Corellium hits back against Apple lawsuit, claims iOS virtualization is for the common good

The company also says that Apple’s attitude to security research is “harmful.”
Written by Charlie Osborne, Contributing Writer

Corellium has countered allegations made in a lawsuit filed by Apple of IP theft by saying that its practices are focused on security research rather than unscrupulous sales. 

The vendor offers virtual copies of popular operating systems and touts its services as the "first and only platform to offer iOS, Android, and Linux virtualization on ARM."

Apple filed the lawsuit against Corellium in August. The iPad and iPhone maker alleges that by selling virtual copies of the iOS mobile operating system, Corellium is violating the firm's rights to intellectual property. 

In addition, Apple claims that fair-use policies do not apply here, as Corellium has apparently "copied everything: the code, the graphical user interface, the icons -- all of it, in exacting detail."

When the original complaint was filed, Apple alleged that Corellium is unlawfully commercializing iOS and despite the iPad and iPhone maker "strongly support[ing] good-faith security research," Corellium "encourages its users to sell any discovered information on the open market to the highest bidder."

See also: Apple files lawsuit against Corellium for flogging virtual iOS copies for security tests

Corellium has now launched its own salvo with counterclaims against Apple's allegations. 

As reported by Motherboard, Corellium's response -- with some information redacted to protect commercial interests -- is that "Apple was not only aware of Corellium's technology for several years, but actually encouraged its development."

"Rather than tell the real story, Apple paints Corellium as a bad actor, unscrupulously peddling its product to anyone for any reason," the filing reads. "But Corellium does not license its platform to anyone. Its end-users include well-known and well-respected financial institutions, government agencies, and security researchers."

"Corellium and its founders do business with those working in software security to protect end-users -- not use it for an improper purpose."

CNET: Uber sues Los Angeles to keep scooter location data private

The virtual software provider goes on to say that Apple has actually maintained a friendly relationship with Corellium and has even sought to recruit the firm's founders in the past, and also accepted the company as a participant in bug bounty programs. 

Furthermore, Corellium says that the charge of intellectual property theft is unfounded, given that the software can only be used for research and development and lacks any of the true features of an iOS mobile device -- such as the ability to make calls, send text messages, log in to iCloud, or take pictures. 

As a result, the company dismisses the idea that Apple is truly concerned about losing any market share due to Corellium's offerings. 

"By replacing racks of physical devices with a single virtual platform, Corellium empowers software engineers to test, teach, research, and develop more efficiently and more effectively," the company claims. "Apple cannot be genuinely concerned it will lose smartphone market share to Corellium, because Corellium's technology is in no way a market substitute for Apple's products."

Corellium goes on to say that Apple's approach to cybersecurity research is "widely viewed as harmful." 

TechRepublic: How to secure OneDrive files and folders with Personal Vault

The company said that as Apple filed the lawsuit only days after announcing that select cybersecurity researchers would be given "pre-hacked" and prototype devices for research purposes, this indicates that the technology vendor "exemplifies its desire to exclusively control the manner in which security researchers identify vulnerabilities."

"By requiring that security researchers use its physical development devices to the exclusion of other products, including its attempt to stop Corellium from offering a more efficient alternative to its dev devices, Apple is trying to exclusively control how security research is performed, and who is able to perform that research," Corellium added.

Apple is seeking an injunction against Corellium to stop the sale of virtualized iOS copies.

These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards