Last year, Apple accused a cybersecurity startup based in Florida of infringing its copyright by developing and selling software that allows customers to create virtual iPhone replicas. Critics have called the Apple’s lawsuit against the company, called Corellium, “dangerous” as it may shape how security researchers and software makers can tinker with Apple’s products and code.
The lawsuit, however, has already produced a tangible outcome: very few people, especially current and former customers and users, want to talk about Corellium, which sells the eponymous software that virtualizes iPhones and Android devices. During the lawsuit’s proceedings, Apple has sought information from companies that have used the tool, which emulates iOS on a computer, allowing researchers to probe potential iPhone vulnerabilities in a forgiving and easy-to-use environment.
“I don’t know if they intended it but when they name individuals at companies that have spoken in favor [of Corellium], I definitely believe retribution is possible,” the researcher added, referring to Apple’s subpoena to the spanish finance giant Santander Bank, which named an employee who had Tweeted about Corellium.
A security researcher, who specializes in offensive security and asked to remain anonymous, said that he would definitely “have legal look into it beforehand if I needed [Corellium’s] stuff,” arguing that he’d be wary of Apple getting involved.
Three other researchers who specialize in hacking Apple software declined to comment citing the risk of some sort of retaliation from Apple.
In January, Apple subpoenaed the defense contractor L3Harris and Santander Bank, requesting information on how they use Corellium, all communications they’ve had with the startup, internal communications about their products, and any contracts they’ve signed with the company, among other information.
Mark Dowd, the founder of Azimuth Security, a cybersecurity startup that specializes in developing hacking tools for governments that’s now part of L3Harris, said last year that he couldn’t comment about Corellium “because [Apple] mention[ed] us in the original filing.” (Dowd did not respond to a request for comment this week.)
Some researchers, however, are not afraid of Apple. Elias Naur uses Corellium to test code written in the Go language for mobile operating systems. Before Corellium, Naur said he had to test code on two busted old phones plugged in under his couch. Naur said he’s “not worried Apple will come after Corellium’s customers” and is still using the software.
In this David v. Goliath battle, as Forbes called it, many people are choosing to stay away from David even before seeing who wins.