Security researcher removed from Apple’s developer program

Charlie Miller, a security researcher that worked with Apple’s developer program, recently lost his license with working with Apple for creating an app that showed that unapproved code could run on iPads and iPhones. “Miller had, admittedly, created a proof-of-concept application to demonstrate his security exploit, and even gotten Apple to approve it for distribution in Apple’s App Store by hiding it inside a fake stock ticker program, a trick that Apple wrote violated the developer agreement that forbid him to ‘hide, misrepresent or obscure’ any part of his app.” According to this article company, Apple used Miller as an example to send a message to all malicious hackers and security researchers alike- stay away from the App Store.

Miller states- “I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.” Apple is definitely hurting their security here.They should be thanking anyone who finds a bug and reports it to them rather than actually using the exploit. Miller has found and reported dozens of bugs to Apple for years and, out of nowhere, they just revoke his license for a harmless exploitative app.

I feel like Apple went a bit overboard with the threat message to hackers. In my opinion, Apple exaggerated the severity of this harmless demo app when much worse has happened. Apparently an actual hacker had repeatedly invented new techniques of breaking the iPhone’s and iPad’s security measures and, rather than pressing charging against him, they hired him. Miller, again, states: “[Apple] went out of their way to let researchers in, and now they’re kicking me out for doing research… I didn’t have to report this bug. Some bad guy could have found it instead and developed real malware.”

http://www.forbes.com/sites/andygreenberg/2011/11/07/apple-exiles-a-security-researcher-from-its-developer-program-for-proof-of-concept-exploit-app/

Advertisements