Last year in August Apple had filed a lawsuit against a virtualization software company Corellium. Apple argued that Corellium’s Product infringed its copyright and later even added claims that Corellium’s product violates the Digital Millennium Copyright Act (DMCA).
Even though DMCA claims will still need to be settled in court, a judge in the Florida court has thrown out Apple’s copyright claims.
Corellium allows security researchers to create a virtualized ARM device like iOS devices in a browser to discover potential security bugs.
Corellium could allow a security researcher to hunt for bugs. If a bug is discovered, they can quickly load up prior versions of iOS to see how long this bug has been around. If a bug hits the virtual iOS device and renders it unusable, it’s about booting up a new one rather than looking for a new phone. Virtualized devices can be paused, allowing researchers to get a detailed look at a precise state.
A media report said having reviewed the evidence the Court does not find a lack of good faith and fair dealing. Further, the Court found that Corellium has met its burden of establishing fair use. On this base, Corellium’s Motion is granted on Apple’s copyright claim.
Corellium’s ability to do things like see and halt running processes; modify the kernel; use CoreTrace, a tool to view system calls; use an app browser and a file browser; and take snapshots as a proof that the product is not merely a repackaged version of iOS.
Between January and mid of 2018, the parties engaged in discussions over Apple’s potential acquisition of Corellium. Corellium then explained in detail to Apple the technology behind its product and how it functions. Corellium even discussed its intention to commercialize the Corellium Product.
If Apple had acquired the Corellium Product, it would have been used internally for validation and testing.
While this decision washes away the copyright claims, there was no such judgment on DMCA claims. Apple argues that Corellium is working around built-in authentications and security checks, whereas Corellium argues that such things are implemented at a hardware level and are left unencrypted, unlocked, unprotected, and out for the public to access, copy, edit, distribute, and display.