Apple files lawsuit against Corellium for flogging virtual iOS copies for security tests

The copies are marketed for security research. Apple disputes the validity of the business model.
Written by Charlie Osborne, Contributing Writer

Apple has filed a lawsuit against Corellium for allegedly infringing its intellectual property rights through the sale of virtual copies of the iOS operating system. 

The lawsuit, made public on Thursday and filed in Florida, alleges that Corellium is infringing "highly valuable copyrighted works" -- the iOS operating system which runs on Apple's iPhone, iPad, and other mobile products -- without permission or a license from Apple.

While there are legal protections in the US which do allow for fair use and the reproduction of copyrighted works for the purposes of education or entertainment in small percentages, Apple alleges that Corellium "has simply copied everything: the code, the graphical user interface, the icons -- all of it, in exacting detail." 

Delaware-based Corellium offers virtualized copies of iOS for research purposes, and markets itself as "the first and only platform to offer iOS, Android, and Linux virtualization on ARM."

See also: Want an Apple Card? Here's why you could be denied one, says Apple

According to the complaint (.PDF), Corellium markets the systems as "research tools" for finding security vulnerabilities, but rather than report any findings to impacted vendors, "Corellium encourages its users to sell any discovered information on the open market to the highest bidder."

The iPad and iPhone maker says that the firm "strongly supports good-faith security research," including through public credit awarded to researchers that report security flaws and financial rewards issued through bug bounty programs.

Apple also runs a developer program for those interested in testing iOS applications and legitimate researchers are provided with iPhones containing custom versions of iOS for vulnerability hunting.

"The purpose of this lawsuit is not to encumber good-faith security research, but to bring an end to Corellium's unlawful commercialization of Apple's valuable copyrighted works," the lawsuit claims. 

In addition, court documents cite a Corellium customer that is known to sell tools designed to exploit software and itself caters for clients including foreign governments and intelligence agencies. 

CNET: iPhone 11, 11 Pro, 11R and 11 Max: The specs, features and prices we expect from Apple in September

Apple is seeking an injunction against Corellium to prevent further sales of the iOS copies. 

An intellectual property statement, updated July 4 by Corellium, states that the company "respects the intellectual property rights of others and expects its users to do the same."

"It is our policy, in appropriate circumstances and at its discretion, to disable and/or terminate the account or access of users who infringe or are repeatedly charged with infringing the intellectual property rights of others, including copyrights, trademarks, trade secrets, and patents," the notice reads. 

TechRepublic: How to use your Apple Watch to get directions

In related news this week, two Apple customers filed a class-action lawsuit against the tech giant which claims that Apple fails to be transparent when it comes to iCloud storage practices. The lawsuit alleges that Apple does not make clear that iCloud data may be stored on third-party systems, and therefore, the iPad and iPhone maker may be in breach of contract and may also be guilty of false advertising. 

The suit has been filed in the US District Court for the Northern District of California.

ZDNet has reached out to Corellium and will update if we hear back. 

These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards