Apple has filed a second lawsuit against the virtual operating system development company Corellium. Apple has accused Corellium of copyright infringement because it publishes a product capable of emulating Android OS on iPhone. Although the software supports older versions of the iPhone, Apple still sees this as a risk to its product. This new jailbreak software known as Sandcastle uses the jailbreak function of Checkra1n to implement Apple in Android.
In August 2019, the lawsuit claimed a violation of copyright infringement and a security vulnerability on the iOS operating system. Corellium disagreed and denied these claims. The company also added that it only targets well-respected financial institutions, security researchers and government agencies.
Corellium also pointed out to Apple for encouraging the development of its software in the past and accepting it as a participant in bug reward programs. Apple even offered to pay for software bugs and used Corellium’s bug reporting submissions.
The new software has bypassed iOS 13 but is only applicable to older devices. These include the iPhone 7, iPhone 7 Plus and iPod touch. While this poses no threat to newer devices such as the iPhone 11, Apple considers it more important. Certain accusations have also indicated the risk of losing market share thanks to Corellium. This may not be the case however, as a single virtual software is not at all capable of replacing Apple devices.
Corellium virtualization software targets software engineers for testing, teaching and research. By replacing a whole rack of different Apple devices with a virtual one, it saves time and money for small groups of software engineers, giving them more room for growth.
Corellium’s statement added:
By requiring security researchers to use its physical development devices to the exclusion of other products, including its attempt to prevent Corellium from offering a more efficient alternative to its development devices, Apple is trying to exclusively control the way whose security research is performed and who is capable of carrying out this research.
With all of this dispute still going on, it should be noted that Apple has accused Corellium of violations just days after launching its iOS security research device program, where some research will have access to a slightly less limited version iOS devices to check for vulnerabilities in the operating system. With Corellium providing valid points in defense, we have not yet seen the conclusion of this claim.