Apple has had very little success when it comes to attracting researchers who report iOS exploits. With companies willing to pay up to millions to researchers for identifying important security exploits on Apple’s portable OS, many chose to not approach the tech giant as the payout from third-parties was simply too appealing to put down.
Researchers have begun reporting bugs to Apple more regularly as the tech giant has started to offer bounties for identifying exploits and bugs in iOS. Apple started its bounty program back in 2016, but there were very few confirmed reports of any payouts. With many claiming that payouts have started to become more regular. The tech giant was known to be paying only researchers who were inducted into the bounty program in 2016.
But researcher Adam Donefeld from Zimperium revealed that the company is now offering bounties to independent developers who are not part of the program as well. Donefeld has submitted multiple bugs in the past and has received payments for them. He was also invited to be part of the Bounty Progam officially. However, not everyone gets paid by the tech giant. Some developers stated that despite submitting multiple bug reports to the tech giant, they have yet to receive any payments.
Hi @tim_cook, I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to @amnesty? pic.twitter.com/VUKj7BaJ4P
— Ian Beer (@i41nbeer) August 8, 2018
Security researcher Ian Beer who was working on Project Zero by Google found multiple bugs, and he publicly challenged Apple to pay $2.5 million in charity towards Amnesty International. An official response was not made. According to an Apple employee, the company is considering revamping its bounty program to include official guidelines and have a team to manage bug report submissions and payouts.
What do you think about Apple finally deciding to pay bounties to independent developers? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.