Apple’s lawsuit against iOS virtualization company Corellium has been expanded to include a Digital Millennium Copyright Act (DMCA) filing. Corellium creates software for security researchers which includes virtualized versions of iOS, and that has not gone down well with Apple.
Apple sued Corellium in August because the company believes that perfect replicas of iOS are being sold without a license, which amounts to copyright infringement. Corellium states that the reason for doing so is to create a research tool but Apple believes that the tool is being used to discover and sell vulnerabilities in the open market.
In December, Apple amended the lawsuit to include Digital Millennium Copyright Act filings, which stats that Corellium is allowing users to jailbreak iOS with malicious intent.
Corellium's CEO, Amanda Gorton, has written a statement on the company's website to gather support from the jailbreak and app development community by accusing Apple of trying to crackdown on jailbreaking.
Apple is using this case as a trial balloon in a new angle to crack down on jailbreaking. Apple has made it clear that it does not intend to limit this attack to Corellium: it is seeking to set a precedent to eliminate public jailbreaks.
Amanda Gorton goes on to explain how jailbreaks are used to test the security of their apps and other third-party apps, which allows vulnerabilities and security issues to be discovered. Apple's platform is very restrictive and without jailbreak, such issues would stay hidden. Amanda also shared that the controversial ToTok app's analysis was not possible without a jailbreak.
For example, a recent analysis of the ToTok app revealed that an Apple-approved chat app was being used as a spying tool by the government of the United Arab Emirates, and according to the researchers behind this analysis, this work would not have been possible without a jailbreak.
The statement also includes the fact that many iOS features are copied by jailbreak apps and tweaks, which means that jailbreaking actually benefits Apple. A recent iOS kernel vulnerability that powers unc0ver jailbreak was also discovered while the developer was using Corellium.
Apple had initially allowed Corellium to participate in its bug bounty program with the intention to pay for bugs discovered by the company. Corellium claims that Apple did not pay them and launched their own competing product, just before they sued the company.
Corellium will be sharing a formal response to Apple's lawsuit in court to defend themselves. No matter which way the lawsuit ends, it will not be a good look for Apple as they are the bigger company here.
