Apple has opened applications for its 2026 Security Research Device (SRD) program, inviting experienced security researchers to access specially modified iPhones designed for investigating iOS vulnerabilities. The program, which has been running for several years, aims to facilitate ethical hacking without compromising the device’s core security features. Applications for the upcoming cycle are now live, with the deadline set for October 31, 2025.
The SRD is essentially a fused iPhone that provides researchers with direct shell access, customizable kernel options, and the ability to run specialized tools and entitlements. Participants gain entry to software previews, beta projects, and a dedicated research community, along with augmented tooling to aid in vulnerability discovery. According to Apple’s description, “The Security Research Device (SRD) is a specially fused iPhone that allows you to perform iOS security research without having to bypass its security features. You also benefit from access to software previews, security beta projects, the SRD research community, and special tooling to augment research and vulnerability discovery. Shell access is available, and you can run any tools, choose your own entitlements, and even customize the kernel.”
Research under the program covers all iOS and iPhone components, excluding Apple Pay and third-party apps. Discoveries made using the SRD are automatically eligible for Apple’s Security Bounty program, which includes bonus rewards for findings in preview and beta software. This setup enables researchers to report vulnerabilities confidently, without risking access to iOS’s inner security layers.
Upon approval, participants receive a modified iPhone on loan for 12 months. Apple emphasizes that the device is strictly for research purposes and “must remain on the premises of program participants at all times,” prohibiting everyday use. The specific iPhone model provided is not revealed in advance, adding an element of surprise to the allocation process.
To qualify, applicants must demonstrate a proven track record in identifying security issues on Apple platforms or other modern operating systems. They must reside in one of the eligible countries or regions, including Argentina, Armenia, Australia, Austria, Azerbaijan, Belgium, Bosnia and Herzegovina, Brazil, Bulgaria, Canada, Croatia, Czechia, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Moldova, Montenegro, Morocco, Netherlands, New Zealand, North Macedonia, Norway, Poland, Portugal, Romania, Senegal, Serbia, Singapore, Slovakia, Slovenia, South Africa, South Korea, Spain, Sweden, Switzerland, the United Kingdom, and the United States. Candidates must also be of legal age of majority in their jurisdiction—typically 18 years old—and not currently employed by Apple or have been within the past 12 months.
Apple’s initiative underscores its commitment to bolstering iOS security through collaborative efforts with the global research community. For more details and to submit an application, visit Apple’s Security Research website.
