[go: up one dir, main page]
Apple Security Research Device Program

iPhone is the world's most secure consumer mobile device, which can make it challenging for even skilled security researchers to get started. We created the Apple Security Research Device Program to help new and experienced researchers accelerate their work with iOS.

This year’s application period ended October 31, 2024.

If you submitted an application, you’ll hear from us soon.

How it works.

The Security Research Device (SRD) is a specially fused iPhone that allows you to perform iOS security research without having to bypass its security features. You also benefit from access to software previews, security beta projects, the SRD research community, and special tooling to augment research and vulnerability discovery. Shell access is available, and you can run any tools, choose your own entitlements, and even customize the kernel.

All iOS and iPhone components are eligible for SRD Program research, except Apple Pay and third-party apps. Using the SRD allows you to confidently report all your findings to Apple without the risk of losing access to the inner layers of iOS security. Plus, any vulnerabilities that you discover with the SRD are automatically considered for Apple Security Bounty — including bonus awards for preview and beta software programs.

Code terminal within an iPhone

Guidelines.

The SRD is intended for use in a controlled setting for security research only. If your application is approved, we will provide you an SRD as a 12-month renewable loan. During this time, the device remains the property of Apple.

The SRD isn't meant for personal use or daily carry, and must remain on the premises of program participants at all times. Access to and use of the SRD must be limited to people authorized by Apple.

If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to us and, if the bug is in third-party code, to the appropriate third party.

Our ultimate goal is to protect users, so if you find a vulnerability without using the SRD for any aspect of your work, we'd still like to receive your report. We review all research that's submitted to us and consider all eligible reports for rewards through Apple Security Bounty.

Eligibility.

Participation in the Security Research Device Program is subject to review of your application.

To be eligible for the Security Research Device program, you must:

  • Have a proven track record of success in finding security issues on Apple platforms, or other modern operating systems and platforms.
  • Be based in an eligible country or region.*
  • Be the legal age of majority in the jurisdiction in which you reside (18 years of age in many countries).
  • Not be employed by Apple currently or in the last 12 months.
How to apply for a Security Research Device.

A limited number of Apple Security Research Devices are available each year.

Applications are now closed.