The device will not be sold in stores and will allow users to find security flaws that Apple has overlooked.
Apple has released a new iPhone model , but it’s one that won’t be found in stores. This is a version of its popular device that will only offer to some hackers and security companies and that is less secure – yes, less – than the ones that ordinary mortals can buy.
Why? The explanation is simple. The iOS operating system – the one used by iPhones – has several security measures designed to protect user data. This, in principle, is good. With encryption and memory systems only accessible for certain processes, for example, Apple makes sure that finding a vulnerability on the phone is much more difficult. Not impossible – nothing is 100% safe – but it is more difficult.
But the cross of that coin is that when something goes wrong, it’s not easy to find out where the problem is.
Open source projects, like the Linux kernel or the Android operating system itself, have thousands of eyes that inspect the code every day, and those multitude of eyes multiply the chances of discovering what can go wrong or what has gone wrong in the past.
At Apple, by contrast, only a small group of engineers have full access to the code that governs iPhones, making the task much more difficult.
Last year, the company announced the Devices for iOS Security Investigator program , a strategy to give unprecedented access to iOS to security experts vetted by the company. The program starts this week in several countries, including Spain, and includes access to devices with certain security features disabled.
Security experts can, for example, access the device remotely using a command line or run certain applications with the highest privileges that can be had within the system. They also have access to extensive documentation that until now was only available to Apple employees.
These types of devices have always existed, but were jealously guarded within the company campus. Still, occasionally some have ended up in the hands of the community of ‘jailbreakers’, the programmers who manage to circumvent the security measures of the iPhone and create new avenues to install unauthorized software.
Technically these devices, which are known in the computer security slang as ‘dev-fused’, are iPhones with a permanent ‘jailbreak’, which does not disappear when receiving the different updates of the operating system.
Apple’s hope is that with these devices in the community of hackers and computer security experts, it will be easier to discover possible iOS vulnerabilities, and fix them before third parties can exploit them for harmful purposes.
These new devices are part of a broader strategy that the company announced last year. Within the new security program, Apple has started offering rewards to anyone who detects security flaws on the platform (previously only selected security firms had access to this program) and to allowing detected security flaws to be published if they have been previously communicated.
The company can pay up to a million dollars for particularly significant security breaches, although one of the problems it frequently faces is that an iOS vulnerability can be bought for much more money on the black market, especially if you are interested in national spy agencies.