In 2019, Apple announced that it would begin sending "special" versions of iPhones to some security researchers designed to find vulnerabilities that could then be reported to Apple so the company could fix them. In 2020, the company began shipping these devices, which were designed to disable certain security features, making it easier for researchers to find vulnerabilities in iOS systems.

Before these devices emerged, there was a loose group of hackers and security researchers hell-bent on undoing Apple's restrictions on iPhones, known as "jailbreakers." The concept of "jailbreaking" comes from breaking through Apple's security restrictions on the iPhone, which is called "jail".

Jailbreakers sometimes aim simply to bypass restrictions, such as sideloading apps not included in the official AppStore, and simply changing the iPhone's wallpaper before iPhoneOS enabled the feature in the past.

While these goals may seem innocuous, Apple has been battling jailbreakers for years to prevent people from disabling iPhone security features. At least one Apple support page calls jailbreaking "unauthorized modifications" to iOS systems.

Recently, Apple appears to have embraced the term jailbreaking and used it in official descriptions of security research devices, according to an image posted on X (formerly Twitter) by security researcher Gergely Kalman.

"We've simplified the process of running existing tools on security research devices. With the cryptex subsystem, you can sideload your tool and it will run with platform permissions and any permissions you want," the description reads. "This allows the rest of the security policy to remain enabled, providing the flexibility to jailbreak the device while keeping the system you are investigating in a client-like, intact state."

iPhone safety research device with stickers and instructions. (Image: Gergely Kalman)

Kalman included a photo of the box containing his iPhone security research device, a page of instructions for researchers, and three stickers he said were inside the box. "Sorry there's no unboxing video, but this is an Apple security research device and the gifts that come with it," he wrote in a post on Tuesday.

It's unclear how many of these security research devices are out there, and few images have been widely circulated online. Apple spokesman Scott Radcliffe did not respond to a request for comment when asked how many such devices Apple has sent out and whether the program has led to an increase in the number of vulnerabilities reported to the company.

Kalman said that his security research device is "exactly the same" as the iPhone 14 Pro. The only difference is that there is the word "security research device" and an Apple phone number at the bottom of the lock screen, presumably to make it easier to hand it in if it is lost.

In addition to this, Kalman said the box also has a special label that says "Do Not Remove" and "Property of Apple," as well as a serial number, which Apple notes on its website.

Prior to Kalman's post on Tuesday, there appeared to be only one blog post showing images of security research equipment, published in 2022.

iPhone security research device. (Image: HoytLLC)

The Security Research Equipment Program was launched, at least in part, in response to the proliferation of iPhone prototypes (technically known as "fusion development" devices), which hackers and collectors buy and sell on the underground market.

These "Development Fusion" devices are essentially iPhones that have not gone through the full production process, or were previously used within Apple to test features and were never intended to end up in consumer hands. As a result, these devices lack the typical security features and limitations found on regular iPhones. That's what makes them particularly attractive to security researchers: The devices make it easier for hackers to find vulnerabilities in the iPhone's most tightly guarded code.

That's why these devices cost thousands of dollars, and why Apple has been cracking down on this gray market and offering alternative security research devices.