Corellium Accuses Apple of Using Lawsuit to 'Crack Down on Jailbreaking'

[Jake James]

Right, so I'm going to install Windows on any computer that walks into my shop, in violation of the EULA and see how long that lasts.

Conversely, I'm going violate the terms of the GPL and incorporate Linux code in proprietary software. That's fine since the EULA is invalid, right?

We went through this argument. Two separate laws apply. It's legal by one law, not the other. Scroll up.

- Installing Windows without purchasing it falls under piracy, not just an EULA violation.
- Violating GPL and violating an EULA are different things. GPL is not an EULA.
[automerge]1577980718[/automerge]

Fun fact, there has been serious talk in National Security circles of jail breaking being a terrorist threat. If you get control of the baseband and you plan to do something bad in a city, you can make all of the targeted phones dial 911, hang up, then dial again, all in an endless loop. You can even prevent the user from turning off the phone. You might be able to get the phone to over discharge the battery and cause it to burn.

So much misinformation. Jailbreaking doesn't give you control of the baseband (at least since 10 years or so, it doesn't). Jailbreaking cannot prevent one from turning off or restarting a device (can be done with button combinations). Jailbreaking can require access to the device. If Apple one day allows jailbreaking, they can very easily make it so only the owner and only the owner can do it.
[automerge]1577981026[/automerge]

Not because of a lack of legal standing. Only because, Apple does not care to charge individuals. If you want to make a Hackintosh in your garage, they mostly think it sounds like fun. If you sell them for money, then they care.

Corellium isn't selling the devices for money. They're only giving people remote control to them.

That's exactly what I did. Rooted all of my Android devices.

Good for you. But telling people to use an Android instead of jailbreaking is stupid. Someone here made a good analogy with cars. You don't tell someone to get an Android if they want freedom on iOS just like you don't tell someone to buy a new car of another model when they want their current one faster.

 

[bytesynthesis]

It's not an emulator and it's not duplicating iOS. They are taking the real iOS firmware from Apple's website and virtualizing it in their own hardware.

Without Apple's authorization and without licenses. You can't simply do that without Apple's approval.

Additionally, what kind of client pays up to a million dollars per year? Bug bounty programs exist for security researchers, which pay out to them. Selling private installations of the product to anyone (especially considering who can pony up that sort of cash) is arguably a huge security risk if malicious intent is involved.

Chances are if you're already paying a million bucks, you're not interested in participating in a bug bounty program.

 

[Bandaman]

Headline has a typo. It should read:

• Corellium Attempts to Rally Support from Jailbreakers for Corellium's Indefensible Business Practices

That’s a lot more accurate, lol.

 

[TiggrToo]

Corellium isn't selling the devices for money. They're only giving people remote control to them.

Section 2 of the Apple EULA for iOS makes it very clear:

(a) Subject to the terms and conditions of this License, you are granted a limited non-exclusive license to use the Apple Software on a single Apple-branded Device.


Seems clear enough to me.

Given that they're virtualizing the devices, it falls foul of the EULA.

 

[Jake James]

Section 2 of the Apple EULA for iOS makes it very clear:

(a) Subject to the terms and conditions of this License, you are granted a limited non-exclusive license to use the Apple Software on a single Apple-branded Device.


Seems clear enough to me.

Given that they're virtualizing the devices, it falls foul of the EULA.

Yes it is. But EULAs aren't legally-binding.

Without Apple's authorization and without licenses. You can't simply do that without Apple's approval!

Additionally, what kind of client pays up to a million dollars per year? Bug bounty programs exist for security researchers, which pay out to them. Selling private installations of the product to anyone (especially considering who can pony up that sort of cash) is arguably a huge security risk if malicious intent is involved.

Chances are if you're already paying a million bucks, you're not interested in participating in a bug bounty program.

As I said, it's against the EULA, but no redistribution of the software is being done (giving remote control isn't redistribution), and nothing is being copied/replicated (they're not installing a replica of iOS, they're installing the real iOS), so copyright doesn't apply, what they're doing isn't illegal. And who mentioned anything about a bug bounty program? Firstly, companies can afford that money. Secondly, Corellium exists to make finding security issues easier, and companies/individuals that have gotten private access (they're not selling it yet) have successfully done so. The issue is Corellium has helped jailbreak developers too, that's the biggest reason Apple wants to shut down Corellium.

 

[bytesynthesis]

The issue is Corellium has helped jailbreak developers too, that's the biggest reason Apple wants to shut down Corellium.

You sound like Corellium's PR. Can you let us know exactly which "jailbreak developer" (hint, their friends don't count) can both afford and have been granted to use the software? You're acting like their product exists for individual hobbyists, when the price point says otherwise.

Also, would Corellium allow others to profit off their software, against their EULA? I doubt it. Yeah, lots of work went into Corellium, but lots of work went into iOS, too. Your argument sounds hypocritical.

 

[TiggrToo]

Yes it is. But EULAs aren't legally-binding.

Actually most instances of cases dealing with EULA here in the states have actually found that they are very much legally enforceable. Where they've failed it's because they were assumed to have been accepted (e.g. inside shrink wrap software that once opened could not be returned), or where the wording inside the EULA clearly goes against other established laws.

 

[Jake James]

You sound like Corellium's PR. Can you let us know exactly which "jailbreak developer" (hint, their friends don't count) can both afford and have been granted to use the software? You're acting like their product exists for individual hobbyists, when the price point says otherwise.

Also, would Corellium allow others to profit off their software, against their EULA? I doubt it. Yeah, lots of work went into Corellium, but lots of work went into iOS, too. Your argument sounds hypocritical.

I'm not related to Corellium, but I am a jailbreak developer (made numerous contributions to the unc0ver jailbreak) and being so Corellium is of concern to me.

Many jailbreak developers have gotten access to Corellium for free (as i said, they're not selling yet afaik). The Electra jailbreak for example is the jailbreak that benefitted the most as all testing was done in Corellium. It also has helped unc0ver. The main developer, pwn20wnd, uses Corellium regularly to test things on multiple devices (he got offered Corellium after he bootlooped one of his devices iirc). But other smaller developers like Billy Ellis or GeoSn0w have also gotten Corellium and made YouTube videos on it (look them up).

And again, Corellium isn't profitting off Apple's software, Corellium profits off the extra features they added to their virtual devices, like unrestricted debugging, the ability to patch any software component how you see fit, basically full software control.
[automerge]1577998887[/automerge]

Actually most instances of cases dealing with EULA here in the states have actually found that they are very much legally enforceable. Where they've failed it's because they were assumed to have been accepted (e.g. inside shrink wrap software that once opened could not be returned), or where the wording inside the EULA clearly goes against other established laws.

I mean if the EULA says "you're not allowed to pirate this software or "you're not allowed to redistribute it" of course it can be enforced, but if the EULA says something that isn't specifically a law (like "you're not allowed to modify this software"), then it can't be enforced (jailbreaking is against the EULA, but also fully legal)

 

[bytesynthesis]

And again, Corellium isn't profitting off Apple's software, Corellium profits off the extra features they added to their virtual devices, like unrestricted debugging, the ability to patch any software component how you see fit, basically full software control.

If it wasn't for Apple's software, Corellium wouldn't exist. So how are they not profiting off it? Let's face it, you have a personal investment in the product, and by virtue of being obtuse, fail to see that it's a slam-dunk case for Apple.

Additionally, if they cared so much about security research, they'd open source their product instead of only allowing a select few to use it.

 

[TiggrToo]

And again, Corellium isn't profitting off Apple's software, Corellium profits off the extra features they added to their virtual devices, like unrestricted debugging, the ability to patch any software component how you see fit, basically full software control.

Actually, they very much are profiting from Apple's software. They may not be charging money for the service, but they are profiting in kind.

They're promoting their service as a result. Using software they have no legal right to offer.

They will lose this case.

 

[Jake James]

If it wasn't for Apple's software, Corellium wouldn't exist. So how are they not profiting off it? Let's face it, you have a personal investment in the product, and by virtue of being obtuse, fail to see that it's a slam-dunk case for Apple.

Also, if they cared so much about security research, they'd open source their product instead of only allowing a select few to use it.

Yes but what they're selling is not Apple software, rather an extension to it. Jailbreak tweaks can't exist without Apple's software, but they're fully legal and any developer can charge for them.

Actually, they very much are profiting from Apple's software. They may not be charging money for the service, but they are profiting in kind.

They're promoting their service as a result. Using software they have no legal right to offer.

They will lose this case.

And again, they're not selling iOS. iOS is available to download for free from Apple's website, they can't sell iOS even if they want to. They're selling a virtualization platform that allows you to run iOS on it.

 

[Bgosh]

EULAs have been recognized as enforceable contracts within the US court system. Blizzard v Internet Gateway Inc is one of many examples. The defendants reverse engineered WOW to run outside of of Blizzard.net and the court said that Blizzard's EULA made protections granted by the DMCA for reverse engineering the software void. By agreeing to the EULA you waive your rights (according to this court case). To note, this was a volunteer effort and the defendants never made or attempted to make profits based on their project.

From https://ecf.ca8.uscourts.gov/opndir/05/09/043654P.pdf

"The district court granted summary judgment in favor of Blizzard and Vivendi and determined that: (1) Blizzard's software end-user license and terms of usage agreements were enforceable contracts; (2) Appellants waived any "fair use" defense; (3) the agreements did not constitute misuse of copyright; and (4) Appellants violated the DMCA's anti-circumvention and anti-trafficking provisions of the DMCA."

This case isn't completely synonymous, but it is one example showing a company can limit fair use and protections under DMCA with a license agreement. The rights provided by fair use doctrine and the DMCA aren't absolute. There's far too many variables and conflicting examples to be sure on what's going to happen and what each side can prove. I think @I7guy said it best, our opinions don't matter.

 

[TiggrToo]

Yes but what they're selling is not Apple software, rather an extension to it. Jailbreak tweaks can't exist without Apple's software, but they're fully legal and any developer can charge for them.



And again, they're not selling iOS. iOS is available to download for free from Apple's website, they can't sell iOS even if they want to. They're selling a virtualization platform that allows you to run iOS on it.

This is a virtual (awful pun, I'm sorry) rerun of Apple vs Pystar. Pystar lost that as well.

https://cases.justia.com/federal/appellate-courts/ca9/10-15113/10-15113-2011-09-28.pdf?ts=1411064207

 

[bytesynthesis]

Yes but what they're selling is not Apple software, rather an extension to it. Jailbreak tweaks can't exist without Apple's software, but they're fully legal and any developer can charge for them.

An "extension"? Don't they actually modify the existing software so it doesn't phone home to Apple's servers?

 

[Jake James]

EULAs have been recognized as enforceable contracts within the US court system. Blizzard v Internet Gateway Inc is one of many examples. The defendants reverse engineered WOW to run outside of of Blizzard.net and the court said that Blizzard's EULA made protections granted by the DMCA for reverse engineering the software void. By agreeing to the EULA you waive your rights (according to this court case). To note, this was a volunteer effort and the defendants never made or attempted to make profits based on their project.

From https://ecf.ca8.uscourts.gov/opndir/05/09/043654P.pdf

"The district court granted summary judgment in favor of Blizzard and Vivendi and determined that: (1) Blizzard's software end-user license and terms of usage agreements were enforceable contracts; (2) Appellants waived any "fair use" defense; (3) the agreements did not constitute misuse of copyright; and (4) Appellants violated the DMCA's anti-circumvention and anti-trafficking provisions of the DMCA."

This case isn't completely synonymous, but it is one example showing a company can limit fair use and protections under DMCA with a license agreement. The rights provided by fair use doctrine and the DMCA aren't absolute. There's far too many variables and conflicting examples to be sure on what's going to happen and what each side can prove. I think @I7guy said it best, our opinions don't matter.

As I said, an EULA can be enforcable if they're basically restating another law, but if not, they can't. Should I say it again? Jailbreaking is against the EULA but legal. One example proving that companies cannot put whatever they want in the EULA and sue someone for breaking it.

 

[bytesynthesis]

And again, they're not selling iOS. iOS is available to download for free from Apple's website, they can't sell iOS even if they want to. They're selling a virtualization platform that allows you to run iOS on it.

Without proper licenses, which you refuse to acknowledge.

 

[Jake James]

This is a virtual (awful pun, I'm sorry) rerun of Apple vs Pystar. Pystar lost that as well.

https://cases.justia.com/federal/appellate-courts/ca9/10-15113/10-15113-2011-09-28.pdf?ts=1411064207

Way different. These guys were selling computers with macOS. Doing that is redistribution and falls under copyright. Corellium isn't redistributing iOS, they're just giving you remote control to computers with software that is capable of virtualizing iOS. It's the same thing as if I charged you money for the ability to connect to my PC via TeamViewer in order to use VirtualBox or VMWare.

 

[TiggrToo]

As I said, an EULA can be enforcable if they're basically restating another law, but if not, they can't. Should I say it again? Jailbreaking is against the EULA but legal. One example proving that companies cannot put whatever they want in the EULA and sue someone for breaking it.

Here's the appeals court judgment on the Pystar case:

The district court in a published decision held that Psystar was infringing Apple’s federally registered copyrights in its operating software, Mac OS X, because Psystar was copying Mac OS X for use in Psystar’s computers. Apple, Inc. v. Psy- star Corp. (Apple I), 673 F. Supp. 2d 931, 935-40 (N.D. Cal. 2009). This infringement finding is not challenged on appeal. The court rejected Psystar’s copyright misuse defense that asserted the unenforceability of Apple’s Software License Agreement (“SLA”), requiring Mac OS X users to run their copies on Apple computers. Id. at 939-40.

Now, you want to explain how you think Correlium is not going to be affected by this?

 

[Jake James]

Without proper licenses, which you refuse to acknowledge.

And you all don't seem to acknowledge that a license violation isn't illegal. Jailbreaking is a license violation but fully legal. Hackintoshing is a license violation but also fully legal (as long as you download macOS from Apple servers)
[automerge]1577999977[/automerge]

Here's the appeals court judgment on the Pystar case:

The district court in a published decision held that Psystar was infringing Apple’s federally registered copyrights in its operating software, Mac OS X, because Psystar was copying Mac OS X for use in Psystar’s computers. Apple, Inc. v. Psy- star Corp. (Apple I), 673 F. Supp. 2d 931, 935-40 (N.D. Cal. 2009). This infringement finding is not challenged on appeal. The court rejected Psystar’s copyright misuse defense that asserted the unenforceability of Apple’s Software License Agreement (“SLA”), requiring Mac OS X users to run their copies on Apple computers. Id. at 939-40.

Now, you want to explain how you think Correlium is not going to be affected by this?

I don't know if Corellium will be affected or not, the decision can very well be biased, like you said, the court's opinion matters. I am expressing my opinion here. Selling computers with an OS pre-installed falls under copyright, giving you remote control to my computer in order to use virtualization software is not.

 

[TiggrToo]

And you all don't seem to acknowledge that a license violation isn't illegal. Jailbreaking is a license violation but fully legal. Hackintoshing is a license violation but also fully legal (as long as you download macOS from Apple servers)

Let me make this even clearer :

The court rejected Psystar’s copyright misuse defense that asserted the unenforceability of Apple’s Software License Agreement (“SLA”), requiring Mac OS X users to run their copies on Apple computers. Id. at 939-40.
[automerge]1578000247[/automerge]

And you all don't seem to acknowledge that a license violation isn't illegal. Jailbreaking is a license violation but fully legal. Hackintoshing is a license violation but also fully legal (as long as you download macOS from Apple servers)
[automerge]1577999977[/automerge]


I don't know if Corellium will be affected or not, the decision can very well be biased, like you said, the court's opinion matters. I am expressing my opinion here. Selling computers with an OS pre-installed falls under copyright, giving you remote control to my computer in order to use virtualization software is not.

Software piracy is also illegal. You can't steal someone's code and give it away. Your argument that "well they're not making any money from it" is as valid as someone stealing your car and giving it away.

 

[Jake James]

Let me make this even clearer :

The court rejected Psystar’s copyright misuse defense that asserted the unenforceability of Apple’s Software License Agreement (“SLA”), requiring Mac OS X users to run their copies on Apple computers. Id. at 939-40.

It was enforcable in this specific case due to what they did. Hackintoshes do exactly that, install macOS on non-Apple hardware, but they are fully legal as long as you do them properly.
[automerge]1578000436[/automerge]

Software piracy is also illegal. You can't steal someone's code and give it away. Your argument that "well they're not making any money from it" is as valid as someone stealing your car and giving it away.

First, I never said "they're not making any money from it". Second, Corellium isn't stealing anything. It's not redistributing Apple code. It's selling remote access to a virtual machine they created.

 

[bytesynthesis]

It was enforcable in this specific case due to what they did. Hackintoshes do exactly that, install macOS on non-Apple hardware, but they are fully legal as long as you do them properly.

How are Hackintoshes similar to this at all? People keep bringing up Hackintosh as if it has any relevance to the case. Apple's not going after individuals.

 

[Jake James]

How are Hackintoshes similar to this at all? People keep bringing up Hackintosh as if it has any relevance to the case. Apple's not going after individuals.

Hackintoshes break the EULA the same way Corellium does, by installing Apple software in non-Apple hardware. And I never said "Apple doesn't go after individuals", I said "hackintoshes are fully legal".

 

[TiggrToo]

Hackintoshes break the EULA the same way Corellium does, by installing Apple software in non-Apple hardware. And I never said "Apple doesn't go after individuals", I said "hackintoshes are fully legal".

No, they're not. Period. Never have been.

Are Hackintosh Computers Legal? – The LockerGnome Daily Report

lockergnome.com

 

[bytesynthesis]

Second, Corellium isn't stealing anything. It's not redistributing Apple code. It's selling remote access to a virtual machine they created.

You really need to read the court documents to understand the nuance of this case, instead of jumping on board with whatever appeal-to-emotion debate tactic Corellium keeps feeding to the community. Please read the following paragraphs and I'd urge you to read the whole document in its entirety at some point.

"Contrary to its lofty rhetoric, Corellium in fact sells Apple’s technology and the ability to circumvent the security measures embedded in that technology for its own profit, and makes no effort to ensure its customers are engaged solely in good-faith security research. Instead, Corellium is selling a product for profit, using unauthorized copies of Apple’s proprietary software, that it avowedly intends to be used for any purpose, without limitation, including for the sale of software exploits on the open market."

"Corellium has created and is creating and distributing reproductions of, and is creating derivative works based upon, Apple’s iOS, iTunes, and GUI Elements, each of which are separate, independent protected works under the Copyright Act. In fact, Corellium has admitted the Corellium Apple Product makes modifications to iOS that allows it to be installed on, and run from, Corellium-developed or Corellium-operated hardware."
(Case 9:19-cv-81160-RS Document 56)