iPhone is the world's most secure consumer mobile device, which can make it challenging for even skilled security researchers to get started. We created the Apple Security Research Device Program to help new and experienced researchers accelerate their work with iOS.
Now accepting applications through October 31, 2024.
Apply below.
The Security Research Device (SRD) is a specially fused iPhone that allows you to perform iOS security research without having to bypass its security features. You also benefit from access to software previews, security beta projects, the SRD research community, and special tooling to augment research and vulnerability discovery. Shell access is available, and you can run any tools, choose your own entitlements, and even customize the kernel.
All iOS and iPhone components are eligible for SRD Program research, except Apple Pay and third-party apps. Using the SRD allows you to confidently report all your findings to Apple without the risk of losing access to the inner layers of iOS security. Plus, any vulnerabilities that you discover with the SRD are automatically considered for Apple Security Bounty — including bonus awards for preview and beta software programs.
The SRD is intended for use in a controlled setting for security research only. If your application is approved, we will provide you an SRD as a 12-month renewable loan. During this time, the device remains the property of Apple.
The SRD isn't meant for personal use or daily carry, and must remain on the premises of program participants at all times. Access to and use of the SRD must be limited to people authorized by Apple.
If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to us and, if the bug is in third-party code, to the appropriate third party.
Our ultimate goal is to protect users, so if you find a vulnerability without using the SRD for any aspect of your work, we'd still like to receive your report. We review all research that's submitted to us and consider all eligible reports for rewards through Apple Security Bounty.
Participation in the Security Research Device Program is subject to review of your application.
A limited number of Apple Security Research Devices are available each year.
To apply, sign in with your Apple Account. To enroll as a company, university, or other type of organization, you must be authorized to act on your organization's behalf and provide the names of everyone who will need access to an SRD. If approved by Apple, each person will have to acknowledge their responsibilities.
This year's application period ends October 31, 2024.