Skip to main content

Google lead says he’s ‘disappointed’ with Apple’s new iPhone security program

Apple’s new hacker-friendly iPhones offer security researchers unrestricted access to devices so that they can easily hunt down vulnerabilities and bugs. But Ben Hawkes, technical lead at Project Zero, a team at Google tasked with discovering security flaws, says he’s “pretty disappointed” with Apple’s latest security program.

Hawkes, in a Twitter thread, said that its team won’t be able to take advantage of Apple’s “Security Research Device” (SRD) iPhones since it appears to exclude security groups that have a policy to publish their findings in three months.

Every time a security researcher discovers a vulnerability, they offer the company a period of time to patch it before it is publicly reported. Project Zero, like many security researchers, has a 90-day policy. However, Apple has kept the control of the timeline to itself and developers who sign up for this new iPhone security program have to agree that they can’t disclose the issues they find until Apple allows them to.

“If you report a vulnerability affecting Apple products, Apple will provide you with a publication date (usually the date on which Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as practical. Until the publication date, you cannot discuss the vulnerability with others,” notes the SRD program’s sign-up page.

Project Zero is one of the most widely regarded research groups, and since early 2015, it has reported over 350 security vulnerabilities to Apple.

“We’ll continue to research Apple platforms and provide Apple with all of our findings because we think that’s the right thing to do for user security. But I’ll confess, I’m pretty disappointed,” Hawkes added in a tweet.

Apple’s Security Research Device program has been long overdue and was first mentioned last year at the Black Hat security conference by the company’s head of security, Ivan Krstic. Over the past year or two, iPhone’s security has been found lax and compromised on multiple occasions. The new program ensures eligible developers don’t have to go out of their way to hack into iPhones for research purposes and allows them to access the device’s core components to unearth any potential vulnerabilities.

Security researchers can now sign up to request an SRD on a 12-month renewable basis.

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
This iPhone 15 and iPhone 14 camera test is closer than I expected
Purple iPhone 14 (left) and a green iPhone 15 in hand.

Every year, we get a new iPhone; that’s just the way it goes. And one of the biggest upgrades each year is with the camera system.

Though the spotlight is typically on the Pro models of the iPhone, Apple gave us a pretty significant upgrade this year with the standard iPhone 15. Of course, it’s not as feature-packed as the iPhone 15 Pro, but Apple brought the Dynamic Island and USB-C to the regular iPhone 15, and even bumped up the camera to a whopping 48MP.

Read more
I love Apple, but it’s totally wrong about iMessage and RCS
why apple is wrong about imessage rcs iphone main

I’ve been using an iPhone ever since 2008, starting with the original and then every generation since. For several years, the iPhone was only capable of SMS texting, with MMS support arriving with iOS 3 in 2009.

But in 2011, Apple created something new: iMessage. It first arrived on iOS and then went to the Mac in 2012 to replace iChat. iMessage is basically an instant messaging service that is exclusive to all Apple products: iPhone, iPad, Apple Watch, and Mac. You can send text, images and video, documents, rich preview links, stickers, and more between one another. You can also see if a message is delivered, send read receipts (if you want), and everything is encrypted. With iOS 16, you can even edit and unsend messages within a certain time frame.

Read more
4 AI features I want in my next iPhone
Blue Titanium (left) and Natural Titanium iPhone 15 Pros on a concrete bench.

Believe it or not, Apple didn’t always have Siri. Siri originally belonged to SRI International, which created Siri, Inc. in 2007. Then in April 2010, Apple acquired Siri, which became a key component of the iPhone 4S that launched in 2011.

Ever since then, Siri has continued to evolve at Apple, for better or for worse. While the point of Siri is to make your life easier with hands-free use of your iPhone or Apple Watch, it’s far from perfect. Siri often misunderstands you and results in hilarious requests, or is just incapable of doing what you need it to do, sometimes because of a poor connection.

Read more