Apple recently announced its new security feature, which scans user phones to detect CSAM (child sexual abuse material) content. However, they faced heavy criticism over the privacy concerns regarding this technology. Apple VP Craig Federighi commented that third-party security researchers are constantly verifying Apple’s security. But now, Apple is filing a lawsuit against a startup for doing just that.
Previously, Apple lost a copyright lawsuit against security research company Corellium. Despite losing the lawsuit, they have once again filed an appeal in that case. Corellium is a software that replicates iOS exactly to allow security researchers to find bugs and vulnerabilities. However, Apple claims that it illegally copied the iOS operating system and violated the DMCA.
Apple still lost the case as the judge determined that Corellium was operating under fair use terms. Both companies had already come to a settlement last week, but now Apple has filed an appeal in that case. This comes immediately after Corellium announced its Open Security Initiative. This initiative seeks to validate vendor security claims, starting with Apple CSAM image scanning.
Apple’s Security Ecosystem
“Security researchers are constantly able to introspect what’s happening in Apple’s [phone] software,” Apple vice president Craig Federighi said in an interview with the Wall Street Journal. “So if any changes were made that were to expand the scope of this in some way—in a way that we had committed to not doing—there’s verifiability, they can spot that that’s happening.”
Despite such comments from Apple, the company’s actions seem more in line with keeping what’s under their hood as secret as possible. ”Enough is enough,” said Corellium Chief Executive Amanda Gorton. ”Apple can’t pretend to hold itself accountable to the security research community while simultaneously trying to make that research illegal.”
Apple’s recent actions have been quite different from how they market themselves as devoted to user privacy. They themselves have said multiple times that their security is the best of all platforms. But after the recent turn of events, experts are worried that the feature might introduce a backdoor to its system.