After security research firm Corellium this week announced it is launching a new initiative that will “support independent public research into the security and privacy of mobile applications,” and one of the initiative’s first projects will be Apple’s recently announced CSAM detection plans, Apple on Tuesday filed to appeal a copyright case the company brought against Corellium in 2019 which was reportedly settled this week.
Corellium sells tools to allow security researchers access to a “virtual” software-based version of the iPhone. In its suit, Apple alleged Corellium violated copyrights to its iOS operating system.
In an interview with The Wall Street Journal, Apple’s senior vice president of software engineering, Craig Federighi, said that the on-device nature of Apple’s CSAM detection method, compared to others such as Google who complete the process in the cloud, allows security researchers to validate the company’s claim that the database of CSAM images is not wrongly altered.
Security researchers are constantly able to introspect what’s happening in Apple’s software, so if any changes were made that were to expand the scope of this in some way — in a way that we had committed to not doing — there’s verifiability, they can spot that that’s happening.
Corellium’s new initiative, called the “Corellium Open Security Initiative,” aims to put Federighi’s claim to the test. As part of the initiative, Corellium will award security researchers a $5,000 grant and free access to the Corellium platform for an entire year to allow for research.
MacDailyNews Take: So, in the space of a few days:
- Apple settles with Corellium.
- Apple announces backdoors are coming to the company’s formerly privacy-centric products, ostensibly to check users devices for CSAM.
- Corellium announces a way for researchers to validate Apple’s claims, the Corellium Open Security Initiative.
- Apple appeals the Corellium copyright case.
So much for the settlement, we guess?
This begs the question: What, if anything, doesn’t Apple want Corellium and Open Security Initiative security researchers to examine?
The Corellium COSI initiative is great news. A third party examining the claims Apple makes is badly needed for healthy public discourse on this topic. Also it is crucial to see what happens with the client side checking of ones own pictures gainst a database in other countries when rolled out there. We need to know how Apple will handle its software in other jurisdictions around the globe.