Just a few hours after it became public the security researcher Charlie Miller had inserted a proof-of-concept app into the Apple App Store to demonstrate a serious vulnerability in iOS, Apple informed Miller that it was removing him from its developer program.
Miller had created the app, which is a real-time stock ticker, a couple of months ago as a way to demonstrate an exploit for an iOS vulnerability he found that enabled him to load unsigned code onto a an iOS device. He submitted the app to the Apple iTunes App Store and it eventually was approved and appeared in the store in mid-September. Miller used the app to demonstrate the exploit in a video he created, but other people had also downloaded it.
The app was designed to connect to Miller’s Web server on installation and check for new content, but he only placed the file with the exploit code in it on the server when he was performing a demo, so no users who downloaded the app would’ve been subject to the exploit. However, Apple didn’t take kindly to Miller’s research methods and sent him a letter on Monday informing him that the company was removing him from its developer program.
“Apple just kicked me out of the iOS Developer Program. That’s so rude!” Miller said in a message on Twitter Monday evening. “First they give researcher’s access to developer programs, (although I paid for mine) then they kick them out.. for doing research.”
Miller informed Apple of the iOS vulnerability on Oct. 14 and he said in an interview that he expected the company to produce a patch for it fairly quickly, given the seriousness of the flaw.
“They don’t like this stuff where they lose control of the platform. It’s serious stuff for them,”said Miller, who is a principal research consultant at Accuvant.
Miller said that the letter from Apple says that he has been removed from the developer program for a year.