In a nutshell: SRD iPhones are provided on a 12-month renewable basis, we’re told, and remain the property of Apple. They aren’t meant for personal use or as your daily carry; instead, they must remain on the premises of program participants at all times. Vulnerabilities found using the SDR must be reported to Apple, and if the bug is found in third-party code, to the appropriate third party.
Apple is finally making good on its promise to seed hacker-friendly iPhones to those participating in its Security Research Device (SRD) program.
As was announced back in July, the SDR program is meant to help improve security for all iOS users by bringing more security researchers to the platform and improve efficiency for those already working on iOS security. Participants will receive a special iPhone that offers shell access, allowing users to run any tools and choose their entitlements.
“Otherwise, the SRD behaves as closely to a standard iPhone as possible in order to be a representative research target,” Apple said.
Vulnerabilities discovered with an SDR are automatically considered for a reward through the Apple Security Bounty.
Those interested in participating in the SRD program must be an account holder in the Apple Developer Program and have a proven track record of success in finding security issues on Apple platforms, or other modern OSes and platforms. You’ll also need to be at least 18 years of age and not a current Apple employee (or have worked for the company in the last 12 months).
Masthead credit: Konstantin Savusia