According to the US copyright fair use concept, Corellium’s recreation of Apple’s system was legal according to the 11th US Circuit Court of Appeals, advancing scientific research by supporting critical security research.
A US appeals court rejected Apple Inc.’s attempt to persuade it that security startup Corellium Inc. violated its copyrights by emulating its iOS operating system in order to assist researchers in discovering security weaknesses in Apple devices.
Court Rules in Favour of Corellium, Boosting Security Researchers
With the help of Corellium’s software, users may run iOS on non-Apple devices and analyse and alter the operating system in ways that make it easier for security researchers to look for flaws. In 2019, Apple filed a federal lawsuit against Corellium in South Florida for copyright infringement.
Prior to initiating the complaint, Apple made an unsuccessful attempt to purchase Corellium for close to $23 million, according to the appeals court.
In 2020, the district court rejected Apple’s arguments regarding Corellium’s iOS simulator. In 2021, Apple appealed.
The 11th Circuit determined on Monday that Corellium used iOS fairly and added additional features to its software that enable security researchers to “do their work in a way that physical iPhones just can’t.”
Apple claimed that Corellium merely repackaged iOS in a different format for financial gain, damaging the market for its operating system and its security-research initiatives. This claim was dismissed by the appeals court.
What the Judge has to say
Corellium “opened the door for deeper security research into operating systems like iOS,” according to the circuit court.
The appeals court remanded the case to the district court so that it can determine whether Corellium violated the copyrights for Apple’s wallpaper and icons or whether it assisted in infringement by third parties.
Federal judge Rodney Smith dismissed the case on Tuesday, stating that Apple did not provide a legal basis to protect its entire iOS operating system from security researchers. Smith noted that Corellium’s actions were exempt from copyright law because they created a new virtual platform for iOS and added capabilities not found on Apple’s iOS devices.
Smith also pointed out that the fair use defence was not undermined by Corellium’s actions, especially considering the public benefit of the product. In his written opinion, Smith stated that courts have recognized the need for fair use of copyrighted materials to promote “the progress of science and useful arts” since the early days of copyright protection.
According to the record, there is evidence to support Corellium’s claim that its product is designed for security research, and Apple acknowledges that it can be used for such purposes. Additionally, Judge Smith stated that Apple had attempted to purchase Corellium but could not reach an agreement on the price, and subsequently filed a lawsuit a year later.
Apple has a program that rewards “white hat” hackers who uncover vulnerabilities in its system. However, the company claimed that Corellium’s product exceeded the bounds of this program, while Corellium countered by asserting that it evaluates potential customers and rejects some.
History repeats Oracle Corp. vs. Google?
Corellium has accused Apple of attempting to control security research to restrict public knowledge of vulnerabilities and claimed that its customers include government agencies, financial institutions, and security researchers.
Apple contended that the case is comparable to the Oracle Corp. vs. Google dispute, in which an appeals court rejected Google’s argument that it had the right to copy Oracle code for use in the Android operating system. The Supreme Court is currently reviewing this issue.
Judge Smith disagreed, stating that the Corellium case was different since it involves the transformation of iOS and the addition of new content, rather than direct competition. He compared it instead to a previous case in which an appeals court ruled that Google’s creation of digital book copies and snippets in search results constituted fair use of copyrighted material.
The ruling is a victory for security researchers who could face legal repercussions for reproducing copyrighted software as part of their efforts to identify vulnerabilities, assuming it is upheld.
