Apple Security Research Device Program
By Apple Team
July 27, 2020
As part of Apple’s
commitment to security, this program is designed to help improve
security for all iOS users, bring more researchers to iPhone, and
improve efficiency for those who already work on iOS security. It
features an iPhone dedicated exclusively to security research, with
unique code execution and containment policies.
Security Research Device (SRD) is intended for use in a
controlled setting for security research only. Shell
access is available, and you’ll be able to run any tools
and choose your entitlements. Otherwise, the SRD behaves
as closely to a standard iPhone as possible in order to
be a representative research target.
provided on a 12-month renewable basis and remain the
property of Apple. They are not meant for personal use
or daily carry, and must remain on the premises of
program participants at all times. Access to and use of
SRDs must be limited to people authorized by Apple.
you use the SRD to find, test, validate, verify, or
confirm a vulnerability, you must promptly report it
to Apple and, if the bug is in third-party code, to
the appropriate third party. If you didn’t use the
SRD for any aspect of your work with a
vulnerability, Apple strongly encourages (and
rewards, through the
Apple Security Bounty)
that you report the vulnerability, but you are not
required to do so.
you report a vulnerability affecting Apple products,
Apple will provide you with a publication date
(usually the date on which Apple releases the update
to resolve the issue). Apple will work in good faith
to resolve each vulnerability as soon as practical.
Until the publication date, you cannot discuss the
vulnerability with others.
Vulnerabilities found with an SRD are automatically
considered for reward through the
Apple Security Bounty.
Eligibility and Requirements
in the Security Research Device Program is subject to
review of your application. Device availability is
limited. Devices will not be available for all qualified
applicants in the initial application period. Qualified
applicants who do not receive a device during this
period will automatically be considered during the next
application period in 2021. To be eligible for the
Security Research Device Program, you must:
- Be a
membership Account Holder in the Apple Developer
a proven track record of success in finding security
issues on Apple platforms, or other modern operating
systems and platforms.
based in an eligible country or region.*
Participation is not available if you are:
any U.S. embargoed countries, on the U.S. Treasury
Department’s list of Specially Designated Nationals,
on the U.S. Department of Commerce Denied Persons
List or Entity List, or on any other restricted
Under the legal age of majority in the jurisdiction
in which you reside (18 years of age in many
Employed by Apple
currently or in the last 12 months.
Applying for the Program
start your application, sign in with the Apple ID
associated with your Apple Developer Program
membership. If you’re enrolling as an organization,
you’ll need to have the authority to accept legal
agreements on behalf or your organization and will
need to list the names of everyone who will have
access to a Security Research Device. Once approved
by Apple, each individual will have to acknowledge