Corellium Launching New Initiative to Hold Apple Accountable Over CSAM Detection Security and Privacy Claims

by

Security research firm Corellium this week announced it is launching a new initiative that will "support independent public research into the security and privacy of mobile applications," and one of the initiative's first projects will be Apple's recently announced CSAM detection plans.

appleprivacyad
Since its announcement earlier this month, Apple's plan to scan iPhone users' photo libraries for CSAM or child sexual abuse material has received considerable backlash and criticism. The majority of concerns revolve around how the technology used to detect CSAM could be used to scan for other types of photos in a user's library, possibly at the request of an oppressive government.

Apple will check for CSAM photos on a user's photo library by comparing the hashes of a user's pictures to a database of known CSAM images. The company has firmly pushed back against the idea that it will allow governments to add or remove images to that database, refuting the possibility that embodiments other than CSAM may get flagged if found in a user's iCloud Photo Library.

In an interview with The Wall Street Journal, Apple's senior vice president of software engineering, Craig Federighi, said that the on-device nature of Apple's CSAM detection method, compared to others such as Google who complete the process in the cloud, allows security researchers to validate the company's claim that the database of CSAM images is not wrongly altered.

Security researchers are constantly able to introspect what's happening in Apple's software, so if any changes were made that were to expand the scope of this in some way—in a way that we had committed to not doing—there's verifiability, they can spot that that's happening.

Corellium's new initiative, called the "Corellium Open Security Initiative," aims to put Federighi's claim to the test. As part of the initiative, Corellium will award security researchers a $5,000 grant and free access to the Corellium platform for an entire year to allow for research.

Corellium believes that this new initiative will allow security researchers, hobbyists, and others to validate Apple's claims over its CSAM detection method. The security research firm, which just recently settled its long-lasting dispute with Apple, says it applauds Apple's "commitment to holding itself accountable by third-party researchers."

We hope that other mobile software vendors will follow Apple's example in promoting independent verification of security and privacy claims. To encourage this important research, for this initial pilot of our Security Initiative, we will be accepting proposals for research projects designed to validate any security and privacy claims for any mobile software vendor, whether in the operating system or third-party applications.

Security researchers and others interested in being part of the initiative have until October 15, 2021, to apply. More details can be found on Corellium's website.

Tag: Apple Child Safety Features

Popular Stories

iOS 26

15 New Things Your iPhone Can Do in iOS 26.2

Friday December 5, 2025 9:40 am PST by
Apple is about to release iOS 26.2, the second major point update for iPhones since iOS 26 was rolled out in September, and there are at least 15 notable changes and improvements worth checking out. We've rounded them up below. Apple is expected to roll out iOS 26.2 to compatible devices sometime between December 8 and December 16. When the update drops, you can check Apple's servers for the ...
Read Full Article51 comments
Intel Inside iPhone Feature

Apple's Return to Intel Rumored to Extend to iPhone

Friday December 5, 2025 10:08 am PST by
Intel is expected to begin supplying some Mac and iPad chips in a few years, and the latest rumor claims the partnership might extend to the iPhone. In a research note with investment firm GF Securities this week, obtained by MacRumors, analyst Jeff Pu said he and his colleagues "now expect" Intel to reach a supply deal with Apple for at least some non-pro iPhone chips starting in 2028....
Read Full Article151 comments
iPhone 14 Pro Dynamic Island

iPhone 18 Pro Leak Adds New Evidence for Under-Display Face ID

Monday December 8, 2025 4:54 am PST by
Apple is actively testing under-screen Face ID for next year's iPhone 18 Pro models using a special "spliced micro-transparent glass" window built into the display, claims a Chinese leaker. According to "Smart Pikachu," a Weibo account that has previously shared accurate supply-chain details on Chinese Android hardware, Apple is testing the special glass as a way to let the TrueDepth...
Read Full Article71 comments
iPhone 17 Pro Cosmic Orange

10 Reasons to Wait for Next Year's iPhone 18 Pro

Monday December 1, 2025 2:40 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article107 comments
iOS 26

Apple Seeds Second iOS 26.2 Release Candidate to Developers and Public Beta Testers

Monday December 8, 2025 10:18 am PST by
Apple today seeded the second release candidate version of iOS 26.2 to developers and public beta testers, with the software coming one week after Apple seeded the first RC. The release candidate represents the final version iOS 26.2 that will be provided to the public if no further bugs are found. Registered developers and public beta testers can download the betas from the Settings app on...
Read Full Article48 comments
Johny Srouji

Apple Chip Chief Johny Srouji Could Be Next to Go as Exodus Continues

Sunday December 7, 2025 10:41 am PST by
Apple's senior vice president of hardware technologies Johny Srouji could be the next leading executive to leave the company amid an alarming exodus of leading employees, Bloomberg's Mark Gurman reports. Srouji apparently recently told CEO Tim Cook that he is "seriously considering leaving" in the near future. He intends to join another company if he departs. Srouji leads Apple's chip design ...
Read Full Article380 comments
Johny Srouji

Apple's Chipmaking Chief Johny Srouji Responds to Report About Him Potentially Leaving

Monday December 8, 2025 9:23 am PST by
Apple's chipmaking chief Johny Srouji has reportedly indicated that he plans to continue working for the company for the foreseeable future. "I love my team, and I love my job at Apple, and I don't plan on leaving anytime soon," said Srouji, in a memo obtained by Bloomberg's Mark Gurman. Here is Srouji's full memo, as shared by Bloomberg:I know you've been reading all kind of rumors and...
Read Full Article85 comments
top stories 2025 12 04a

Top Stories: iOS 26.2 Coming Soon, Apple Execs Depart, and More

Saturday December 6, 2025 6:00 am PST by
You'd expect things to be starting to wind down for the holidays by now, but that doesn't seem to be the case yet in the world of Apple news, with Apple just about ready to release iOS 26.2 and other operating system updates to the public. There was also a flurry of news this week about Apple executive departures, some expected and some not so expected, while we also learned that Apple and...
Read Full Article8 comments
maxresdefault

iPhone Fold: Launch, Pricing, and What to Expect From Apple's Foldable

Monday December 1, 2025 3:00 am PST by
Apple is expected to launch a new foldable iPhone next year, based on multiple rumors and credible sources. The long-awaited device has been rumored for years now, but signs increasingly suggest that 2026 could indeed be the year that Apple releases its first foldable device. Subscribe to the MacRumors YouTube channel for more videos. Below, we've collated an updated set of key details that ...
Read Full Article56 comments

Top Rated Comments

adib Avatar
adib
56 months ago
For the first few months of iOS 15, I'm confident that the database just contains CSAM image fingerprints. However as time passes (and as Corellium's interest wanes), other authorities will push their agenda and force Apple's compliance to include "extra hashes" that are not part of CSAM....
Score: 31 Votes (Like | Disagree)
femike Avatar
femike
56 months ago
Sadly as expected, users will just roll over and accept it no matter what Apple is found doing. The Public have short memories. This does not make it any less wrong. It is still an appalling decision which should be rescinded.
Score: 24 Votes (Like | Disagree)
brucewayne Avatar
brucewayne
56 months ago
The reason why Apple has been able to stave off warrant requests in the past is by claiming 'they don't have the key'

The current administration (as well as governments around the world) have been pushing for the ability to access your messages. CSAM gives Apple a chance to 'create' their own backdoor under noble pretenses (who is going to argue against stopping child abuse?) and creating an opening for the governments to eventually exploit. It won't matter what Corellium finds now.

And when it happens, Tim Cook will get up on stage and in his soothing southern drawl claim to be the good guy as they had the best of intentions. They won't even lose any customers over because most people are oblivious to privacy (Amazon has sold 100 million Alexa powered products), and the people that do care will have nowhere to go after the precedent is set and Google / Amazon / Microsoft have joined in.
Score: 23 Votes (Like | Disagree)
Substance90 Avatar
Substance90
56 months ago
The fact that the analysis is done on device is even worse. That means that your privacy is invaded even with all network connection turned off.

EDIT: Let me elaborate for the down voters - if the photos are scanned only if uploaded to some cloud, you don't even have to cut your network connection. You just keep your photos on your device and you're safe. If the scanning is done on device that means that your privacy is not guaranteed no matter if you keep your photos offline or if you even cut your network connection.
Score: 12 Votes (Like | Disagree)
brucewayne Avatar
brucewayne
56 months ago

So you don't think the below applies in this case?

https://yourlogicalfallacyis.com/slippery-slope

I guess we'll have to wait and see and hopefully Apple will be open with that they add to that hash list. If it can also be monitored by external initiatives such as Corellium I think that's good.
I think we have 20 years of increasing government intrusion to conclude that if A happens Z won't be far behind.

Liberty once lost is lost forever.
Score: 12 Votes (Like | Disagree)
bobcomer Avatar
bobcomer
56 months ago

Likely 18 U.S. Code § 2258 ('https://www.law.cornell.edu/uscode/text/18/2258') - Failure to report child abuse and related laws:
* 18 U.S. Code § 2258A ('https://www.law.cornell.edu/uscode/text/18/2258A') - Reporting requirements of providers
* 18 U.S. Code § 2258B ('https://www.law.cornell.edu/uscode/text/18/2258B') - Limited liability for providers or domain name registrars
* 18 U.S. Code § 2258C ('https://www.law.cornell.edu/uscode/text/18/2258C')
* 18 U.S. Code § 2258D ('https://www.law.cornell.edu/uscode/text/18/2258D') - Limited liability for NCMEC
* 18 U.S. Code § 2258E ('https://www.law.cornell.edu/uscode/text/18/2258E') - Definitions
None of those require on device scanning.
Score: 11 Votes (Like | Disagree)
Read All Comments