Corellium, a company Apple is suing for alleged intellectual-property infringements, has released a tool that helps people install Android on their Apple mobile devices.
The young US cybersecurity company has pointedly named the tool ‘Project Sandcastle’ as a riff on Apple’s use of sandboxing technologies to control what users can do on their iPhones.
While sandboxing does serve a legitimate security function, the technology doesn’t appeal to modders who believe that if you buy a piece of hardware, you should control how it is used. And that includes the possibility of installing Google’s Android on Apple’s iPhone – much like dual-booting a Linux distribution on a Windows 10 laptop.
“The iPhone restricts users to operate inside a sandbox. But when you buy an iPhone, you own the iPhone hardware. Android for the iPhone gives you the freedom to run a different operating system on that hardware,” Corellium says on its Project Sandcastle website.
Delaware-based Corellium argues that Android for iPhone can be useful for forensics research and to help reduce e-waste, but the release is likely to be a cheeky barb directed at Apple, which is suing it over intellectual property violations for its iOS virtualization technology.
The company’s technology struck a raw nerve with Apple execs and lawyers who sued the company last August.
Corellium boasted its service was the “first and only platform to offer iOS, Android, and Linux virtualization on Arm”. Apple argues that selling a virtualized version of iOS violates its intellectual-property rights.
Corellium in October argued that it only licensed its virtualized iOS tech to “well-known and well-respected financial institutions, government agencies, and security researchers”. The virtualized version of iOS can only be used for research and development and lacks features like calling, texting, accessing iCloud, and taking pictures.
According to Corellium, Apple had invited Corellium researchers to its security bug bounty program and even attempted to acquire the company. The security startup alleges that the Cupertino company decided to sue it after failing to agree on a price.
Project Sandcastle was first reported by Forbes, which also reported that Apple had subpoenaed Spain’s Santander Bank and the intelligence contractor L3Harris Technologies – which owns Azimuth Security – for information about how they use Corellium’s iOS virtualization tech.
Azimuth Security, which was founded by Australian security expert Mark Dowd, is considered one of the best companies at finding iOS security bugs. Instead of reporting iOS bugs to Apple’s bug bounty program, the company sells them to law enforcement and intelligence agencies.
Dowd in October told Motherboard he had never reported an iOS bug he found using Corellium to Apple. The iPhone maker in December raised its top payout for security flaws to $1.5m, which is $500,000 less than one exploit broker currently offers for iOS flaws.
Apple in January expanded its lawsuit against Corellium on the basis that its tech enables jailbreaking and violates the Digital Millennium Copyright Act (DMCA) ban on bypassing copyright-protection systems.
Corellium’s project is currently in beta and only supports Android for the iPhone 7 and 7+.