In a better world not owned and locked down by a few jerks like we have now, I'd have a multiboot in my pocket phone running whatever flavor of OS I felt like on a particular Tuesday.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Files Lawsuit Against Virtualization Company Corellium for Illegally Replicating iOS and Apple Apps
- Thread starter MacRumors
- Start date
- Sort by reaction score
In order to provide a platform to hunt for security holes, they would need to run iOS itself, not some approximation that looks and feels like iOS. So my guess is that Correlium provides a software layer between the hardware and the OS that fools iOS into thinking it's being installed on an Apple device. Further, this must allow installation of not just Apple's OS, but also the firmware underlying it, since firmware bugs are an important part of security testing.
So when someone is using Correlium to test iOS, my thinking is that they're not running a reverse-engineered version of iOS created by Correlium. Rather, they are running an official Apple version of iOS (software+firmware), which Correlium allows them to install on a non-Apple device.
So when someone is using Correlium to test iOS, my thinking is that they're not running a reverse-engineered version of iOS created by Correlium. Rather, they are running an official Apple version of iOS (software+firmware), which Correlium allows them to install on a non-Apple device.
You don’t just rewrite a complete operating system. Maybe it is some sort of please hire me call from young professionals who didn’t think it through entirely.
The lawsuit is mild, and they got lucky. Had this happened under Steve Jobs, we would hear Italian violin music as every man, woman, and child of that company would receive no quarter.
But the question sorely missed:
Does Corellium make a part of the "1.9 million American jobs" that Apple said to provide?
Does Corellium make a part of the "1.9 million American jobs" that Apple said to provide?
Then you are out of luck. If you want to run iOS you have three choices:
1. Buy an iOS device.
2. Buy a Mac and use Xcode
3. Break the law and do something like this company did
Now, on the 3rd one, if you are just doing it on your own computer at home and not making a big deal about it, its highly unlikely Apple will come after you, because its a lot of effort and you are not worth that effort. There is a thriving but small Hackintosh community based on that very idea. Technically what they are doing is breaking the law (by violating the MacOS license agreement) but its not particularly worth Apples time and energy to go after individuals. But if a company starts selling Hackintosh computers? Apple would be all over that. Same here.
The problem with clean room engineering is you actually need to prove you did it - in a court of law. That's why it's something only large companies do; the benefits have to outweigh the costs, and the benefits only accrue if you're big enough.
I mean, Google didn't even bother to clean room Java. They could have, and they had a ton of money so they could have done it, but they didn't bother. It cost them, but they gained so much more that the cost doesn't matter.
Did Apple 'Steal' the code from Google or did Apple write it's own implimentation of the Google App? There is a huge difference between the two.
Oh, and unless Google patented their method of Notifications and Apple breached those patents they are home free as long as no copyrighted code that if not freely available under something like a BSD or GPL License is used.
There are many, many ways of creating code that externally functions identically as something else.
This case reminds me of Psystar, a company that Apple sued, successfully, for selling hackintoshes commercially:
https://en.wikipedia.org/wiki/Psystar_Corporation
https://en.wikipedia.org/wiki/Psystar_Corporation
So write your own OS and build your own device, no one is stopping you.
Apple has invested literally billions into making their device and the OS work well together, that is the value they provide. If you don't believe that approach is worth it for you, fine, you can buy a competitors product (like Android) or write your own. But Apple doesn't have a legal OR moral obligation to provide you with an OS for you to do whatever you want with it. A world where people aren't allowed to create what they want and must cater to people like you who want everything your way is not a better world, its a selfish one.
I feel like the article and lawsuit are very misleading. Clearly Corellium haven't copied anything from Apple, except probably the picture of the phone frame around the screen. It's an emulator. It runs the iOS software. They didn't copy it.
As someone already said, Xcode provides a simulator, which is not the same as an emulator. The simulator runs code on x86 (so, completely different instruction set), has all the Mac RAM free to use (more than an iPhone), lacks some things like Bluetooth connectivity, etc.
The allegation that Corellium didn't require purchasers to provide info to Apple is laughable. Security researchers that need this tool don't work for Apple obviously. This doesn't mean they're looking for bugs to resell on the black market. There are companies that sell services where they provide increased security to companies by discovering vulnerabilities and creating workarounds/mitigations (firewall rules, antivirus checking for potential exploits, etc).
MacRumors should get in touch with Corellium and revise the article.
As someone already said, Xcode provides a simulator, which is not the same as an emulator. The simulator runs code on x86 (so, completely different instruction set), has all the Mac RAM free to use (more than an iPhone), lacks some things like Bluetooth connectivity, etc.
The allegation that Corellium didn't require purchasers to provide info to Apple is laughable. Security researchers that need this tool don't work for Apple obviously. This doesn't mean they're looking for bugs to resell on the black market. There are companies that sell services where they provide increased security to companies by discovering vulnerabilities and creating workarounds/mitigations (firewall rules, antivirus checking for potential exploits, etc).
MacRumors should get in touch with Corellium and revise the article.
Finally a sensible comment in this thread. They've not decompiled and recompiled, or stolen source code or written iOS from scratch, they've just virtualized the environment on which the actual code, iOS, plus all the apps, run. They've emulated all the hardware the device provides so iOS and app code runs just as it normally does. No mean feat, and to accomplish it they certainly took a very deep dive into the operating system.
This is quite different from the iOS simulator on Xcode which has a complete x86 version of iOS compiled for the simulator from the actual iOS source (which of course only Apple could do) and requires apps compiled for x86 and linked against the simulator libraries.
To produce an emulator (as opposed to a simulator), they must have lifted the copyrighted ROM code from an iPhone. That's why Apple is suing them, for misappropriating their code and trying to make money off it.
Suppose for a minute that they hadn't violated Apple's IP and were instead offering this service with a license from Apple. If a product or service like this can be used for both proper and improper or illegal purposes, must the company make efforts to "confine the use" to proper purposes, and be legally liable or subject to lawsuits if they do not?
They violated. And: Your scenario is absolutely unrealistic in the legal and public domain.
Corellium... the Secret Services outsourced friends.
Last edited:
I actually like this product. There’s a lot to learn from. Shows people exactly what can be done, and that is what Apple has issues with, but from a researchers point of view, this is great. The more people that look at the code, the better.
Update: I hereby retract my comment. I looked into it and I don’t need them nor their code. Corellium sucks and Apple will win this lawsuit. However. The idea is great, but I don’t expect Apple to make something like this. And why would they?
Update: I hereby retract my comment. I looked into it and I don’t need them nor their code. Corellium sucks and Apple will win this lawsuit. However. The idea is great, but I don’t expect Apple to make something like this. And why would they?
Last edited:
To make this clear: They have not "copied" iOS, they are simply providing a virtualization environment for iOS. However, they are directly using the IPSWs provided by Apple, thus infringing on Apple's copyright.
If they were to just provide the ARM simulator and let users upload their own software (wherever the users might get IPSWs...), they would still need to upload them to their servers (afaik), so the only way they would be able to get out of this is to provide an on-prem solution or offline solution.
If they were to just provide the ARM simulator and let users upload their own software (wherever the users might get IPSWs...), they would still need to upload them to their servers (afaik), so the only way they would be able to get out of this is to provide an on-prem solution or offline solution.
Apple has its own emulator in Xcode. If I were looking for security vulnerabilities I wouldn't want to rely on an emulator though, sounds like a thin veil to me and Apple is right to go after them. Caveat: I don't have any inside knowledge, just a quick judgement from what I just read.
Obviously you are not familiar with the early days of PC development where BIOS code was developed to recreate IBMs / MicroSofts copyrighted code. The question will come down did they recreate or steal. As it si the article is so poorly written that I'm not sure what exactly they are doing here. Apple will have a hard time fighting virtualization, if all Corellium does is to load IOS into an emulated IoS devices "hardware" I really don't wee Apple having a case. If they did all sorts of companies involved in virtualization will be at risk.
The real answer here is that Corellium doesn't have the deep pockets to sustain years long legal action.
Apple has not licensed the Arm binaries for running on anything BUT Apple supplied hardware. This is AFAIK, not running on Apple supplied hardware so they are in breach of the license.
Technically absolutely right! And where does a company get its high intellectual skill and financial venture capital from when it can't commercialize anything? Somehow I'm just thinking about freedom-fighter Cellebrite, GrayKey.Grayshift et al...
https://www.cellebrite.com/en/produ...rd-with-data-from-icloud-and-samsung-backups/
https://www.forbes.com/sites/thomas...rtual-apple-iphones-for-hacking/#6ef7ff134a3b
https://4hou.win/wordpress/?cat=763
dev-fused iPhones: “Those people they don’t care about money. They don't care about the price. Whatever it is, the company buys it.”
We can be very curious whether Apple will win this war.
Last edited:
People who think Apple should just buy them are not seeing the picture clearly. There should be no reward for stealing IP. China has been doing this to Apple since the first iMac.
Apple will sue this company into ashes and will NOT buy them. Apple could build a browser-based emulator/simulator tomorrow but chooses not to do so (yet).
Apple will sue this company into ashes and will NOT buy them. Apple could build a browser-based emulator/simulator tomorrow but chooses not to do so (yet).
Last edited: