Skip to main content

Apple sues security vendor for DMCA violations

Apple sues security vendor for DMCA violations


New accusations in an old case

Share this story

Illustration by Alex Castro / The Verge

Apple is suing an iOS virtualization vendor called Corellium for trafficking under the Digital Millennium Copyright Act (DMCA). Apple initially sued the company for copyright infringement in August, alleging that Corellium’s virtualization of iOS was violating Apple’s ownership of the code. The more recent filing expands the case, alleging that Corellium’s sale of the virtualization software counts as trafficking in copyright-protected goods.

“Corellium’s business is based entirely on commercializing the illegal replication of the copyrighted operating system and applications that run on Apple’s iPhone, iPad, and other Apple devices,” Apple’s revised complaint alleges. “Corellium simply copies everything: the code, the graphical user interface, the icons—all of it, in exacting detail...providing its users with the tools to do the same.”

“Corellium simply copies everything.”

The software in question allows users to run a facsimile of iOS in a controlled desktop environment. With no conventional connectivity, the program cannot be used as a phone, but it allows researchers to examine how specific software performs on iOS in minute detail. It is particularly useful when researching malware, and it was most recently used to uncover surveillance-related protocols in the United Arab Emirates’ ToTok app.

In a statement after the filing, Corellium described the motion as part of a broader crackdown against jailbreaking by Apple.

“Apple is using this case as a trial balloon in a new angle to crack down on jailbreaking,” said Corellium CEO Amanda Gorton. “Across the industry, developers and researchers rely on jailbreaks to test the security of both their own apps and third-party apps – testing which cannot be done without a jailbroken device.... Not only do researchers and developers rely on jailbreaking to protect end users, but Apple itself has directly benefited from the jailbreak community in a number of ways.”

Apple declined to comment.

Consumer jailbreaking was widespread in early versions of iOS, but it has declined significantly in recent years, and some of the most prominent jailbreak-reliant app sources have closed down as a result. The most common way of installing non-authorized software is now through Apple’s enterprise certificate system, which leaves the basic architecture of iOS intact. Still, there’s significant competition for finding gaps in Apple’s software control systems, most recently with a bootrom exploit called Checkm8 that was released publicly in September.

Correction: An earlier version of this piece stated that Apple had filed charges against Corellium; in fact, Apple is suing the company in civil court. The Verge regrets the error.