Apple loses court case against security vendor Corellium

Apple has failed to convince a US court that security vendor Corellium infringed copyrights in the iOS mobile operating system and violated the United States Digital Millennium Copyright Act (DMCA) by circumventing security measures.

A judge in the US Southern Florida District Court sided in part with Corellium that its use of iOS in its security product constitutes fair use, and threw out Apple's copyright and DMCA claims.

Corellium offers commercial cloud and standalone products that virtualise both Apple iPhones and Google Android devices for developers and security reseachers to use.

The Corellium virtual devices use iOS images made publicly available by Apple, but do not provide features like the App Store, phone calling functionality or camera use, the District Court noted.

Apple had sought to acquire Corellium in 2018, a year after the security company was founded, but the talks fell apart after the parties failed to agree on a price.

Roughly a year after, Apple took Corellium to court, alleging copyright infringement and DMCA violations, which the security vendor denied it was guilty of.

Apple losing the Corellium case just highlights how tough it’s going to be to argue their case vs antitrust action, Epic Games, Cydia and whatever else pops up next year. There are many things Apple (and its pundits) assume to be true that just won’t survive scrutiny

— Steve Troughton-Smith (@stroughtonsmith) December 29, 2020

Citing prior art and the court case involving Google's Library project for which books were digitised and a search function that displayed snippets was built, the court found that Corellium's use of iOS was transformative and therefore fair use.

"A user can see running processes, halt execution of the virtual device, amend the kernel, look at lists of files, clone snapshots, among other things - giving great introspection into aspects of iOS and its operation on iOS devices," the district court said in a partially redacted judgment.

"These tools are useful to security research and testing."

The court was unpersuaded that Corellium's product wasn't transformative due to it being available for anyone to buy as claimed by Apple, which also said it could be used for other purposes than security research.

Apple did not present any evidence of its claims, and the judge noted that Corellium does not sell its product indiscriminately, having a vetting process in place for customers, and exercising discretion to withhold the product if it suspects use for nefarious purposes.

However, on the DMCA claims, the court rejected Corellium's fair use defence as it was not absolved of potential liability for allegedly employing circumvention tools to unlawfully access iOS as a whole or in parts.