for iOS devices. With Corellium, he no longer needs to test on two old and broken iPhones.
Security researchers have complained that Apple's lawsuit against Corellium is about Apple wanting control over research done on iOS and the bugs that are found.
Apple is continuing to pursue the lawsuit, and on April 20, asked Chris Wade, Corellium's founder, for all documents and communications related to him obtaining valuable dev-fused or prototype iPhones, which are designed for internal testing but sometimes escape Apple's clutches. Wade has denied using dev-fused iPhones for the development of Corellium.
It remains unclear how the lawsuit will ultimately turn out, but Apple is successfully making researchers think twice about using Corellium's tools amid the legal dispute.