Forensics
,
Legislation & Litigation
,
Next-Generation Technologies & Secure Development
Appeals Court Says Corellium Can Virtualize iOS; Remands Two Copyright Claims
A U.S. federal appeals court sided with a company that simulates iPhones for security researchers after Apple sued, claiming copyright infringement.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The case has been closely watched by security researchers and archivist communities who argued that a ruling in favor of Apple would harm independent research and the ability to preserve digital media.
A three-judge panel unanimously decided that Florida company Corellium doesn’t merely repackage the iPhone operating system but transforms it. The company sells an iOS simulator with features unavailable on smartphones, such as the ability to view system calls, perform fuzzing and see and halt processes.
“Corellium used iOS to serve as a research function, and not as a consumer electronic device,” states an unsigned opinion from the U.S. Court of Appeals for the 11th Circuit.
The court dismissed a claim brought by Apple in a lawsuit initiated in 2019 that Corellium directly infringed its copyright over iOS. It remanded back to district court two other claims, that Corellium also infringed, directly and secondarily, Apple’s copyright over icons and wallpapers. The court didn’t express an opinion on those two claims, writing instead that the district court did not sufficiently analyze Apple’s assertions.
Apple did not immediately respond to a request for comment. Among the arguments put forward by the smartphone giant was that Corellium hurt the market for iPhones. The judges disagreed, writing that the Corellium software is “a poor substitute for iOS on a real iPhone.” Users can’t make phone calls, send texts or take photos, they said. Even if they could, a virtual phone isn’t a reasonable substitute for iOS running on a real phone, they added. Apple’s assertion that researchers should instead buy racks of iPhones failed because “Apple is focusing on the wrong market,” the judges wrote. Apple’s assertion was that Corellium infringes on iOS.
“And even if the iPhone market were the relevant market … it’s entirely speculative that Corellium’s software – with no call, text, or other capabilities – would substantially harm that market.”
The judges said that Corellium unfairly competes with Apple’s own iOS security researcher products, including a forthcoming program dubbed Xcode Cloud that will enable remote access to the operating system. “A copyright holder can’t prevent others from entering transformative markets,” they wrote.
A bevy of security researchers urged judges in a “friend of the court” filing to side with Corellium, accusing Apple of a poor track record of responding to independent researchers’ findings. Apple’s own research program is highly restrictive, the researchers said in a brief signed by white hat hackers including Katie Moussouris, Chris Valasek, Charlie Miller and Peiter Zatko.
“Corellium serves a different market: independent security researchers who want to evaluate and constructively criticize iOS’s security without being subject to restrictions about when and to whom they may speak,” they said.
More than a dozen computer scientists argued in a separate brief that a ruling for Apple would harm the creation of virtualized software tools including those that run old software in modern environments.
Preservation was at the forefront of a “friend of the court” brief from organizations including the American Library Association and the Software Preservation Network. Without a fair use exception from copyright law, digital media will be lost from the archives as the underlying files become obsolete.
“‘Digital file’ is too dry a word for what’s at stake. The vast majority of 21st Century history and culture, and much of the 20th Century, too, is encoded in digital files,” they wrote.