Security researchers can boost their iPhone research, work with security teams and help protect users — all while earning bug bounties for finding credible threats — if they apply to the 2024 iPhone Security Research Device Program, Apple said Wednesday.
File an application by October 31 to get your special iPhone for security research.
Now accepting applications: 2024 Apple Security Research Device Program
“iPhone is the world’s most secure consumer mobile device, which can make it challenging for even skilled security researchers to get started,” the program’s homepage noted — which is why the company started the program in 2019. It’s not easy studying such a secure system when you can’t get into it.
Since the program’s launch, researchers have exposed 130 “security-critical vulnerabilities” and helped develop ways to mitigate them, SEAR said. And for finding threats, researchers have won more than 100 Apple Security Bounties, with a median award of almost $18.000 and $500,000 awarded overall, it added.
Here’s the security team’s description of how program participants gain access:
The Security Research Device (SRD) is a specially fused iPhone that allows you to perform iOS security research without having to bypass its security features. Shell access is available, and you can run any tools, choose your own entitlements, and even customize the kernel.
Using the SRD allows you to confidently report all your findings to Apple without the risk of losing access to the inner layers of iOS security. Plus, any vulnerabilities that you discover with the SRD are automatically considered for Apple Security Bounty.
But not just anyone can apply for the program, of course. You need a track record showing you’ve found threats on Apple platforms. You need to be in an eligible country. You need to be “of age” in your jurisdiction (often 18). And you can’t be an Apple employee now or anytime in the past year.