Skip to main content
  1. Home
  2. Mobile
  3. News

Google lead says he’s ‘disappointed’ with Apple’s new iPhone security program

By

Apple’s new hacker-friendly iPhones offer security researchers unrestricted access to devices so that they can easily hunt down vulnerabilities and bugs. But Ben Hawkes, technical lead at Project Zero, a team at Google tasked with discovering security flaws, says he’s “pretty disappointed” with Apple’s latest security program.

Hawkes, in a Twitter thread, said that its team won’t be able to take advantage of Apple’s “Security Research Device” (SRD) iPhones since it appears to exclude security groups that have a policy to publish their findings in three months.

Every time a security researcher discovers a vulnerability, they offer the company a period of time to patch it before it is publicly reported. Project Zero, like many security researchers, has a 90-day policy. However, Apple has kept the control of the timeline to itself and developers who sign up for this new iPhone security program have to agree that they can’t disclose the issues they find until Apple allows them to.

Related

“If you report a vulnerability affecting Apple products, Apple will provide you with a publication date (usually the date on which Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as practical. Until the publication date, you cannot discuss the vulnerability with others,” notes the SRD program’s sign-up page.

Project Zero is one of the most widely regarded research groups, and since early 2015, it has reported over 350 security vulnerabilities to Apple.

“We’ll continue to research Apple platforms and provide Apple with all of our findings because we think that’s the right thing to do for user security. But I’ll confess, I’m pretty disappointed,” Hawkes added in a tweet.

Apple’s Security Research Device program has been long overdue and was first mentioned last year at the Black Hat security conference by the company’s head of security, Ivan Krstic. Over the past year or two, iPhone’s security has been found lax and compromised on multiple occasions. The new program ensures eligible developers don’t have to go out of their way to hack into iPhones for research purposes and allows them to access the device’s core components to unearth any potential vulnerabilities.

Security researchers can now sign up to request an SRD on a 12-month renewable basis.

Editors’ Recommendations

Topics
Shubham Agarwal
Shubham Agarwal
Journalist
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
iOS 18 is official. Here’s how it’s going to change your iPhone forever
Screenshots of new features in iOS 18.

It’s been a long time coming, but it’s finally here: iOS 18 has just been announced at Apple’s Worldwide Developers Conference (WWDC) 2024 keynote. And, like the rumors have been saying, this is a very big, juicy update for your iPhone.

There's been a lot of anticipation for iOS 18. Rumors and leaks for the new update have been particularly intense this year, more so than iOS 17 rumors last year. So, was the hype worth it? Here's what's coming to your iPhone with iOS 18.
Home screen changes

Read more
Here’s how iOS 18 is going to overhaul your iPhone’s email app
An iPhone showing the home screen in someone's hand.

We're just days away from Apple's Worldwide Developers Conference (WWDC 2024), which means we're about to get our first look at iOS 18. The new iPhone operating system is expected to get RCS texting in the iMessage app, more customization options for the home screen, and maybe a significant design change overall. Now comes word that changes will be made to the native Mail app.

According to AppleInsider, the Mail app is about to undergo a significant transformation. It's getting a powerful new search tool, Smart Replies, automatic sorting for different email types, and more. But the real excitement lies in the app's expected integration of AI functionality, a feature becoming a hallmark of iOS 18.

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more