Apple has announced the commencement of the application process for the 2024 iPhone Security Research Device Program (SRDP), inviting security researchers to join and contribute to enhancing iPhone security. The SRDP initiative, launched in 2019, aims to uncover critical vulnerabilities within the iOS ecosystem.
Apple’s SRDP participants are given specialized iPhone 14 Pro research devices to help improve iPhone security
Since its inception, the SRDP has proven successful, with researchers identifying and reporting 130 high-impact security vulnerabilities. These findings have enabled Apple to implement innovative mitigations, reinforcing its commitment to safeguarding user data and device integrity.
Over the last six months alone, participants in the program have been credited with 37 CVE acknowledgments, showcasing their contributions to crucial security improvements in areas such as the XNU kernel, kernel extensions, and XPC services.
Apple’s recognition of researchers’ efforts goes beyond mere acknowledgment. The company extends its appreciation by offering rewards through the Apple Security Bounty program. To date, the SRDP researchers have been granted more than 100 awards, with substantial payouts, including some reaching $500,000, and a median award close to $18,000.
The heart of the SRDP lies in the specialized iPhone 14 Pro research devices provided to participants. These devices are specifically crafted for security research, allowing researchers to configure and disable iOS security measures that are typically inaccessible on standard iPhones. This level of manipulation empowers researchers to delve deep into the system, identifying vulnerabilities that might otherwise remain concealed.
Eligibility for the SRDP is determined by a track record of security research, not only within the iOS ecosystem but also on other platforms. This inclusive approach ensures that a diverse pool of talented researchers can contribute to the program’s success. Here are the guidelines:
- Have a proven track record of success in finding security issues on Apple platforms, or other modern operating systems and platforms.
- Be based in an eligible country or region.
- Be the legal age of majority in the jurisdiction in which you reside (18 years of age in many countries).
- Not be employed by Apple currently or in the last 12 months.
Apple is also extending the program’s benefits to educators at the university level, providing them with the opportunity to utilize specialized devices as teaching tools for computer science students. This initiative aims to foster an understanding of security research and create a new generation of security-conscious professionals.
Applications for the 2024 iPhone Security Research Device Program are open until October 31, 2023. Successful applicants will be notified in early 2024. To learn more about the program and apply for a coveted iPhone Security Research Device, visit Apple’s official page here.