Apple to provide special iPhones to security researchers to find bugs

Finally Apple realised there are security experts are also available outside of Apple. To enhance its security features, Apple announced a new program, where Apple will give special research iPhones to security researchers, to find bugs to help the company improve its security. These research iPhones will come with specific, custom-built iOS software with features that ordinary iPhones don't have. Researchers will have shell access and will be able to run any tools and choose their entitlements.

The SRD phones to be used in a controlled setting only, and will feature unprecedented access that normal iPhones don’t typically have, such as root shell access and the ability to run custom commands. Apple said that they’re not designed for personal use and must stay put at the premises of the researchers at all times. In other words, these are not meant for carrying outside in the world.

Apple sources said that, if researchers found a vulnerability through using the SRD, it must report it to Apple or an appropriate third party if it’s in a third-party code. Apple will then attempt to resolve the issue, and provide a “publication date” when it will take place. Until then, the researchers can’t share their findings with others. The program participants will have access to extensive documentation and a dedicated forum with Apple engineers.

Device availability is limited, and researchers need to apply to be in the program. They must be an Account Holder in the Apple Developer Program, a proven track record of finding security issues, and be based in an eligible country or region.

The SRD program will run concurrently with its bug bounty program, which was opened up to all researchers last year. Participants can file security bug reports and potentially get paid up to $1 million in rewards.