Apple has claimed for years that its devices are more secure than the competition, but it was often through restricting access to its software. Now, however, the company is ready to take a different tack. It will begin loaning out special “Security Research Device” (SRD) iPhones to security researchers so that they can truly suss out the device’s security vulnerabilities.
The SRD phones are meant to be used in a controlled setting only, and will feature unprecedented access that normal iPhones don’t typically have, such as root shell access and the ability to run custom commands. Apple said that they’re not designed for personal use and must stay put at the premises of the researchers at all times. In other words, these are not meant for carrying outside in the world.
The company said that if researchers found a vulnerability through using the SRD, it must report it to Apple or an appropriate third party if it’s in a third-party code. Apple will then attempt to resolve the issue, and provide a “publication date” when it will take place. Until then, the researchers can’t share their findings with others. Techcrunch also reported that program participants will have access to extensive documentation and a dedicated forum with Apple engineers.
Device availability is limited, and researchers need to apply to be in the program. They must be an Account Holder in the Apple Developer Program, a proven track record of finding security issues, and be based in an eligible country or region.
The SRD program will run concurrently with its bug bounty program, which was opened up to all researchers last year. Participants can file security bug reports and potentially get paid up to $1 million in rewards.